[Bro-Dev] [JIRA] (BIT-1181) Input-framework errors should be fatal (or Notice_Alarm) instead of silent reporter::error failures
Aashish Sharma (JIRA)
jira at bro-tracker.atlassian.net
Mon Apr 7 13:50:07 PDT 2014
Aashish Sharma created BIT-1181:
-----------------------------------
Summary: Input-framework errors should be fatal (or Notice_Alarm) instead of silent reporter::error failures
Key: BIT-1181
URL: https://bro-tracker.atlassian.net/browse/BIT-1181
Project: Bro Issue Tracker
Issue Type: Problem
Components: Bro
Affects Versions: 2.2
Reporter: Aashish Sharma
I noticed many times that if there is a problem in a feed file (syntax, or some other issue) and input-framework is unable to read the file, it generates a Reporter::Error. This is a silent failure condition ie bro continues to operate as normal and the error is logged into reporter log.
Ideally above is the right thing to do. However, This failure results in no data in the tables getting updated any more while I continue to operate under-impression that Bro is working fine (unless I have explicitly been looking at reporter log for this issue , which now I do).
If input-framework is unable to read/digest data from a feed, I believe that should be a (configurable) fatal error or something which at least triggers an alarm/alert/email.
--
This message was sent by Atlassian JIRA
(v6.3-OD-02-026#6318)
More information about the bro-dev
mailing list