[Bro-Dev] BiF parsing index types

Seth Hall seth at icir.org
Tue May 24 12:43:57 PDT 2011


On May 24, 2011, at 3:11 PM, Jim Mellander wrote:

> How about triggering an event on such failure conditions (perhaps
> sending the hostname)? - each site could then determine globally or by
> hostname how to deal with this situation


I think you may lose too much context about the initial lookup by that point.  If it was a statically defined hostname in a script (that was really important) and it failed, what would you decide to do?  You'd have to know the variable that it was supposed to be assigned to after being looked up if you wanted to try the lookup again.  I don't think you'd ever want to kill Bro, but you'd probably want it logged which would already be taken care of by the runtime error.

Perhaps you're right though in that if there is some *really* important domain name, you would have some recourse to make sure that name is looked up.

  .Seth

--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/




More information about the bro-dev mailing list