Re: [Bro-Dev] consistency checking for attributes

Yeah, error out and let there be no surprises. On Wed, Oct 31, 2018 at 11:17 AM Vern Paxson wrote: > > To be honest I'm not even sure if the behavior > > is defined right now, i.e. if the later value will overwrite the first > one. > > I don't think it's defined. Looking at the code, the later

Re: [Bro-Dev] consistency checking for attributes

Sounds good and I like it. To be honest I'm not even sure if the behavior is defined right now, i.e. if the later value will overwrite the first one. Do you want to error out when two are found or overwrite the first with the second one? On Mon, Oct 29, 2018 at 11:56 AM Vern Paxson wrote: >

Re: [Bro-Dev] DHCP event removal

No idea what’s in master. It should be trivial if you don’t remove the dhcp analyzer completely. > On Jun 16, 2018, at 6:07 AM, Vlad Grigorescu wrote: > > Yep, already working on it. :-) > >> On Sat, Jun 16, 2018 at 6:26 AM, Seth Hall wrote: >> >> On 15 Jun 2018, at 17:22, Azoff, Justin S

Re: [Bro-Dev] DHCP event removal

Hey, I use the dhcp analyzer because i cannot count on our dhcp logs. Not just that, I do some detection around it. > On Jun 15, 2018, at 2:38 PM, Vlad Grigorescu wrote: > > Yeah, I've mainly seen it used for shellshock. On top of that, I saw some > scripts in GitHub that used it from: > > -

Re: [Bro-Dev] $history extensions - zero windows, logarithmic counts

I really like those ideas, especially the logarithmic count. How much would it cost to have an event fired when those thresholds are crossed? > On Jun 15, 2018, at 10:41 AM, Vern Paxson wrote: > > I'm working on two enhancements to the $history tracking for connections > that thought I'd tee

Re: [Bro-Dev] bro-devel package?

Well that’s s great question! Right now my spec for building plugins downloads entire bro tree and does some cmake plugin to avoid waiting for the tree to build. > On May 24, 2018, at 9:50 PM, Vlad Grigorescu wrote: > > There are a couple of cases where I think it'd be useful

Re: [Bro-Dev] Moving to GitHub?

Big thumbs up. On May 15, 2018, at 5:34 PM, Johanna Amann wrote: >> What do people think? Any support, or concerns? > > I am in favor. The only thing I would miss are the immediate change > notifications by email - I really like those... > > Johanna >

Re: [Bro-Dev] bro-pkg -> bropkg

Bropkg is easier to type indeed. And then let's change the brocut. > On 15 Sep 2016, at 13:53, Siwek, Jon wrote: > > Either way seems fine to me also. Maybe do a strawpoll and go w/ the > majority. Other misc. thoughts: > > Internally, I already used “bropkg” instead of

Re: [Bro-Dev] Updating NEWS for 2.5

That's why I said polish not publish ;-) Send feedback, have it included or rejected, all can be done before 2.5 > On 31 Aug 2016, at 15:23, Seth Hall <s...@icir.org> wrote: > > >> On Aug 30, 2016, at 8:10 PM, Michał Purzyński <michalpurzyns...@gmail.com> >&

Re: [Bro-Dev] Updating NEWS for 2.5

Feedback shared privately. Come on, let's read it and polish it a bit. It's already very good! On Thu, Aug 25, 2016 at 1:22 AM, Jan Grashöfer wrote: > I have finished my draft for a blog post explaining the new intel > framework features including some examples: > >

Re: [Bro-Dev] Updating NEWS for 2.5

Since the changes are impressive, a blog post would be a great idea indeed. Bro is first (?) on the market (again!) to come up with something like this :) Such post should describe all new Intel framework feature and give examples how to use them. > On 09 Aug 2016, at 17:21, Robin Sommer