[Bro-Dev] DHCP event removal
Michael Dopheide
dopheide at es.net
Thu Jun 14 21:30:28 PDT 2018
While testing the new Broker code in master I came across this a bit
unexpectedly when trying to run our full production policy stack:
2.5-544 | 2018-05-01 17:57:15 -0500
* Rewrite the DHCP analyzer and accompanying script-layer API.
I'm all for analyzer updates and improvements, but what I'm honestly not
sure about is this:
* Reduced all DHCP events into a single dhcp_message event.
(removed legacy events since they weren't widely used anyway)
How was the determination made that it's not widely used? I don't recall a
survey on the bro/bro-dev lists and there's clearly instances of it's use
when searching github.
-Dop
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.icsi.berkeley.edu/pipermail/bro-dev/attachments/20180614/4bd82b2b/attachment.html
More information about the bro-dev
mailing list