[Bro-Dev] #469: Core IRC analyzer needs to provide is_orig field.
Bro Tracker
bro at tracker.bro-ids.org
Thu Jun 9 10:54:24 PDT 2011
#469: Core IRC analyzer needs to provide is_orig field.
---------------------+------------------------
Reporter: seth | Owner:
Type: Problem | Status: new
Priority: Normal | Milestone: Bro1.6
Component: Bro | Version: git/master
Keywords: |
---------------------+------------------------
None of the IRC related events indicate which side of the connection sent
a message which causes problems for writing analysis scripts.
Here's what I think we should do:
- The irc_client and irc_server events should be removed.
- The irc_message event should have an is_orig:bool field added as the
last argument.
- All other irc_* events should either be removed and implemented in a Bro
script or have an is_orig argument added. Maybe add the is_orig argument
for now with the thought of removing those events in the future once we
implement everything in script-land with the irc_message event?
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/469>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
More information about the bro-dev
mailing list