Thanks, Jon. I think that looks great! On Mon, Oct 19, 2020 at 8:49 PM Jon Siwek <jsi...@corelight.com> wrote:
> On Mon, Oct 19, 2020 at 9:13 AM Vlad Grigorescu <v...@es.net> wrote: > > > > ============================================ = > > > :zeek:type:`Notice::Type`: :zeek:type:`enum` > > > ============================================ = > > > > (I'm also not sure why there's a space before the last = on those lines). > > It's a table with one row, two columns. The 2nd column is empty > because the `redef` itself has no associated commentary (and Zeekygen > does not currently document the extending fields/enums at that > location). > > > Another example is visible here: > https://raw.githubusercontent.com/zeek/zeek-docs/master/scripts/policy/protocols/ssh/detect-bruteforcing.zeek.rst > > > > If we look at the documentation for Notice::Type, all the new types are > documented there: > https://raw.githubusercontent.com/zeek/zeek-docs/master/scripts/base/frameworks/notice/main.zeek.rst > > > > However this doesn't work when moving detections to packages. > > > > It seems like this is missing from Zeekygen, but I'm not sure of the > right fix. > > Here's a patch that improves Zeekygen to include the extending > fields/enums in the "Redefinition" section: > > https://github.com/zeek/zeek/pull/1237 > > Think that will work for this purpose; let me know if you try and find > otherwise. > > - Jon >
_______________________________________________ zeek-dev mailing list -- zeek-dev@lists.zeek.org To unsubscribe send an email to zeek-dev-le...@lists.zeek.org