Actions
Optimization #3213
openimprove rule parsing warnings
Description
Rule parsing warnings, as opposed to errors, do often not contain enough information to quickly determine which rule generated the warning. Errors themselves are similar, but they will lead to a followup message containing the raw sig.
Since this isn't so for warnings it can lead to implementation specific hacks, like:
if (s->id > 0) {
SCLogWarning(SC_ERR_UNKNOWN_VALUE, "signature sid:%u uses "
"unknown classtype: \"%s\", using default priority %d. "
"This message won't be shown again for this classtype",
s->id, parsed_ct_name, DETECT_DEFAULT_PRIO);
} else if (de_ctx->rule_file != NULL) {
SCLogWarning(SC_ERR_UNKNOWN_VALUE, "signature at %s:%u uses "
"unknown classtype: \"%s\", using default priority %d. "
"This message won't be shown again for this classtype",
de_ctx->rule_file, de_ctx->rule_line,
parsed_ct_name, DETECT_DEFAULT_PRIO);
} else {
SCLogWarning(SC_ERR_UNKNOWN_VALUE, "unknown classtype: \"%s\", "
"using default priority %d. "
"This message won't be shown again for this classtype",
parsed_ct_name, DETECT_DEFAULT_PRIO);
}
It would be good to create a wrapper for this, so we can get consistent behavior and less verbose code.
Updated by Andreas Herz about 5 years ago
- Assignee set to OISF Dev
Do you have an example how the end result should look like?
Actions