[Bro-Dev] Trouble with getting Bro 2.2 private analyzer to write logs on current master
Vlad Grigorescu
vlad at grigorescu.org
Wed Jun 17 08:10:27 PDT 2015
On Wed, Jun 17, 2015 at 9:45 AM, James Swaro <james.swaro at gmail.com> wrote:
> > Just a guess, but it could be related to this:
> https://github.com/bro/bro/blob/master/CHANGES#L1578
> I'm looking, but nothing seems to pop out at me.
>
> > The other big change was moving to plugins, but if you're seeing it
> added as a child analyzer, that doesn't sound like it'd be the issue.
> It seems to be ok. Did data delivery change from DeliverPacket to
> something else?
>
> > Was this analyzer written in BinPAC, or in C++?
> It was written in C++.
>
Well, what I meant with that change was that the functions used for data
delivery changed. Specifically:
Analyzer::{NextPacket, NextUndelivered, ForwardPacket, ForwardUndelivered,
DeliverPacket, Undelivered} were modified to change the int seq parameter
to a uint64. If your functions aren't updated, and are expecting a plain
old int for the sequence number, I've seen the scenario you describe: the
analyzer attaches, but doesn't function.
--Vlad
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.icsi.berkeley.edu/pipermail/bro-dev/attachments/20150617/92d9bcec/attachment.html
More information about the bro-dev
mailing list