[Bro-Dev] [JIRA] (BIT-1181) Input-framework errors should be fatal (or Notice_Alarm) instead of silent reporter::error failures

Bernhard Amann (JIRA) jira at bro-tracker.atlassian.net
Tue Apr 8 19:01:07 PDT 2014 

    [ https://bro-tracker.atlassian.net/browse/BIT-1181?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16106#comment-16106 ] 

Bernhard Amann commented on BIT-1181:
-------------------------------------

Ok. So - basically since, if you want to, you already can catch this case via reporter_error we won't change anything?

One problem I see at the moment is, that it might be really easy to miss errors of the input framework. This can mean that feeds do not get updated and no one notices it for an extended period of time.

Not sure where I am going with this - I don't really know any better solution.

> Input-framework errors should be fatal (or Notice_Alarm) instead of silent reporter::error failures
> ---------------------------------------------------------------------------------------------------
>
>                 Key: BIT-1181
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1181
>             Project: Bro Issue Tracker
>          Issue Type: Problem
>          Components: Bro
>    Affects Versions: 2.2
>            Reporter: Aashish Sharma
>            Assignee: Bernhard Amann
>              Labels: input-framework
>
> I noticed many times that if there is a problem in a feed file (syntax, or some other issue) and input-framework is unable to read the file, it generates a Reporter::Error. This is a silent failure condition ie bro continues to operate as normal and the error is logged into reporter log. 
> Ideally above is the right thing to do. However, This failure results in no data in the tables getting updated any more while I continue to operate under-impression that Bro is working fine (unless I have explicitly been looking at reporter log for this issue , which now I do). 
> If input-framework is unable to read/digest data from a feed, I believe that should be a (configurable) fatal error or something which at least triggers an alarm/alert/email. 



--
This message was sent by Atlassian JIRA
(v6.3-OD-02-026#6318)

More information about the bro-dev mailing list