#610: topic/seth/syslog-analyzer-updates - Updates for syslog analyzer

Bro Tracker bro at tracker.bro-ids.org
Thu Sep 15 17:10:00 PDT 2011

#610: topic/seth/syslog-analyzer-updates - Updates for syslog analyzer
Comment (by robin):

 I'm not really happy with this code:

  - in `syslog-analyzer.pac`, the loop cutting of  characters at the end
 looks overly complex and potentially dangerous (if length is zero). I'd
 fix it but without a trace, that's hard.

 - `syslog-tcp.pac` much of the code either isn't used or commented out
 (because "we are punting" I think). Can we get this in shape and implement
 both cases? I think you said there's a binpac problem,  is that still the
 problem? Any workaround?

 - let's rename `AnalyzerTag::SYSLOG`  to `AnalyzerTag::SYSLOG_UDP` (easy
 to do; mentioning here for reference)

 - I think we really need a trace for the test-suite here before we merge
 it in.

