[Bro-Dev] #610: topic/seth/syslog-analyzer-updates - Updates for syslog analyzer
Bro Tracker
bro at tracker.bro-ids.org
Thu Sep 15 17:10:00 PDT 2011
#610: topic/seth/syslog-analyzer-updates - Updates for syslog analyzer
----------------------------+--------------------
Reporter: seth | Owner:
Type: Merge Request | Status: new
Priority: Normal | Milestone: Bro1.6
Component: Bro | Version:
Resolution: | Keywords: beta
----------------------------+--------------------
Comment (by robin):
I'm not really happy with this code:
- in `syslog-analyzer.pac`, the loop cutting of characters at the end
looks overly complex and potentially dangerous (if length is zero). I'd
fix it but without a trace, that's hard.
- `syslog-tcp.pac` much of the code either isn't used or commented out
(because "we are punting" I think). Can we get this in shape and implement
both cases? I think you said there's a binpac problem, is that still the
problem? Any workaround?
- let's rename `AnalyzerTag::SYSLOG` to `AnalyzerTag::SYSLOG_UDP` (easy
to do; mentioning here for reference)
- I think we really need a trace for the test-suite here before we merge
it in.
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/610#comment:3>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
More information about the bro-dev
mailing list