[Bro-Dev] [JIRA] (BIT-1145) Individual set_seperator for different feeds

Bernhard Amann (JIRA) jira at bro-tracker.atlassian.net
Tue Mar 4 16:03:18 PST 2014


    [ https://bro-tracker.atlassian.net/browse/BIT-1145?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15703#comment-15703 ] 

Bernhard Amann commented on BIT-1145:
-------------------------------------

I think we talked about this a while back and the conclusion was that it would be nice to have the ability to override the global choices via configuration options in the config map.

We probably should do this for the logging framework as well. If I am not mistaken this should be a rather easy change.

> Individual set_seperator for different feeds
> --------------------------------------------
>
>                 Key: BIT-1145
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1145
>             Project: Bro Issue Tracker
>          Issue Type: New Feature
>          Components: Bro
>    Affects Versions: git/master
>            Reporter: aashish
>              Labels: feeds, framework, input, logging
>             Fix For: 2.4
>
>
> Can we assign an individual set_separator per feed ?  
> Why ?: 
> Various data feeds from different sources have their own fields separators.
> We need to post process these feeds in order to digest the data into bro using input-framework, this creates a need to have two tiered storage for each of the data feeds (original data + re-formatted data for input framework). 
> At present the workaround is to basically format all data feeds to use intel-framework and this works very well.  There is still useful needs to have data feeds outside intel-framework for example - digesting list of subnets+building allocations in the network or digesting auth data... and so on. 



--
This message was sent by Atlassian JIRA
(v6.2-OD-10-004-WN#6253)


More information about the bro-dev mailing list