[Bro-Dev] Option -z

Robin Sommer Mon, 23 May 2016 12:00:06 -0700

Does anybody remember what Bro's option -z is for?

    -z|--analyze <analysis>        | run the specified policy file analysis


Turns out the only supported "analysis" is "notice":

# bro -r x.pcap -z notice
Found NOTICE: PacketFilter::Dropped_Packets
Found NOTICE: PacketFilter::Install_Failure
Found NOTICE: Signatures::Signature_Summary
Found NOTICE: PacketFilter::Compile_Failure
Found NOTICE: Signatures::Multiple_Sig_Responders
Found NOTICE: Signatures::Sensitive_Signature
Found NOTICE: Signatures::Count_Signature
Found NOTICE: PacketFilter::Too_Long_To_Compile_Filter
Found NOTICE: Signatures::Multiple_Signatures

This looks very specific for hard-coded event-engine functionality. I
propose to remove unless somebody still sees a use for this?

Robin

-- 
Robin Sommer * ICSI/LBNL * [email protected] * www.icir.org/robin
_______________________________________________
bro-dev mailing list
[email protected]
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev

[Bro-Dev] Option -z

Reply via email to