[Bro-Dev] [JIRA] (BIT-1145) Individual set_seperator for different feeds
Seth Hall (JIRA)
jira at bro-tracker.atlassian.net
Wed Mar 5 07:15:18 PST 2014
[ https://bro-tracker.atlassian.net/browse/BIT-1145?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15705#comment-15705 ]
Seth Hall commented on BIT-1145:
--------------------------------
Yep, definitely something we need. It's pretty painful (for input and logging) right now.
> Individual set_seperator for different feeds
> --------------------------------------------
>
> Key: BIT-1145
> URL: https://bro-tracker.atlassian.net/browse/BIT-1145
> Project: Bro Issue Tracker
> Issue Type: New Feature
> Components: Bro
> Affects Versions: git/master
> Reporter: aashish
> Labels: feeds, framework, input, logging
> Fix For: 2.4
>
>
> Can we assign an individual set_separator per feed ?
> Why ?:
> Various data feeds from different sources have their own fields separators.
> We need to post process these feeds in order to digest the data into bro using input-framework, this creates a need to have two tiered storage for each of the data feeds (original data + re-formatted data for input framework).
> At present the workaround is to basically format all data feeds to use intel-framework and this works very well. There is still useful needs to have data feeds outside intel-framework for example - digesting list of subnets+building allocations in the network or digesting auth data... and so on.
--
This message was sent by Atlassian JIRA
(v6.2-OD-10-004-WN#6253)
More information about the bro-dev
mailing list