[Bro-Dev] Trouble with getting Bro 2.2 private analyzer to write logs on current master

James Swaro james.swaro at gmail.com
Tue Jun 16 19:22:23 PDT 2015


I have a TCP analyzer that I wrote for my master thesis which I'm trying to
update to the latest version of Bro. After rebasing to the trunk, I
observed only a few collisions. I resolved the collisions and but something
seems to have changed with how the logs are written. Are there changes in
the logging framework between Bro 2.2 and the current master which could
influence how events are generated? Could this be a change in how packets
are delivered to TCP child/support/application analyzers?

I am only guessing at things as I haven't had much time to debug why the
logs aren't being generated. From some quick debug, I can see that the
analyzer is still being added to TCP as a child analyzer, so it seems
related to either delivery or event generation.

I know this is little information to go on. I can provide more information
as needed.

-- 
James Swaro
Internetworking Research Group
Ohio University
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.icsi.berkeley.edu/pipermail/bro-dev/attachments/20150616/995c6795/attachment.html 


More information about the bro-dev mailing list