[Bro-Dev] [JIRA] (BIT-1470) Implemented Functions in Notice Framework

Robin Sommer (JIRA) jira at bro-tracker.atlassian.net
Thu Oct 1 16:22:02 PDT 2015

    [ https://bro-tracker.atlassian.net/browse/BIT-1470?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=22409#comment-22409 ] 

Robin Sommer commented on BIT-1470:

The code in in notice_tags() looks pretty fragile: I'd bet that we if ever changed the fields that an Info record had, we'd forget to adapt this function. 

Different idea: we could use record_fields() instead to get all the fields dynamically and then iterate through. For those that need special treatment to generate good defaults, we could still hardcode that; but for all others we'd just convert to string by default.

> Implemented Functions in Notice Framework
> -----------------------------------------
>                 Key: BIT-1470
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1470
>             Project: Bro Issue Tracker
>          Issue Type: Patch
>          Components: Bro
>    Affects Versions: 2.3
>            Reporter: Wendy Edwards
>            Assignee: Robin Sommer
>            Priority: Low
>             Fix For: 2.5
>         Attachments: main_mod.bro, notice_main.patch
> I modified the main.bro file in the notice framework (see https://github.com/bro/bro/blob/master/scripts/base/frameworks/notice/main.bro) to implement the functions "notice_tags" and "execute_with_notice."  The patch (notice_main.patch) and the modified file (main_mod.bro) are both attached.

This message was sent by Atlassian JIRA

More information about the bro-dev mailing list