You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
IIUC, the spicy:: prefix causes the analyzer tag to be prefixed with SPICY_ which in turn ends up in the conn.log service field as spicy_<analyzer>. This causes the "tech" used to write an analyzer to leak through into the logs.
Should we remove the spicy:: prefix from the template?
Yeah, I can see removing this now. Originally it was meant to help identify when a Spicy analyzer is in use (as opposed to a traditional one), but seems that's less important these days, and it is kind of odd from a user's perspective to have that in there.
As described #11, the `spicy::` prefix in evt files causes the generated
analyzer tag to contain "SPICY_". This in turn trickles through to
conn.log's service field.
Closes#11.
IIUC, the
spicy::
prefix causes the analyzer tag to be prefixed withSPICY_
which in turn ends up in the conn.log service field asspicy_<analyzer>
. This causes the "tech" used to write an analyzer to leak through into the logs.Should we remove the
spicy::
prefix from the template?package-template/features/spicy-protocol-analyzer/analyzer/@ANALYZER_LOWER@.evt@ALT-one-unit@
Line 9 in cd045d0
Reference zeek/zeek#2651
The text was updated successfully, but these errors were encountered: