I have a TCP analyzer that I wrote for my master thesis which I'm trying to update to the latest version of Bro. After rebasing to the trunk, I observed only a few collisions. I resolved the collisions and but something seems to have changed with how the logs are written. Are there changes in the logging framework between Bro 2.2 and the current master which could influence how events are generated? Could this be a change in how packets are delivered to TCP child/support/application analyzers?
I am only guessing at things as I haven't had much time to debug why the logs aren't being generated. From some quick debug, I can see that the analyzer is still being added to TCP as a child analyzer, so it seems related to either delivery or event generation. I know this is little information to go on. I can provide more information as needed. -- James Swaro Internetworking Research Group Ohio University
_______________________________________________ bro-dev mailing list [email protected] http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
