Merge remote-tracking branch 'origin/topic/dnthayer/doc-changes-for-2.2'

* origin/topic/dnthayer/doc-changes-for-2.2:
  Add gawk to list of optional packages
  Add more script package README files
  Add NEWS about new features of broctl and upgrade info

CHANGES

@@ -1,8 +1,15 @@
 
-2.2-beta-143 | 2013-10-24 14:01:21 -0700
+2.2-beta-148 | 2013-10-24 14:34:35 -0700
 
-  * Intel framework notes added to NEWS (Seth Hall)
+  * Add gawk to list of optional packages. (Daniel Thayer)
 
+  * Add more script package README files. (Daniel Thayer)
+
+  * Add NEWS about new features of BroControl and upgrade info.
+    (Daniel Thayer)
+
+  * Intel framework notes added to NEWS. (Seth Hall)
+    
   * Temporary OSX Mavericks libc++ issue workaround for getline()
     problem in ASCII reader. (Bernhard Amann)
 

NEWS

@@ -15,22 +15,22 @@ New Functionality
   for feeding data into the framework to be matched against the
   data available. It also provides a function named ``Intel::match``
   which makes any hits on intelligence data available to the
-  scripting language. 
+  scripting language.
 
   Using input framework, the intel framework can load data from
   text files. It can also update and add data if changes are
-  made to the file being monitored. Files to monitor for 
+  made to the file being monitored. Files to monitor for
-  intelligence can be provided by redef-ing the 
+  intelligence can be provided by redef-ing the
   ``Intel::read_files`` variable.
 
-  The intel framework is cluster-ready. On a cluster, the 
+  The intel framework is cluster-ready. On a cluster, the
   manager is the only node that needs to load in data from disk,
   the cluster support will distribute the data across a cluster
   automatically.
 
-  Scripts are provided at ``policy/frameworks/intel/seen`` that 
+  Scripts are provided at ``policy/frameworks/intel/seen`` that
   provide a broad set of sources of data to feed into the intel
-  framwork to be matched. 
+  framwork to be matched.
 
 - A new file analysis framework moves most of the processing of file
   content from script-land into the core, where it belongs. See
@@ -75,7 +75,7 @@ New Functionality
   information from many independent monitoring points (including
   clusters). It provides a transparent, easy-to-use user interface,
   and can optionally deploy a set of probabilistic data structures for
-  memory-efficient operation. The framework is located in 
+  memory-efficient operation. The framework is located in
   ``scripts/base/frameworks/sumstats``.
 
   A number of new applications now ship with Bro that are built on top
@@ -86,7 +86,7 @@ New Functionality
       Bro versions <2.0; it's now back, but quite different).
 
     * Tracerouter detector: ``policy/misc/detect-traceroute.bro``
-      
+
     * Web application detection/measurement:
       ``policy/misc/app-stats/*``
 
@@ -258,6 +258,35 @@ New Functionality
   To use CPU pinning, a new per-node option ``pin_cpus`` can be
   specified in node.cfg if the OS is either Linux or FreeBSD.
 
+- BroControl now returns useful exit codes.  Most BroControl commands
+  return 0 if everything was OK, and 1 otherwise.  However, there are
+  a few exceptions.  The "status" and "top" commands return 0 if all Bro
+  nodes are running, and 1 if not all nodes are running.  The "cron"
+  command always returns 0 (but it still sends email if there were any
+  problems).  Any command provided by a plugin always returns 0.
+
+- BroControl now has an option "env_vars" to set Bro environment variables.
+  The value of this option is a comma-separated list of environment variable
+  assignments (e.g., "VAR1=value, VAR2=another").  The "env_vars" option
+  can apply to all Bro nodes (by setting it in broctl.cfg), or can be
+  node-specific (by setting it in node.cfg).  Environment variables in
+  node.cfg have priority over any specified in broctl.cfg.
+
+- BroControl now supports load balancing with PF_RING while sniffing
+  multiple interfaces.  Rather than assigning the same PF_RING cluster ID
+  to all workers on a host, cluster ID assignment is now based on which
+  interface a worker is sniffing (i.e., all workers on a host that sniff
+  the same interface will share a cluster ID).  This is handled by
+  BroControl automatically.
+
+- BroControl has several new options:  MailConnectionSummary (for
+  disabling the sending of connection summary report emails),
+  MailAlarmsInterval (for specifying a different interval to send alarm
+  summary emails), CompressCmd (if archived log files will be compressed,
+  this specifies the command that will be used to compress them),
+  CompressExtension (if archived log files will be compressed, this
+  specifies the file extension to use).
+
 - BroControl comes with its own test-suite now. ``make test`` in
   ``aux/broctl`` will run it.
 
@@ -384,6 +413,14 @@ Changed Functionality
 - We removed the BitTorrent DPD signatures pending further updates to
   that analyzer.
 
+- In previous versions of BroControl, running "broctl cron" would create
+  a file ``$prefix/logs/stats/www`` (where "$prefix" indicates the
+  installation prefix of Bro).  Now, it is created as a directory.
+  Therefore, if you perform an upgrade install and you're using BroControl,
+  then you may see an email (generated by "broctl cron") containing an
+  error message:  "error running update-stats".  To fix this problem,
+  either remove that file (it is not needed) or rename it.
+
 
 Bro 2.1
 =======

VERSION

@@ -1 +1 @@
-2.2-beta-143
+2.2-beta-148

doc/install/install.rst

@@ -97,6 +97,7 @@ build time:
 
     * LibGeoIP (for geo-locating IP addresses)
     * sendmail (enables Bro and BroControl to send mail)
+    * gawk (enables all features of bro-cut)
     * gperftools (tcmalloc is used to improve memory and CPU usage)
     * ipsumdump (for trace-summary; http://www.cs.ucla.edu/~kohler/ipsumdump)
     * Ruby executable, library, and headers (for Broccoli Ruby bindings)

scripts/base/files/extract/README

@@ -0,0 +1 @@
+Support for extracing files with the file analysis framework.

scripts/base/files/hash/README

@@ -0,0 +1 @@
+Support for file hashes with the file analysis framework.

scripts/base/files/unified2/README

@@ -0,0 +1 @@
+Support for Unified2 files in the file analysis framework.

scripts/base/frameworks/logging/postprocessors/README

@@ -0,0 +1 @@
+Support for postprocessors in the logging framework.

scripts/base/frameworks/reporter/README

@@ -0,0 +1,2 @@
+This framework is intended to create an output and filtering path for
+internally generated messages/warnings/errors.

scripts/base/frameworks/signatures/README

@@ -0,0 +1,4 @@
+The signature framework provides for doing low-level pattern matching.  While
+signatures are not Bro's preferred detection tool, they sometimes come in
+handy and are closer to what many people are familiar with from using
+other NIDS.

scripts/base/frameworks/sumstats/plugins/README

@@ -0,0 +1 @@
+Plugins for the summary statistics framework.

scripts/policy/frameworks/intel/seen/README

@@ -0,0 +1 @@
+Scripts that send data to the intelligence framework.

scripts/policy/misc/app-stats/plugins/README

@@ -0,0 +1 @@
+Plugins for AppStats.

scripts/policy/tuning/README

@@ -0,0 +1 @@
+Miscellaneous tuning parameters.