[Bro-Dev] ElasticSearch problem (Re: [Bro-Commits] [git/bro] master: Merge remote-tracking branch 'origin/fastpath' (c66c6d7))
Siwek, Jonathan Luke
jsiwek at illinois.edu
Fri Jul 27 14:54:02 PDT 2012
>> The default is pre-configured (localhost:9200). I suspect we shouldn't load anything from the tuning/ directory in default tests.
>
> That would require restructuring some of the tests. Also, I do prefer
> having everything loaded. I see the problem here though.
>
> We could add the reporter.log to the baseline for now until we've
> figured out something better. But are they stable, or may the
> specifics look different everytime?
>
> Here's another idea: how about adding a way to disable the stuff in
> logs-to-elasticsearch even if loaded? Like by redefing the ES server
> to an empty string? That's something we could then add to the tests
> that load everything.
Another idea: testing/external/scripts/diff-all has a quick hack (that I'm not really sure works right still) for getting around the case where GeoIP support isn't enabled and shows up as a reporter message. Maybe that can be updated to also ignore lines regarding ElasticSearch.
Jon
More information about the bro-dev
mailing list