[Bro-Dev] Trouble with getting Bro 2.2 private analyzer to write logs on current master

Vlad Grigorescu vlad at grigorescu.org
Wed Jun 17 08:10:27 PDT 2015


On Wed, Jun 17, 2015 at 9:45 AM, James Swaro <james.swaro at gmail.com> wrote:

> > Just a guess, but it could be related to this:
> https://github.com/bro/bro/blob/master/CHANGES#L1578
> I'm looking, but nothing seems to pop out at me.
>
> > The other big change was moving to plugins, but if you're seeing it
> added as a child analyzer, that doesn't sound like it'd be the issue.
> It seems to be ok. Did data delivery change from DeliverPacket to
> something else?
>
> > Was this analyzer written in BinPAC, or in C++?
> It was written in C++.
>

Well, what I meant with that change was that the functions used for data
delivery changed. Specifically:

Analyzer::{NextPacket, NextUndelivered, ForwardPacket, ForwardUndelivered,
DeliverPacket, Undelivered} were modified to change the int seq parameter
to a uint64. If your functions aren't updated, and are expecting a plain
old int for the sequence number, I've seen the scenario you describe: the
analyzer attaches, but doesn't function.

  --Vlad
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.icsi.berkeley.edu/pipermail/bro-dev/attachments/20150617/92d9bcec/attachment.html 


More information about the bro-dev mailing list