[Bro-Dev] [JIRA] (BIT-1145) Individual set_seperator for different feeds

[Seth Hall (JIRA)]

     [ https://bro-tracker.atlassian.net/browse/BIT-1145?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Seth Hall updated BIT-1145:
---------------------------

    Attachment: signature.asc


Nope, no reason.  I just fixed this when I did the formatter refactoring and forgot to close this ticket.


> Individual set_seperator for different feeds
> --------------------------------------------
>
>                 Key: BIT-1145
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1145
>             Project: Bro Issue Tracker
>          Issue Type: New Feature
>          Components: Bro
>    Affects Versions: git/master
>            Reporter: Aashish Sharma
>              Labels: feeds, framework, input, logging
>             Fix For: 2.3
>
>         Attachments: signature.asc
>
>
> Can we assign an individual set_separator per feed ?  
> Why ?: 
> Various data feeds from different sources have their own fields separators.
> We need to post process these feeds in order to digest the data into bro using input-framework, this creates a need to have two tiered storage for each of the data feeds (original data + re-formatted data for input framework). 
> At present the workaround is to basically format all data feeds to use intel-framework and this works very well.  There is still useful needs to have data feeds outside intel-framework for example - digesting list of subnets+building allocations in the network or digesting auth data... and so on. 



--
This message was sent by Atlassian JIRA
(v6.3-OD-02-026#6318)