[Bro-Dev] #976: regex change in syslog-analyzer.pac
Bro Tracker
bro at tracker.bro.org
Wed Apr 3 18:23:34 PDT 2013
#976: regex change in syslog-analyzer.pac
----------------------+------------------------
Reporter: aashish | Owner:
Type: Patch | Status: new
Priority: Medium | Milestone: Bro2.2
Component: Bro | Version: git/master
Resolution: | Keywords:
----------------------+------------------------
Comment (by seth):
This issue will take more investigation, the patch isn't right and it only
partly works on accident due to the &check attribute in binpac not doing
anything. It looks like we may need a snare log analyzer or make a
modification to the syslog analyzer to make it cope with Snare logs (which
are definitely not using the syslog protocol). For reference, here's some
documentation about the snare packet format:
http://wiki.rsyslog.com/index.php/Snare_and_rsyslog
--
Ticket URL: <http://tracker.bro.org/bro/ticket/976#comment:2>
Bro Tracker <http://tracker.bro.org/bro>
Bro Issue Tracker
More information about the bro-dev
mailing list