[Bro] Format of log file
Robin Sommer
robin at icir.org
Mon Jul 30 11:32:28 PDT 2007
On Mon, Jul 30, 2007 at 13:34 -0400, Jean-Philippe Luiggi wrote:
> If you agree with the fact to use tagging as the rules of choice, we may
> made a jump on this and develop it for the others files ?
I generally agree though there are two issues to consider:
- tagging is not equally well suited for all logs; something like
http.log does is pretty free-form and harder to force into the
tagging-style.
- it breaks backwards-compatibility, which is large thing because
people have scripts to parse the stuff already.
So my hunch is to stay with what we have for now (i.e., tagged for
notice/alarm, non-tagged for the rest). But I'm not claiming that
this is ideal ...
Robin
--
Robin Sommer * Phone +1 (510) 931-5555 * robin at icir.org
LBNL/ICSI * Fax +1 (510) 666-2956 * www.icir.org
More information about the Bro
mailing list