Robin,
it appears that you've now completely removed the history logging from
conn.bro, i.e.. state history is tracked but it can't be loggeed
anymore. Is this on purpose?
(To revert to the previous version, you need to add the following code
back into conn.bro:
if ( record_state_history )
log_msg = fmt("%s %s", log_msg,
c$history == "" ? "X" : c$history);
(and define record_state_history as const in conn.bro)
cu
gregor
This probably doesn't matter too much anyway since the conn.bro script was rewritten a while ago and logs the state history. The code that is there probably won't be in the next release.
.Seth
Yeah, looks like I stripped out a bit too much. But I was indeed not
really concerned about getting conn.bro right given that it's going to
be replaced soon with Seth's version anyway. Still, I'll put this back
in for the record before we'll merge in the new scripts.
Robin