[ https://bro-tracker.atlassian.net/browse/BIT-849?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=19980#comment-19980 ]
Jon Siwek commented on BIT-849: ------------------------------- To me, it seems like these reporter warnings should just be made weirds instead. > SMTP analyzer and reporter warnings > ----------------------------------- > > Key: BIT-849 > URL: https://bro-tracker.atlassian.net/browse/BIT-849 > Project: Bro Issue Tracker > Issue Type: Problem > Components: Bro > Affects Versions: git/master > Reporter: Seth Hall > Assignee: Jon Siwek > Labels: analyzer > Fix For: 2.4 > > > There are some warnings in the SMTP analyzer (ultimately from using the MIME > analyzer) that go to reporter but they are wildly unhelpful in reporter.log. > Here's an example line from reporter.log: > {noformat} > 1342043855.564338 Reporter::WARNING nested mail transaction (empty) > - > {noformat} > Doing protocol violations on the smtp analyzer wouldn't quite be the right > thing either because the dpd framework might remove the smtp analyzer from > the connection. Part of the problem may stem from the fact that MIME > analyzer isn't a true analyzer (doesn't descend from Analyzer). There is > some obvious analyzer restructuring that needs to happen here but that can > wait for the larger analyzer work that is coming up. > Does anyone have thoughts about what we could do with this message now to > make it more useful? -- This message was sent by Atlassian JIRA (v6.4-OD-15-055#64014) _______________________________________________ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev