[Bro-Dev] notice tags?
vern at icir.org
Fri Jun 3 10:49:50 PDT 2011
> > Do we still need the tags once we have unique connids for grepping?
> It might be worthwhile still. It was interesting to me to see all of the notices attached to a connection.
Seems you get that already if the notice just includes the connid. Where
it would come up short is if you *don't* want all the notices (since there
are a zillion boring ones), or if a given notice might have a tag associated
with multiple connections (I don't think we do this presently, but in
principle it would make sense).
More information about the bro-dev