[Bro-Dev] Option -z
Robin Sommer
robin at icir.org
Mon May 23 11:59:01 PDT 2016
Does anybody remember what Bro's option -z is for?
-z|--analyze <analysis> | run the specified policy file analysis
Turns out the only supported "analysis" is "notice":
# bro -r x.pcap -z notice
Found NOTICE: PacketFilter::Dropped_Packets
Found NOTICE: PacketFilter::Install_Failure
Found NOTICE: Signatures::Signature_Summary
Found NOTICE: PacketFilter::Compile_Failure
Found NOTICE: Signatures::Multiple_Sig_Responders
Found NOTICE: Signatures::Sensitive_Signature
Found NOTICE: Signatures::Count_Signature
Found NOTICE: PacketFilter::Too_Long_To_Compile_Filter
Found NOTICE: Signatures::Multiple_Signatures
This looks very specific for hard-coded event-engine functionality. I
propose to remove unless somebody still sees a use for this?
Robin
--
Robin Sommer * ICSI/LBNL * robin at icir.org * www.icir.org/robin
More information about the bro-dev
mailing list