Re: [Bro-Dev] Dot release?
I like that plan. I think there are some minor Maverick's issues too that Daniel found. So we might want to get those in there as well. On Jan 30, 2014, at 10:50 AM, Robin Sommer ro...@icir.org wrote: Folks, making a 2.2.1 release has been coming up a few times and I'm thinking we should just snapshot current master for that. We've been fixing quite a number of things since 2.2, yet there aren't any larger new features yet (GRE tunnel decapsulation being the only one I can think of right now). I'd wait for two more things though: - Merging, and some testing, of Jon's recent file analysis framework API changes that make the file handle management more efficient. - Figuring out the exec and/or sumstats problems (it looks certain at this point that exec isn't cleaning up fully; and sumstats may have a larger than expected CPU impact, but that's not clear yet I believe). Once 2.2.1 is out, I'd then next work on merging my dynamic plugin code, which is mostly ready but needs cleanup, review, documentation, testing. How does that sound? If good, now would also be the time to finalize any other minor fixes that people might want to see in 2.2.1. Robin -- Robin Sommer * Phone +1 (510) 722-6541 * ro...@icir.org ICSI/LBNL* Fax +1 (510) 666-2956 * www.icir.org/robin ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev -- Adam J. Slagell Chief Information Security Officer Assistant Director, Cybersecurity National Center for Supercomputing Applications University of Illinois at Urbana-Champaign www.ncsa.illinois.edu/~slagell/ Under the Illinois Freedom of Information Act (FOIA), any written communication to or from University employees regarding University business is a public record and may be subject to public disclosure. ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] Dot release?
Folks, making a 2.2.1 release has been coming up a few times and I'm thinking we should just snapshot current master for that. We've been fixing quite a number of things since 2.2, yet there aren't any larger new features yet (GRE tunnel decapsulation being the only one I can think of right now). I'd wait for two more things though: - Merging, and some testing, of Jon's recent file analysis framework API changes that make the file handle management more efficient. - Figuring out the exec and/or sumstats problems (it looks certain at this point that exec isn't cleaning up fully; and sumstats may have a larger than expected CPU impact, but that's not clear yet I believe). Once 2.2.1 is out, I'd then next work on merging my dynamic plugin code, which is mostly ready but needs cleanup, review, documentation, testing. How does that sound? If good, now would also be the time to finalize any other minor fixes that people might want to see in 2.2.1. Robin -- Robin Sommer * Phone +1 (510) 722-6541 * ro...@icir.org ICSI/LBNL* Fax +1 (510) 666-2956 * www.icir.org/robin ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
Re: [Bro-Dev] Dot release?
I already told Robin - but just for the record, I think it is a good idea/plan. Bernhard On Jan 30, 2014, at 8:57 AM, Slagell, Adam J slag...@illinois.edu wrote: I like that plan. I think there are some minor Maverick's issues too that Daniel found. So we might want to get those in there as well. On Jan 30, 2014, at 10:50 AM, Robin Sommer ro...@icir.org wrote: Folks, making a 2.2.1 release has been coming up a few times and I'm thinking we should just snapshot current master for that. We've been fixing quite a number of things since 2.2, yet there aren't any larger new features yet (GRE tunnel decapsulation being the only one I can think of right now). I'd wait for two more things though: - Merging, and some testing, of Jon's recent file analysis framework API changes that make the file handle management more efficient. - Figuring out the exec and/or sumstats problems (it looks certain at this point that exec isn't cleaning up fully; and sumstats may have a larger than expected CPU impact, but that's not clear yet I believe). Once 2.2.1 is out, I'd then next work on merging my dynamic plugin code, which is mostly ready but needs cleanup, review, documentation, testing. How does that sound? If good, now would also be the time to finalize any other minor fixes that people might want to see in 2.2.1. Robin -- Robin Sommer * Phone +1 (510) 722-6541 * ro...@icir.org ICSI/LBNL* Fax +1 (510) 666-2956 * www.icir.org/robin ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev -- Adam J. Slagell Chief Information Security Officer Assistant Director, Cybersecurity National Center for Supercomputing Applications University of Illinois at Urbana-Champaign www.ncsa.illinois.edu/~slagell/ Under the Illinois Freedom of Information Act (FOIA), any written communication to or from University employees regarding University business is a public record and may be subject to public disclosure. ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
Re: [Bro-Dev] Dot release?
Yes, the current master is WAY more stable on busy production sensors that 2.2. For sites really leaning on the intel framework master is the only way to go. Thanks, Liam Randall On Thu, Jan 30, 2014 at 1:17 PM, Bernhard Amann bernh...@icsi.berkeley.eduwrote: I already told Robin - but just for the record, I think it is a good idea/plan. Bernhard On Jan 30, 2014, at 8:57 AM, Slagell, Adam J slag...@illinois.edu wrote: I like that plan. I think there are some minor Maverick's issues too that Daniel found. So we might want to get those in there as well. On Jan 30, 2014, at 10:50 AM, Robin Sommer ro...@icir.org wrote: Folks, making a 2.2.1 release has been coming up a few times and I'm thinking we should just snapshot current master for that. We've been fixing quite a number of things since 2.2, yet there aren't any larger new features yet (GRE tunnel decapsulation being the only one I can think of right now). I'd wait for two more things though: - Merging, and some testing, of Jon's recent file analysis framework API changes that make the file handle management more efficient. - Figuring out the exec and/or sumstats problems (it looks certain at this point that exec isn't cleaning up fully; and sumstats may have a larger than expected CPU impact, but that's not clear yet I believe). Once 2.2.1 is out, I'd then next work on merging my dynamic plugin code, which is mostly ready but needs cleanup, review, documentation, testing. How does that sound? If good, now would also be the time to finalize any other minor fixes that people might want to see in 2.2.1. Robin -- Robin Sommer * Phone +1 (510) 722-6541 * ro...@icir.org ICSI/LBNL* Fax +1 (510) 666-2956 * www.icir.org/robin ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev -- Adam J. Slagell Chief Information Security Officer Assistant Director, Cybersecurity National Center for Supercomputing Applications University of Illinois at Urbana-Champaign www.ncsa.illinois.edu/~slagell/ Under the Illinois Freedom of Information Act (FOIA), any written communication to or from University employees regarding University business is a public record and may be subject to public disclosure. ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev -- Liam Randall Managing Partner 510-281-0760 www.Broala.com http://www.broala.com/ From the creators of Bro http://www.bro.org ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev