Bug #2467
closed
4.1beta1 - non rust builds with SMB enabled
Added by Peter Manev over 6 years ago.
Updated about 6 years ago.
Description
When enabling SMB/TFTP logging on non rust build 4.1.beta1 there is the following warning-
26/3/2018 -- 20:41:09 - <Info> - eve-log output device (regular) initialized: eve.json
26/3/2018 -- 20:41:09 - <Warning> - [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - No output module named eve-log.smb
26/3/2018 -- 20:41:09 - <Warning> - [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - No output module named eve-log.tftp
26/3/2018 -- 20:41:09 - <Info> - stats output device (regular) initialized: stats.log
I wonder if it is not better to explicitly fail to start in that case or a better msg?
- Assignee set to OISF Dev
- Target version set to TBD
- Effort set to low
- Difficulty set to low
What if the error message was more like:
26/3/2018 -- 20:41:09 - <Info> - eve-log output device (regular) initialized: eve.json
26/3/2018 -- 20:41:09 - <Warning> - No output module named eve-log.smb
26/3/2018 -- 20:41:09 - <Warning> - No output module named eve-log.tftp
26/3/2018 -- 20:41:09 - <Info> - stats output device (regular) initialized: stats.log
I think the "[ERRCODE: SC_ERR_INVALID_ARGUMENT(13)]" makes it look a whole lost nastier than it really is. Perhaps a warning like "Output module eve-log.smb not available without Rust support". We'd still want this a warning or an error, but I don't know if its deserving of the "[ERRCODE: SC_ERR_INVALID_ARGUMENT(13)]".
Yeah I think we need a special handler to indicate this depends on Rust support.
- Target version changed from TBD to 4.1rc2
- Priority changed from Normal to High
- Target version changed from 4.1rc2 to 4.1
- Status changed from New to Assigned
- Assignee changed from OISF Dev to Victor Julien
- Priority changed from High to Normal
- Effort deleted (
low)
- Status changed from Assigned to Closed
- Difficulty deleted (
low)
- Tracker changed from Feature to Bug
Also available in: Atom
PDF