While testing the new Broker code in master I came across this a bit
unexpectedly when trying to run our full production policy stack:
2.5-544 | 2018-05-01 17:57:15 -0500
* Rewrite the DHCP analyzer and accompanying script-layer API.
I'm all for analyzer updates and improvements, but what I'm honestly not
sure about is this:
* Reduced all DHCP events into a single dhcp_message event.
(removed legacy events since they weren't widely used anyway)
How was the determination made that it's not widely used? I don't recall a
survey on the bro/bro-dev lists and there's clearly instances of it's use
when searching github.
-Dop
_______________________________________________
bro-dev mailing list
[email protected]
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
