Thanks, Jon. I think that looks great!

On Mon, Oct 19, 2020 at 8:49 PM Jon Siwek <jsi...@corelight.com> wrote:

> On Mon, Oct 19, 2020 at 9:13 AM Vlad Grigorescu <v...@es.net> wrote:
>
> > > ============================================ =
> > > :zeek:type:`Notice::Type`: :zeek:type:`enum`
> > > ============================================ =
> >
> > (I'm also not sure why there's a space before the last = on those lines).
>
> It's a table with one row, two columns.  The 2nd column is empty
> because the `redef` itself has no associated commentary (and Zeekygen
> does not currently document the extending fields/enums at that
> location).
>
> > Another example is visible here:
> https://raw.githubusercontent.com/zeek/zeek-docs/master/scripts/policy/protocols/ssh/detect-bruteforcing.zeek.rst
> >
> > If we look at the documentation for Notice::Type, all the new types are
> documented there:
> https://raw.githubusercontent.com/zeek/zeek-docs/master/scripts/base/frameworks/notice/main.zeek.rst
> >
> > However this doesn't work when moving detections to packages.
> >
> > It seems like this is missing from Zeekygen, but I'm not sure of the
> right fix.
>
> Here's a patch that improves Zeekygen to include the extending
> fields/enums in the "Redefinition" section:
>
>     https://github.com/zeek/zeek/pull/1237
>
> Think that will work for this purpose; let me know if you try and find
> otherwise.
>
> - Jon
>
_______________________________________________
zeek-dev mailing list -- zeek-dev@lists.zeek.org
To unsubscribe send an email to zeek-dev-le...@lists.zeek.org

Reply via email to