[Dshield] Bug in framework with last message repeated parsing?

Daniel Gerald Kluge dkluge at acm.org
Sun Mar 9 21:10:20 GMT 2003


Hello there,
I wrote a parser for ZyNOS (Zyxel Routers, Zywall, Netgear) this 
afternoon, based on the perl framework, and I'm currently having a 
problem with the english in framework.pl.

I parse syslog output, and I have the following issue with the 'last 
message repeated line' parsing. The comments in framework.pl say:

         # $prev_dline will be non-NULL only if the previous line was a 
valid
         # DShield log line.  Note the rule.  Any operation that skips a 
line
         # must also clear $prev_dline.

What does valid mean?

The previous line was valid, but it was excluded from output because of 
an exclude rule, so $prev_dline is not set, and I'm getting a 
parse-error on the 'last message repeated' line because it is passed to 
the parser instead of being handled by the framework.

I don't like this behavior, since it will send me checking for the 
actual reason of the error every time....

Ideas, comments from framework & parser writers, maintainers and gurus?

Cheers,
-daniel



More information about the list mailing list