Just a guess, but it could be related to this: https://github.com/bro/bro/blob/master/CHANGES#L1578
ints changed to uint64s. As an example, you can see how the HTTP analyzer was modified here: https://github.com/bro/bro/commit/96bcc2d69d72c21f5f4eff0c88cd8d43613bee22#diff-978a30a2ac40a10fbf3c8b5500d3a9f3 The other big change was moving to plugins, but if you're seeing it added as a child analyzer, that doesn't sound like it'd be the issue. Was this analyzer written in BinPAC, or in C++? --Vlad On Tue, Jun 16, 2015 at 9:22 PM, James Swaro <[email protected]> wrote: > I have a TCP analyzer that I wrote for my master thesis which I'm trying > to update to the latest version of Bro. After rebasing to the trunk, I > observed only a few collisions. I resolved the collisions and but something > seems to have changed with how the logs are written. Are there changes in > the logging framework between Bro 2.2 and the current master which could > influence how events are generated? Could this be a change in how packets > are delivered to TCP child/support/application analyzers? > > I am only guessing at things as I haven't had much time to debug why the > logs aren't being generated. From some quick debug, I can see that the > analyzer is still being added to TCP as a child analyzer, so it seems > related to either delivery or event generation. > > I know this is little information to go on. I can provide more information > as needed. > > -- > James Swaro > Internetworking Research Group > Ohio University > > > > _______________________________________________ > bro-dev mailing list > [email protected] > http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev > >
_______________________________________________ bro-dev mailing list [email protected] http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
