[Bro-Dev] Trouble with getting Bro 2.2 private analyzer to write logs on current master

Tue Jun 16 21:56:36 PDT 2015

Just a guess, but it could be related to this:
https://github.com/bro/bro/blob/master/CHANGES#L1578

ints changed to uint64s. As an example, you can see how the HTTP analyzer
was modified here:
https://github.com/bro/bro/commit/96bcc2d69d72c21f5f4eff0c88cd8d43613bee22#diff-978a30a2ac40a10fbf3c8b5500d3a9f3

The other big change was moving to plugins, but if you're seeing it added
as a child analyzer, that doesn't sound like it'd be the issue.

Was this analyzer written in BinPAC, or in C++?

  --Vlad

On Tue, Jun 16, 2015 at 9:22 PM, James Swaro <james.swaro at gmail.com> wrote:

> I have a TCP analyzer that I wrote for my master thesis which I'm trying
> to update to the latest version of Bro. After rebasing to the trunk, I
> observed only a few collisions. I resolved the collisions and but something
> seems to have changed with how the logs are written. Are there changes in
> the logging framework between Bro 2.2 and the current master which could
> influence how events are generated? Could this be a change in how packets
> are delivered to TCP child/support/application analyzers?
>
> I am only guessing at things as I haven't had much time to debug why the
> logs aren't being generated. From some quick debug, I can see that the
> analyzer is still being added to TCP as a child analyzer, so it seems
> related to either delivery or event generation.
>
> I know this is little information to go on. I can provide more information
> as needed.
>
> --
> James Swaro
> Internetworking Research Group
> Ohio University
>
>
>
> _______________________________________________
> bro-dev mailing list
> bro-dev at bro.org
> http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.icsi.berkeley.edu/pipermail/bro-dev/attachments/20150616/b4d913b6/attachment.html 