Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-07 17:18:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Checkpoint for Bro side of broctl support.

Browse source
This commit is contained in:
Seth Hall 2011-07-09 01:41:31 -04:00
parent 8bb240af99
commit 492d93cd8d
12 changed files with 109 additions and 63 deletions
Download patch file Download diff file Expand all files Collapse all files

2
policy/all.bro
View file

@ -19,3 +19,5 @@
@load frameworks/cluster @load frameworks/cluster
@load tuning/defaults @load tuning/defaults
@load support/loaded-scripts

1
policy/frameworks/cluster/base/__load__.bro
View file

@ -14,7 +14,6 @@
@if ( Cluster::node in Cluster::nodes ) @if ( Cluster::node in Cluster::nodes )
@load frameworks/cluster/base/external-events
@load frameworks/cluster/base/setup-connections @load frameworks/cluster/base/setup-connections
# Don't start the listening process until we're a bit more sure that the # Don't start the listening process until we're a bit more sure that the

4
policy/frameworks/cluster/base/main.bro
View file

@ -28,7 +28,7 @@ export {
## Events sent by the manager host (i.e. BroControl) when dynamically ## Events sent by the manager host (i.e. BroControl) when dynamically
## connecting to a running instance to update settings or request data. ## connecting to a running instance to update settings or request data.
const control_events = /Cluster::(configuration_update|request_id|get_peer_status)/ &redef; const control_events = /Remote::(configuration_update|id_request|net_stats_request|peer_status_request)/ &redef;
## Directory where the cluster is archiving logs. ## Directory where the cluster is archiving logs.
## TODO: we need a sane default here. ## TODO: we need a sane default here.
@ -49,7 +49,7 @@ export {
proxy: string &optional; proxy: string &optional;
## Worker nodes that this node connects with. For managers and proxies. ## Worker nodes that this node connects with. For managers and proxies.
workers: set[string] &optional; workers: set[string] &optional;
time_machine: string &optional; time_machine: string &optional;
}; };
const nodes: table[string] of Node = {} &redef; const nodes: table[string] of Node = {} &redef;

11
policy/frameworks/cluster/base/setup-connections.bro
View file

@ -1,7 +1,7 @@
module Cluster; module Cluster;
event bro_init() event bro_init() &priority=9
{ {
local me = nodes[node]; local me = nodes[node];
@ -12,9 +12,14 @@ event bro_init()
# Connections from the control node for runtime control and update events. # Connections from the control node for runtime control and update events.
# Every node in a cluster is eligible for control from this host. # Every node in a cluster is eligible for control from this host.
if ( n$node_type == CONTROL ) if ( n$node_type == CONTROL )
Communication::nodes["control"] = [$host = n$ip, $connect=F, Communication::nodes["control"] = [$host=n$ip, $connect=F,
$class="control", $events=control_events]; $class="control", $events=control_events];
# The node being started up is this node so we create a dummy
# communication entry to point at this host for control.
if ( i == node )
Communication::nodes[i] = [$host=n$ip, $p=n$p, $connect=F, $class="control", $sync=F];
if ( me$node_type == MANAGER ) if ( me$node_type == MANAGER )
{ {
if ( n$node_type == WORKER && n$manager == node ) if ( n$node_type == WORKER && n$manager == node )
@ -24,7 +29,7 @@ event bro_init()
if ( n$node_type == PROXY && n$manager == node ) if ( n$node_type == PROXY && n$manager == node )
Communication::nodes[i] = Communication::nodes[i] =
[$host=n$ip, $connect=F, [$host=n$ip, $connect=F,
$class=i, $events=proxy_events, $request_logs=T]; $class=i, $events=proxy_events, $request_logs=T];
if ( n$node_type == TIME_MACHINE && me?$time_machine && me$time_machine == i ) if ( n$node_type == TIME_MACHINE && me?$time_machine && me$time_machine == i )

2
policy/frameworks/communication/base/main.bro
View file

@ -17,9 +17,9 @@ export {
type Info: record { type Info: record {
ts: time &log; ts: time &log;
peer: string &log &optional;
level: string &log &optional; level: string &log &optional;
src_name: string &log &optional; src_name: string &log &optional;
peer: string &log &optional;
msg: string &log; msg: string &log;
}; };

2
policy/frameworks/communication/listen-clear.bro
View file

@ -13,7 +13,7 @@ export {
} }
event bro_init() event bro_init() &priority=-10
{ {
listen(listen_if_clear, listen_port_clear, F); listen(listen_if_clear, listen_port_clear, F);
} }

2
policy/frameworks/communication/listen-ssl.bro
View file

@ -14,7 +14,7 @@ export {
} }
event bro_init() event bro_init() &priority=-10
{ {
listen(listen_if_ssl, listen_port_ssl, T); listen(listen_if_ssl, listen_port_ssl, T);
} }

20
policy/support/loaded-scripts.bro Normal file
View file

@ -0,0 +1,20 @@
module LoadedScripts;
export {
redef enum Log::ID += { LOADED_SCRIPTS };
type Info: record {
depth: count &log;
name: string &log;
};
}
event bro_init()
{
Log::create_stream(LOADED_SCRIPTS, [$columns=Info]);
}
event bro_script_loaded(path: string, level: count)
{
Log::write(LOADED_SCRIPTS, [$depth=level, $name=path]);
}

1
policy/support/remote/__load__.bro Normal file
View file

@ -0,0 +1 @@
@load support/remote/events

30
policy/support/remote/analysis-groups.bro Normal file
View file

@ -0,0 +1,30 @@
##! This script gives the capability to selectively enable and disable event
##! groups at runtime. No events will be raised for all memmbers of a disabled
##! event group.
@load support/remote
module Remote;
export {
# By default, all event groups are enabled. We disable all groups in this table.
const disabled_analysis_groups: set[string] &redef; # = { "ftp" }
}
# Set to remember all groups which were disabled by the last update().
global currently_disabled: set[string];
event configuration_update()
{
# Reenable those which are not to be disabled anymore.
for ( g in currently_disabled )
if ( g !in disabled_analysis_groups )
enable_event_group(g);
# Disable those which are not already.
for ( g in disabled_analysis_groups )
if ( g !in currently_disabled )
disable_event_group(g);
currently_disabled = copy(disabled_analysis_groups);
}

70
policy/frameworks/cluster/send-config.bro → policy/support/remote/config.bro
View file

@ -2,27 +2,29 @@
##! consts to a remote Bro then sends the :bro:id:`configuration_update` event ##! consts to a remote Bro then sends the :bro:id:`configuration_update` event
##! and terminates processing. ##! and terminates processing.
##! ##!
##! Intended to be used from the command line as in: ##! Intended to be used from the command line like this:
##! bro Cluster::config_node=<node> <scripts> frameworks/cluster/send-config ##! bro Remote::config_node=<node> <scripts> support/remote/send-config
##! ##!
##! The :bro:id:`config_node` value should contain the node name of one of the ##! The :bro:id:`Remote::config_node` value should contain the node name of one of the
##! nodes of the configured cluster. ##! nodes of the configured communications.
@load frameworks/communication @load frameworks/communication
@load frameworks/cluster @load support/remote
module Cluster; module Remote;
export { export {
## This is the name of the node configured in the cluster that the ## This is the name of the node configured in the communication framework
## updated configuration should be sent to. ## that you want to send new variables to.
const config_node = "" &redef; const config_node = "" &redef;
## Variable IDs that are to be ignored by the update process. ## Variable IDs that are to be ignored by the update process.
const ignore_ids: set[string] = { const ignore_ids: set[string] = {
"Communication::nodes", # TODO: Bro crashes if it tries to send this ID.
"Cluster::config_node" "Log::rotation_control",
}; };
##
} }
event terminate_event() event terminate_event()
@ -51,11 +53,11 @@ event remote_connection_handshake_done(p: event_peer)
# We don't want to update non-const globals because that's usually # We don't want to update non-const globals because that's usually
# where state is stored and those values will frequently be declared # where state is stored and those values will frequently be declared
# with &redef so that attributes can be redefined. # with &redef so that attributes can be redefined.
if ( ! t$redefinable || ! t$constant ) if ( t$constant && t$redefinable )
next; {
send_id(p, id);
send_id(p, id); ++cnt;
++cnt; }
} }
print fmt("sent %d IDs", cnt); print fmt("sent %d IDs", cnt);
@ -70,39 +72,21 @@ event remote_connection_handshake_done(p: event_peer)
event terminate_event(); event terminate_event();
} }
function make_dest(tag: string, ip: addr, p: port) event bro_init() &priority=-3
{
Communication::nodes[fmt("%s-update", tag)]
= [$host=ip, $p=p, $sync=F, $class="update"];
}
# This handler is executed after the other bro_inits() so that we can
# actually delete all previous destinations and fill the table ourselves.
event bro_init() &priority=-1
{
clear_table(Communication::nodes);
for ( n in workers )
make_dest(workers[n]$tag, workers[n]$ip, workers[n]$p);
for ( n in proxies )
make_dest(proxies[n]$tag, proxies[n]$ip, proxies[n]$p);
make_dest(manager$tag, manager$ip, manager$p);
}
event bro_init() &priority=-2
{ {
if ( config_node == "" )
return;
if ( config_node !in Communication::nodes ) if ( config_node !in Communication::nodes )
{ {
if ( config_node == "" ) print fmt("Unknown peer '%s'", config_node);
print "You must supply a value to the Cluster::config_node variable.";
else
print fmt("Unknown peer '%s'", config_node);
terminate(); terminate();
return; return;
} }
Communication::connect_peer(config_node); local n = Communication::nodes[config_node];
n$connect=T;
n$sync=F;
n$class="control";
Communication::nodes = table(["control"] = n);
} }

27
policy/frameworks/cluster/base/external-events.bro → policy/support/remote/events.bro
View file

@ -1,9 +1,12 @@
##! Events which can be sent dynamically to Bro instances to retrieve ##! Events which can be sent dynamically to Bro instances to retrieve
##! information about the running process. ##! information about the running process.
module Cluster; module Remote;
export { export {
# This event is generated when Bro's configuration may have been updated.
global configuration_update: event();
## Event for requesting the value of an ID (a variable). ## Event for requesting the value of an ID (a variable).
global id_request: event(id: string); global id_request: event(id: string);
## Event for returning the value of an ID after an :bro:id:`id_request` event. ## Event for returning the value of an ID after an :bro:id:`id_request` event.
@ -14,14 +17,16 @@ export {
## Returns the current communication status. ## Returns the current communication status.
global peer_status_response: event(s: string); global peer_status_response: event(s: string);
## Requests the current net_stats.
global net_stats_request: event(); global net_stats_request: event();
## Returns the current net_stats.
global net_stats_response: event(s: string); global net_stats_response: event(s: string);
} }
event id_request(id: string) event id_request(id: string)
{ {
local msg = fmt("%.6f got event id_request(%s)", network_time(), id); #local msg = fmt("%.6f got event id_request(%s)", network_time(), id);
Log::write(CLUSTER, [$ts=network_time(), $msg=msg]); #Log::write(CLUSTER, [$ts=network_time(), $msg=msg]);
local val = lookup_ID(id); local val = lookup_ID(id);
event id_response(id, fmt("%s", val)); event id_response(id, fmt("%s", val));
@ -29,14 +34,14 @@ event id_request(id: string)
event id_response(id: string, val: string) event id_response(id: string, val: string)
{ {
local msg = fmt("%.6f raised event id_response(%s, %s)", network_time(), id, val); #local msg = fmt("%.6f raised event id_response(%s, %s)", network_time(), id, val);
Log::write(CLUSTER, [$ts=network_time(), $peer=peer_description, $msg=msg]); #Log::write(CLUSTER, [$ts=network_time(), $peer=peer_description, $msg=msg]);
} }
event peer_status_request() event peer_status_request()
{ {
local msg = fmt("%.6f got event peer_status_request()", network_time()); #local msg = fmt("%.6f got event peer_status_request()", network_time());
Log::write(CLUSTER, [$ts=network_time(), $peer=peer_description, $msg=msg]); #Log::write(CLUSTER, [$ts=network_time(), $peer=peer_description, $msg=msg]);
local status = ""; local status = "";
for ( p in Communication::nodes ) for ( p in Communication::nodes )
@ -54,8 +59,8 @@ event peer_status_request()
event peer_status_response(s: string) event peer_status_response(s: string)
{ {
local msg = fmt("%.6f raised event peer_status_response(%s)", network_time(), s); #local msg = fmt("%.6f raised event peer_status_response(%s)", network_time(), s);
Log::write(CLUSTER, [$ts=network_time(), $peer=peer_description, $msg=msg]); #Log::write(CLUSTER, [$ts=network_time(), $peer=peer_description, $msg=msg]);
} }
event net_stats_request() event net_stats_request()
@ -68,7 +73,7 @@ event net_stats_request()
event net_stats_response(s: string) event net_stats_response(s: string)
{ {
local msg = fmt("%.6f raised event net_stats_response(%s)", network_time(), s); #local msg = fmt("%.6f raised event net_stats_response(%s)", network_time(), s);
Log::write(CLUSTER, [$ts=network_time(), $peer=peer_description, $msg=msg]); #Log::write(CLUSTER, [$ts=network_time(), $peer=peer_description, $msg=msg]);
} }