[Bro-Dev] #610: topic/seth/syslog-analyzer-updates - Updates for syslog analyzer

Bro Tracker bro at tracker.bro-ids.org
Thu Sep 15 17:10:00 PDT 2011


#610: topic/seth/syslog-analyzer-updates - Updates for syslog analyzer
----------------------------+--------------------
  Reporter:  seth           |      Owner:
      Type:  Merge Request  |     Status:  new
  Priority:  Normal         |  Milestone:  Bro1.6
 Component:  Bro            |    Version:
Resolution:                 |   Keywords:  beta
----------------------------+--------------------

Comment (by robin):

 I'm not really happy with this code:

  - in `syslog-analyzer.pac`, the loop cutting of  characters at the end
 looks overly complex and potentially dangerous (if length is zero). I'd
 fix it but without a trace, that's hard.

 - `syslog-tcp.pac` much of the code either isn't used or commented out
 (because "we are punting" I think). Can we get this in shape and implement
 both cases? I think you said there's a binpac problem,  is that still the
 problem? Any workaround?

 - let's rename `AnalyzerTag::SYSLOG`  to `AnalyzerTag::SYSLOG_UDP` (easy
 to do; mentioning here for reference)

 - I think we really need a trace for the test-suite here before we merge
 it in.

-- 
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/610#comment:3>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker



More information about the bro-dev mailing list