Hello Ulf,
>>> Ulf Lamping <ulf.lamping@xxxxxx> 2008-04-05 16:16 >>>
> Having less messages at higher severity levels is a lot easier to work
> with the expert infos, compared to dumped with all kinds of stuff.
>
> As I wouldn't call myself a real TCP expert, what do others think?
The logic/reasoning behind the various "expert" info levels was raised
several times during Sharkfest by Laura.
Regarding the severity level for this particular case, I would tend to
side with you, but I'm no TCP expert and ...
"One man's trash is another man's treasure." (and visa-versa) ;-)
I've experienced situations where one person's "error" might only
warrant a "note" or "chat" (if even that) in my particular situation.
But I've also had situations (using other "expert" systems) where
something they consider a "chat" or "note" is actually an indication
of a much more severe problem.
I started thinking about the need for an expert info configuration
framework to allow the Wireshark user to tune the expert system to
their specific needs. This hypothetical configuration framework would
not only allow you to enable/disable individual expert message types,
but would allow the user to set which severity level the individual
messages should be reported as.
Anyone think the idea of a expert info configuration framework is
worthwhile submitting as a feature request?
Best regards,
Jim Y.
