diff --git a/doc/script-reference/log-files.rst b/doc/script-reference/log-files.rst index 3c1720afd1..3047015c47 100644 --- a/doc/script-reference/log-files.rst +++ b/doc/script-reference/log-files.rst @@ -95,8 +95,6 @@ Network Observations +----------------------------+---------------------------------------+---------------------------------+ | Log File | Description | Field Descriptions | +============================+=======================================+=================================+ -| app_stats.log | Web app usage statistics | :bro:type:`AppStats::Info` | -+----------------------------+---------------------------------------+---------------------------------+ | known_certs.log | SSL certificates | :bro:type:`Known::CertsInfo` | +----------------------------+---------------------------------------+---------------------------------+ | known_devices.log | MAC addresses of devices on the | :bro:type:`Known::DevicesInfo` | diff --git a/scripts/base/frameworks/packet-filter/netstats.bro b/scripts/base/frameworks/packet-filter/netstats.bro index f1757d8d47..14545243d2 100644 --- a/scripts/base/frameworks/packet-filter/netstats.bro +++ b/scripts/base/frameworks/packet-filter/netstats.bro @@ -11,7 +11,7 @@ export { ## Indicates packets were dropped by the packet filter. Dropped_Packets, }; - + ## This is the interval between individual statistics collection. const stats_collection_interval = 5min; } @@ -29,7 +29,7 @@ event net_stats_update(last_stat: NetStats) new_dropped, new_recvd + new_dropped, new_link != 0 ? fmt(", %d on link", new_link) : "")]); } - + schedule stats_collection_interval { net_stats_update(ns) }; } diff --git a/scripts/base/init-bare.bro b/scripts/base/init-bare.bro index 661a6a50b4..586decbad5 100644 --- a/scripts/base/init-bare.bro +++ b/scripts/base/init-bare.bro @@ -463,7 +463,7 @@ type SYN_packet: record { ## Packet capture statistics. All counts are cumulative. ## -## .. bro:see:: net_stats +## .. bro:see:: get_net_stats type NetStats: record { pkts_recvd: count &default=0; ##< Packets received by Bro. pkts_dropped: count &default=0; ##< Packets reported dropped by the system. @@ -706,7 +706,7 @@ global capture_filters: table[string] of string &redef; global restrict_filters: table[string] of string &redef; ## Enum type identifying dynamic BPF filters. These are used by -## :bro:see:`precompile_pcap_filter` and :bro:see:`precompile_pcap_filter`. +## :bro:see:`Pcap::precompile_pcap_filter` and :bro:see:`Pcap::precompile_pcap_filter`. type PcapFilterID: enum { None }; ## Deprecated. @@ -1542,7 +1542,7 @@ type l2_hdr: record { }; ## A raw packet header, consisting of L2 header and everything in -## :bro:id:`pkt_hdr`. . +## :bro:see:`pkt_hdr`. . ## ## .. bro:see:: raw_packet pkt_hdr type raw_pkt_hdr: record { @@ -3514,11 +3514,11 @@ global load_sample_freq = 20 &redef; ## be reported via :bro:see:`content_gap`. const detect_filtered_trace = F &redef; -## Whether we want :bro:see:`content_gap` and :bro:see:`get_gap_summary` for partial +## Whether we want :bro:see:`content_gap` for partial ## connections. A connection is partial if it is missing a full handshake. Note ## that gap reports for partial connections might not be reliable. ## -## .. bro:see:: content_gap get_gap_summary partial_connection +## .. bro:see:: content_gap partial_connection const report_gaps_for_partial = F &redef; ## Flag to prevent Bro from exiting automatically when input is exhausted. diff --git a/src/bro.bif b/src/bro.bif index 445b08fca6..9be8a1ecb8 100644 --- a/src/bro.bif +++ b/src/bro.bif @@ -4328,8 +4328,8 @@ function enable_raw_output%(f: file%): any ## ## Returns: True (unconditionally). ## -## .. bro:see:: precompile_pcap_filter -## install_pcap_filter +## .. bro:see:: Pcap::precompile_pcap_filter +## Pcap::install_pcap_filter ## install_src_net_filter ## uninstall_src_addr_filter ## uninstall_src_net_filter @@ -4337,7 +4337,7 @@ function enable_raw_output%(f: file%): any ## install_dst_net_filter ## uninstall_dst_addr_filter ## uninstall_dst_net_filter -## pcap_error +## Pcap::error ## ## .. todo:: The return value should be changed to any. function install_src_addr_filter%(ip: addr, tcp_flags: count, prob: double%) : bool @@ -4358,8 +4358,8 @@ function install_src_addr_filter%(ip: addr, tcp_flags: count, prob: double%) : b ## ## Returns: True (unconditionally). ## -## .. bro:see:: precompile_pcap_filter -## install_pcap_filter +## .. bro:see:: Pcap::precompile_pcap_filter +## Pcap::install_pcap_filter ## install_src_addr_filter ## uninstall_src_addr_filter ## uninstall_src_net_filter @@ -4367,7 +4367,7 @@ function install_src_addr_filter%(ip: addr, tcp_flags: count, prob: double%) : b ## install_dst_net_filter ## uninstall_dst_addr_filter ## uninstall_dst_net_filter -## pcap_error +## Pcap::error ## ## .. todo:: The return value should be changed to any. function install_src_net_filter%(snet: subnet, tcp_flags: count, prob: double%) : bool @@ -4382,8 +4382,8 @@ function install_src_net_filter%(snet: subnet, tcp_flags: count, prob: double%) ## ## Returns: True on success. ## -## .. bro:see:: precompile_pcap_filter -## install_pcap_filter +## .. bro:see:: Pcap::precompile_pcap_filter +## Pcap::install_pcap_filter ## install_src_addr_filter ## install_src_net_filter ## uninstall_src_net_filter @@ -4391,7 +4391,7 @@ function install_src_net_filter%(snet: subnet, tcp_flags: count, prob: double%) ## install_dst_net_filter ## uninstall_dst_addr_filter ## uninstall_dst_net_filter -## pcap_error +## Pcap::error function uninstall_src_addr_filter%(ip: addr%) : bool %{ return new Val(sessions->GetPacketFilter()->RemoveSrc(ip->AsAddr()), TYPE_BOOL); @@ -4403,8 +4403,8 @@ function uninstall_src_addr_filter%(ip: addr%) : bool ## ## Returns: True on success. ## -## .. bro:see:: precompile_pcap_filter -## install_pcap_filter +## .. bro:see:: Pcap::precompile_pcap_filter +## Pcap::install_pcap_filter ## install_src_addr_filter ## install_src_net_filter ## uninstall_src_addr_filter @@ -4412,7 +4412,7 @@ function uninstall_src_addr_filter%(ip: addr%) : bool ## install_dst_net_filter ## uninstall_dst_addr_filter ## uninstall_dst_net_filter -## pcap_error +## Pcap::error function uninstall_src_net_filter%(snet: subnet%) : bool %{ return new Val(sessions->GetPacketFilter()->RemoveSrc(snet), TYPE_BOOL); @@ -4433,8 +4433,8 @@ function uninstall_src_net_filter%(snet: subnet%) : bool ## ## Returns: True (unconditionally). ## -## .. bro:see:: precompile_pcap_filter -## install_pcap_filter +## .. bro:see:: Pcap::precompile_pcap_filter +## Pcap::install_pcap_filter ## install_src_addr_filter ## install_src_net_filter ## uninstall_src_addr_filter @@ -4442,7 +4442,7 @@ function uninstall_src_net_filter%(snet: subnet%) : bool ## install_dst_net_filter ## uninstall_dst_addr_filter ## uninstall_dst_net_filter -## pcap_error +## Pcap::error ## ## .. todo:: The return value should be changed to any. function install_dst_addr_filter%(ip: addr, tcp_flags: count, prob: double%) : bool @@ -4463,8 +4463,8 @@ function install_dst_addr_filter%(ip: addr, tcp_flags: count, prob: double%) : b ## ## Returns: True (unconditionally). ## -## .. bro:see:: precompile_pcap_filter -## install_pcap_filter +## .. bro:see:: Pcap::precompile_pcap_filter +## Pcap::install_pcap_filter ## install_src_addr_filter ## install_src_net_filter ## uninstall_src_addr_filter @@ -4472,7 +4472,7 @@ function install_dst_addr_filter%(ip: addr, tcp_flags: count, prob: double%) : b ## install_dst_addr_filter ## uninstall_dst_addr_filter ## uninstall_dst_net_filter -## pcap_error +## Pcap::error ## ## .. todo:: The return value should be changed to any. function install_dst_net_filter%(snet: subnet, tcp_flags: count, prob: double%) : bool @@ -4487,8 +4487,8 @@ function install_dst_net_filter%(snet: subnet, tcp_flags: count, prob: double%) ## ## Returns: True on success. ## -## .. bro:see:: precompile_pcap_filter -## install_pcap_filter +## .. bro:see:: Pcap::precompile_pcap_filter +## Pcap::install_pcap_filter ## install_src_addr_filter ## install_src_net_filter ## uninstall_src_addr_filter @@ -4496,7 +4496,7 @@ function install_dst_net_filter%(snet: subnet, tcp_flags: count, prob: double%) ## install_dst_addr_filter ## install_dst_net_filter ## uninstall_dst_net_filter -## pcap_error +## Pcap::error function uninstall_dst_addr_filter%(ip: addr%) : bool %{ return new Val(sessions->GetPacketFilter()->RemoveDst(ip->AsAddr()), TYPE_BOOL); @@ -4508,8 +4508,8 @@ function uninstall_dst_addr_filter%(ip: addr%) : bool ## ## Returns: True on success. ## -## .. bro:see:: precompile_pcap_filter -## install_pcap_filter +## .. bro:see:: Pcap::precompile_pcap_filter +## Pcap::install_pcap_filter ## install_src_addr_filter ## install_src_net_filter ## uninstall_src_addr_filter @@ -4517,7 +4517,7 @@ function uninstall_dst_addr_filter%(ip: addr%) : bool ## install_dst_addr_filter ## install_dst_net_filter ## uninstall_dst_addr_filter -## pcap_error +## Pcap::error function uninstall_dst_net_filter%(snet: subnet%) : bool %{ return new Val(sessions->GetPacketFilter()->RemoveDst(snet), TYPE_BOOL); diff --git a/src/iosource/pcap/functions.bif b/src/iosource/pcap/functions.bif index 4465510987..0ad057f2ec 100644 --- a/src/iosource/pcap/functions.bif +++ b/src/iosource/pcap/functions.bif @@ -9,7 +9,7 @@ module Pcap; ## ## Returns: True if *s* is valid and precompiles successfully. ## -## .. bro:see:: install_pcap_filter +## .. bro:see:: Pcap::install_pcap_filter ## install_src_addr_filter ## install_src_net_filter ## uninstall_src_addr_filter @@ -18,7 +18,7 @@ module Pcap; ## install_dst_net_filter ## uninstall_dst_addr_filter ## uninstall_dst_net_filter -## pcap_error +## Pcap::error function precompile_pcap_filter%(id: PcapFilterID, s: string%): bool %{ if ( id->AsEnum() >= 100 ) @@ -48,14 +48,14 @@ function precompile_pcap_filter%(id: PcapFilterID, s: string%): bool %} ## Installs a PCAP filter that has been precompiled with -## :bro:id:`precompile_pcap_filter`. +## :bro:id:`Pcap::precompile_pcap_filter`. ## ## id: The PCAP filter id of a precompiled filter. ## ## Returns: True if the filter associated with *id* has been installed ## successfully. ## -## .. bro:see:: precompile_pcap_filter +## .. bro:see:: Pcap::precompile_pcap_filter ## install_src_addr_filter ## install_src_net_filter ## uninstall_src_addr_filter @@ -64,8 +64,8 @@ function precompile_pcap_filter%(id: PcapFilterID, s: string%): bool ## install_dst_net_filter ## uninstall_dst_addr_filter ## uninstall_dst_net_filter -## pcap_error -function install_pcap_filter%(id: PcapFilterID%): bool +## Pcap::error +function Pcap::install_pcap_filter%(id: PcapFilterID%): bool %{ bool success = true; @@ -87,8 +87,8 @@ function install_pcap_filter%(id: PcapFilterID%): bool ## ## Returns: A descriptive error message of the PCAP function that failed. ## -## .. bro:see:: precompile_pcap_filter -## install_pcap_filter +## .. bro:see:: Pcap::precompile_pcap_filter +## Pcap::install_pcap_filter ## install_src_addr_filter ## install_src_net_filter ## uninstall_src_addr_filter