[Bro-Dev] A consistent order of precedence for broctl options

Slagell, Adam J slagell at illinois.edu
Mon Aug 20 10:06:37 PDT 2012

Ticket [837] came up in discussion today. It does not appear that this issue was ever resolved. However, I think it is just a specific instance of a more general problem. We don't have any well-defined order of precedence for broctl options, and that leads to ambiguity and frustration (If I am wrong, someone please clarify it in documentation and we can answer this ticket in a consistent way).

I hope we can at least agree on two points. First, there should be a well-defined precedence that is documented and followed as uniformly as possible. If you're on board with that, do you agree with my second assertion that broctl should get the last word and override all others?

Maybe as a first step we could list all the places and ways such settings could be made, and then work to order that list?

:Adam Slagell

[837] http://tracker.bro-ids.org/bro/ticket/837

Adam J. Slagell, CISO, CISSP
Chief Information Security Officer
National Center for Supercomputing Applications
University of Illinois at Urbana-Champaign

"Under the Illinois Freedom of Information Act (FOIA), any written communication to or from University employees regarding University business is a public record and may be subject to public disclosure." 

More information about the bro-dev mailing list