Arne Welzel

Hey @Psibur - are you sure you had been using the latest `master` version when attempting to compile? The line erroring in the output you show doesn't use BroString.h in...

Can reproduce back to 4.0.9 with the following script. It happens instantaneously on 6.0+ likely due to the more efficient/aggressive IO loop. The crux for the reproducer is the much...

I don't quite know how to fix this yet, but I'll assign myself for now.

Fixed through zeek/spicy#1817.

> Logging. @rsmmr mentioned logging could possibly be just an event. With the batching of individual log writes that may be efficient enough (transporting the encoded batch as a zeek::StringVal...

> Passing in the serializer gets things mostly there, but then all the function signatures and api surface will still be "zeeky" vs only needing to deal with things like...

I am closing this for the time being. Some of the pre-work is in #3937 and the rest is actively being worked on. CI isn't close to passing, so no...

@jasonish - how does this version look to you?

> Would it need special capabilities? Suppose CAP_NET_RAW due to listeing on `lo`. I ran it within a plain `docker run --rm -it` here and that seemed to work.

> [OISF/suricata#10583](https://github.com/OISF/suricata/pull/10583) got merged, so this should pass... let's check Thanks for re-triggering. Think for `main-7.0.x` still needs f17204191d3bb2201e6b6b1c4cf2e7a96148e8cd backported for it to pass there too :crossed_fingers: FYI - I'll...