[Bro] Writing logs to both ACII and JSON
Jan Grashöfer
jan.grashoefer at gmail.com
Thu Jan 12 06:31:47 PST 2017
>> Using the SMB-Analyzer I was able to reproduce the issue: The
>> SMB-Analyzer does not set path, which is indeed optional but used for
>> all the other logs by convention.
>
> Yup, you are right. This looks like an oversight, the path should have
> been set for all the create_stream calls. I will fix this in master in a
> few minutes - thanks for finding this :)
Thanks a lot for the quick fix! This way the handling of streams is more
consistent across the streams. I will also update my script once I find
some time for testing, as not specifying the path is generally valid
(cf.
https://www.bro.org/sphinx/scripts/base/frameworks/logging/main.bro.html#type-Log::Filter).
Jan
More information about the Bro
mailing list