[Bro-Dev] Trouble with getting Bro 2.2 private analyzer to write logs on current master

Vlad Grigorescu vlad at grigorescu.org
Tue Jun 16 21:56:36 PDT 2015

Just a guess, but it could be related to this:

ints changed to uint64s. As an example, you can see how the HTTP analyzer
was modified here:

The other big change was moving to plugins, but if you're seeing it added
as a child analyzer, that doesn't sound like it'd be the issue.

Was this analyzer written in BinPAC, or in C++?


On Tue, Jun 16, 2015 at 9:22 PM, James Swaro <james.swaro at gmail.com> wrote:

> I have a TCP analyzer that I wrote for my master thesis which I'm trying
> to update to the latest version of Bro. After rebasing to the trunk, I
> observed only a few collisions. I resolved the collisions and but something
> seems to have changed with how the logs are written. Are there changes in
> the logging framework between Bro 2.2 and the current master which could
> influence how events are generated? Could this be a change in how packets
> are delivered to TCP child/support/application analyzers?
> I am only guessing at things as I haven't had much time to debug why the
> logs aren't being generated. From some quick debug, I can see that the
> analyzer is still being added to TCP as a child analyzer, so it seems
> related to either delivery or event generation.
> I know this is little information to go on. I can provide more information
> as needed.
> --
> James Swaro
> Internetworking Research Group
> Ohio University
> _______________________________________________
> bro-dev mailing list
> bro-dev at bro.org
> http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.icsi.berkeley.edu/pipermail/bro-dev/attachments/20150616/b4d913b6/attachment.html 

More information about the bro-dev mailing list