[Bro-Dev] ElasticSearch problem (Re: [Bro-Commits] [git/bro] master: Merge remote-tracking branch 'origin/fastpath' (c66c6d7))
Robin Sommer
robin at icir.org
Fri Jul 27 15:09:47 PDT 2012
On Fri, Jul 27, 2012 at 21:54 +0000, you wrote:
> Another idea: testing/external/scripts/diff-all has a quick hack (that
> I'm not really sure works right still) for getting around the case
> where GeoIP support isn't enabled and shows up as a reporter message.
> Maybe that can be updated to also ignore lines regarding
> ElasticSearch.
I guess it could, but that's not really much nicer ... I can see
eventuallu having more of these optional scripts that do something
that might cause artefacts depending on config/capabilities.
How about as a general policy we say that any script that may cause
trouble when simply loaded on top of a standard configuration must
have a way to be disabled. We then add a script
disable-problematic-analyses.bro (or so :) to the external tests, and
this script sets all those relevant options.
(Hmm ... We might be able to achieve the same effect with some
@unloads, but not sure I want to rely on that odd feature ...)
I can think of one more alternative: split test-all-policy.bro into
two parts, all the scripts that are fine to load with the external
tests and those which aren't.
Robin
--
Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org
ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org
More information about the bro-dev
mailing list