Jim Young schrieb:
Hello Ulf,
Ulf Lamping <ulf.lamping@xxxxxx> 2008-04-05 16:16 >>>
Having less messages at higher severity levels is a lot easier to work
with the expert infos, compared to dumped with all kinds of stuff.
As I wouldn't call myself a real TCP expert, what do others think?
The logic/reasoning behind the various "expert" info levels was raised
several times during Sharkfest by Laura.
Would have been interesting to join the discussions, but I was mostly on
the developer track :-)
Regarding the severity level for this particular case, I would tend to
side with you, but I'm no TCP expert and ...
"One man's trash is another man's treasure." (and visa-versa) ;-)
I've experienced situations where one person's "error" might only
warrant a "note" or "chat" (if even that) in my particular situation.
But I've also had situations (using other "expert" systems) where
something they consider a "chat" or "note" is actually an indication
of a much more severe problem.
Yes, I'm perfectly aware of such problems.
In a simliar situation, namely a debug trace output, something that I
like to call the "severity wars" happened more than once. A developer
interested in one area raised "his" trace output severity levels to
better see "his problems". The next developer raised his output even
more to still see something. This ended up with lot's of fatal and error
outputs that wasn't even really warnings - and a "cleanup session" was
done to come back to a reasonable level for all the output.
Same probably may happen with the Wireshark severity levels as people
seem to be actually using it now.
I started thinking about the need for an expert info configuration
framework to allow the Wireshark user to tune the expert system to
their specific needs. This hypothetical configuration framework would
not only allow you to enable/disable individual expert message types,
but would allow the user to set which severity level the individual
messages should be reported as.
For example, you could have profiles like: "embedded system", "home
network", "high performance network", ... or whatever else makes sense.
Anyone think the idea of a expert info configuration framework is
worthwhile submitting as a feature request?
Of course you can, but the old open source problem applies: Who is gonna
implement it? :-)
Regards, ULFL