[Bro-Dev] [Bro-Commits] [git/bro] topic/bernhard/file-analysis-x509: Change x509 log - now certificates are only logged once per hour. (0d50b8b)
Siwek, Jonathan Luke
jsiwek at illinois.edu
Thu Mar 13 08:50:26 PDT 2014
On Mar 13, 2014, at 9:45 AM, Bernhard Amann <bernhard at ICSI.Berkeley.EDU> wrote:
> What I did was to call…
>
> file_mgr->DataIn(reinterpret_cast<const u_char*>(cert.data()), cert.length(),
> bro_analyzer()->GetAnalyzerTag(), bro_analyzer()->Conn(), ${rec.is_orig});
> file_mgr->EndOfFile(bro_analyzer()->GetAnalyzerTag(), bro_analyzer()->Conn(), ${rec.is_orig});
>
> in exactly this order (so - directly following each other). Which does not work.
It think it should work provided that matching file handles are generated at the script-layer for this type of file. (not sure whether they are in this case, didn’t check)
> I also do not really think this is sufficiently documented in the comments of
> Manager.h. This basically is not mentioned at all there…
Yeah, it should probably at least link to [1] at least once. Do you think it would help to link to that in each method where it matters?
[1] http://www.bro.org/development/howtos/file-analysis-file-id.html
- Jon
More information about the bro-dev
mailing list