Aashish Sharma created BIT-1181:
-----------------------------------
Summary: Input-framework errors should be fatal (or Notice_Alarm)
instead of silent reporter::error failures
Key: BIT-1181
URL: https://bro-tracker.atlassian.net/browse/BIT-1181
Project: Bro Issue Tracker
Issue Type: Problem
Components: Bro
Affects Versions: 2.2
Reporter: Aashish Sharma
I noticed many times that if there is a problem in a feed file (syntax, or some
other issue) and input-framework is unable to read the file, it generates a
Reporter::Error. This is a silent failure condition ie bro continues to operate
as normal and the error is logged into reporter log.
Ideally above is the right thing to do. However, This failure results in no
data in the tables getting updated any more while I continue to operate
under-impression that Bro is working fine (unless I have explicitly been
looking at reporter log for this issue , which now I do).
If input-framework is unable to read/digest data from a feed, I believe that
should be a (configurable) fatal error or something which at least triggers an
alarm/alert/email.
--
This message was sent by Atlassian JIRA
(v6.3-OD-02-026#6318)
_______________________________________________
bro-dev mailing list
[email protected]
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
