diff --git a/CHANGES b/CHANGES index c181fd6c1b..94d463b8ba 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,70 @@ +1.6-dev-1293 | 2011-09-22 19:44:37 -0700 + + * Smaller script tweaks. (Seth Hall) + + * Duplicate notice suppression. (Seth Hall) + + - Duplicate notices are discovered with the new Notice::Info + field $identifier. It's a string that is left up to the + notice implementor to define which would indicate a + fundamentally duplicate notice. The field is optional and + if it's not included it's not possible for notice + suppression to take place. + + - Duplicate notices are suppressed by default for the interval + defined by the Notice::default_suppression_interval variable + (1 hour by default). + + - A new notice action was defined ACTION_NO_SUPPRESS to prevent + suppression for a specific notice instance. A convenience set + named not_suppressed_types was also created to not suppress + entire notice types. + + - A new field was added to the PolicyItem type to modify the length + of time a notice should be suppressed if the predicate matches. + The field is named $suppress_for. This name makes the code more + readable like this: $suppress_for = 1day + + - New events were created to give visibility into the notice + framework's suppression activity. + - event Notice::begin_suppression(n: Notice::Info) + - event Notice::suppressed(n: Notice::Info) + - event Notice::end_suppression(n: Notice::Info) + + - The suppression.bro script doesn't have a baseline because + it is causing a segfault in Bro. This one test is the + reason that this is being integrated into a branch instead + of master. (Seth Hall) + + * Fix crash on exit. Addresses #607. (Jon Siwek) + + * Fix PktSrc setting next_timestamp even when no packet available. + (Jon Siwek) + + * Fix lack of NUL-termination in to_upper/to_lower BIF's return val. + (Jon Siwek) + + * Fixing unit tests and some minor bugs. (Jon Siwek) + + * Fix broctl cluster log rotation. Addresses #619. (Jon Siwek) + + * Added session ID to the SSL logging. (Seth Hall) + + * Adding "install-aux" target + updating bro-aux submodule. (Jon + Siwek) + + * Cleaning up INSTALL and README. (Jon Siwek) + + * Remove $Id$ tags. (Jon Siwek) + + * Remove policy.old directory. Addresses #511. (Jon Siwek) + + * Small rework with ssl base script to reduce memory usage. (Seth + Hall) + + * Updated the mozilla root certs. (Seth Hall) + 1.6-dev-1261 | 2011-09-15 17:13:55 -0700 * Memory leak fixes. Addresses #574 (Jon Siwek) diff --git a/VERSION b/VERSION index e4031dc7bc..1744f42e8a 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.6-dev-1261 +1.6-dev-1293 diff --git a/testing/btest/Baseline/scripts.base.frameworks.metrics.cluster-intermediate-update/manager-1.notice.log b/testing/btest/Baseline/scripts.base.frameworks.metrics.cluster-intermediate-update/manager-1.notice.log index e14a0922a3..7596086a78 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.metrics.cluster-intermediate-update/manager-1.notice.log +++ b/testing/btest/Baseline/scripts.base.frameworks.metrics.cluster-intermediate-update/manager-1.notice.log @@ -1,5 +1,5 @@ #separator \x09 #path notice -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p note msg sub src dst p n peer_descr actions policy_items dropped remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude metric_index.host metric_index.str metric_index.network -#types time string addr port addr port enum string string addr addr port count string table table bool string string string double double addr string subnet -1315167088.906913 - - - - - Test_Notice Threshold crossed by metric_index(host=1.2.3.4) 100/100 - 1.2.3.4 - - 100 manager-1 Notice::ACTION_LOG 4 - - - - - - 1.2.3.4 - - +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p note msg sub src dst p n peer_descr actions policy_items suppress_for dropped remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude metric_index.host metric_index.str metric_index.network +#types time string addr port addr port enum string string addr addr port count string table table interval bool string string string double double addr string subnet +1316745737.870305 - - - - - Test_Notice Threshold crossed by metric_index(host=1.2.3.4) 100/100 - 1.2.3.4 - - 100 manager-1 Notice::ACTION_LOG 5 3600.000000 - - - - - - 1.2.3.4 - - diff --git a/testing/btest/Baseline/scripts.policy.misc.default-loaded-scripts/canonified_loaded_scripts.log b/testing/btest/Baseline/scripts.policy.misc.default-loaded-scripts/canonified_loaded_scripts.log index be9aa3d62d..a1e04c75ad 100644 --- a/testing/btest/Baseline/scripts.policy.misc.default-loaded-scripts/canonified_loaded_scripts.log +++ b/testing/btest/Baseline/scripts.policy.misc.default-loaded-scripts/canonified_loaded_scripts.log @@ -32,6 +32,10 @@ 2 scripts/base/frameworks/notice/./actions/page.bro 2 scripts/base/frameworks/notice/./actions/add-geodata.bro 2 scripts/base/frameworks/notice/./extend-email/hostnames.bro +2 scripts/base/frameworks/cluster/__load__.bro +3 scripts/base/frameworks/cluster/./main.bro +4 scripts/base/frameworks/control/__load__.bro +5 scripts/base/frameworks/control/./main.bro 1 scripts/base/frameworks/dpd/__load__.bro 2 scripts/base/frameworks/dpd/./main.bro 1 scripts/base/frameworks/signatures/__load__.bro @@ -43,10 +47,6 @@ 2 scripts/base/frameworks/software/./main.bro 1 scripts/base/frameworks/communication/__load__.bro 2 scripts/base/frameworks/communication/./main.bro -1 scripts/base/frameworks/control/__load__.bro -2 scripts/base/frameworks/control/./main.bro -1 scripts/base/frameworks/cluster/__load__.bro -2 scripts/base/frameworks/cluster/./main.bro 1 scripts/base/frameworks/metrics/__load__.bro 2 scripts/base/frameworks/metrics/./main.bro 2 scripts/base/frameworks/metrics/./non-cluster.bro