[Bro-Dev] #623: topic/seth/notice-suppression - Notice suppression and more

Bro Tracker bro at tracker.bro-ids.org
Tue Sep 20 09:02:15 PDT 2011

#623: topic/seth/notice-suppression - Notice suppression and more
 Reporter:  seth           |      Owner:
     Type:  Merge Request  |     Status:  new
 Priority:  Normal         |  Milestone:  Bro1.6
Component:  Bro            |    Version:
 Keywords:  beta           |
 This is ready to merge and it has the fix for #607 in it (i'll close that
 ticket now).  There are a few other fixes not related to notice
 suppression in it as well.

 - Duplicate notices are discovered with the new Notice::Info field
 $identifier.  It's a string that is left up to the
    notice implementor to define which would indicate a fundamentally
 duplicate notice.  The field is optional and
    if it's not included it's not possible for notice suppression to take

 - New events were created to give visibility into the notice framework's
 suppression activity.
       - event Notice::begin_suppression(n: Notice::Info)
       - event Notice::suppressed(n: Notice::Info)
       - event Notice::end_suppression(n: Notice::Info)

 - Worker raised notices are printed a single time by the manager now.

 - Cluster framework and notice framework integration cleaned up and
 implemented better and more completely.

 - The table tracking notice suppressions is now done with a table
 attribute instead of "manually" with scheduled events.

 - Two new notice tests.

 - Fix crash on exit (addresses #607).

Ticket URL: <http://tracker.bro-ids.org/bro/ticket/623>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker

More information about the bro-dev mailing list