Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge remote-tracking branch 'origin/topic/dnthayer/doc-changes-for-2.2'

Browse source 
* origin/topic/dnthayer/doc-changes-for-2.2:
  Add gawk to list of optional packages
  Add more script package README files
  Add NEWS about new features of broctl and upgrade info
This commit is contained in:
Robin Sommer 2013-10-24 14:34:35 -07:00
commit a7cebff99d
14 changed files with 70 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

11
CHANGES
View file

@ -1,7 +1,14 @@
2.2-beta-143 | 2013-10-24 14:01:21 -0700
2.2-beta-148 | 2013-10-24 14:34:35 -0700
* Intel framework notes added to NEWS (Seth Hall)
* Add gawk to list of optional packages. (Daniel Thayer)
* Add more script package README files. (Daniel Thayer)
* Add NEWS about new features of BroControl and upgrade info.
(Daniel Thayer)
* Intel framework notes added to NEWS. (Seth Hall)
* Temporary OSX Mavericks libc++ issue workaround for getline()
problem in ASCII reader. (Bernhard Amann)

37
NEWS
View file

@ -258,6 +258,35 @@ New Functionality
To use CPU pinning, a new per-node option ``pin_cpus`` can be
specified in node.cfg if the OS is either Linux or FreeBSD.
- BroControl now returns useful exit codes. Most BroControl commands
return 0 if everything was OK, and 1 otherwise. However, there are
a few exceptions. The "status" and "top" commands return 0 if all Bro
nodes are running, and 1 if not all nodes are running. The "cron"
command always returns 0 (but it still sends email if there were any
problems). Any command provided by a plugin always returns 0.
- BroControl now has an option "env_vars" to set Bro environment variables.
The value of this option is a comma-separated list of environment variable
assignments (e.g., "VAR1=value, VAR2=another"). The "env_vars" option
can apply to all Bro nodes (by setting it in broctl.cfg), or can be
node-specific (by setting it in node.cfg). Environment variables in
node.cfg have priority over any specified in broctl.cfg.
- BroControl now supports load balancing with PF_RING while sniffing
multiple interfaces. Rather than assigning the same PF_RING cluster ID
to all workers on a host, cluster ID assignment is now based on which
interface a worker is sniffing (i.e., all workers on a host that sniff
the same interface will share a cluster ID). This is handled by
BroControl automatically.
- BroControl has several new options: MailConnectionSummary (for
disabling the sending of connection summary report emails),
MailAlarmsInterval (for specifying a different interval to send alarm
summary emails), CompressCmd (if archived log files will be compressed,
this specifies the command that will be used to compress them),
CompressExtension (if archived log files will be compressed, this
specifies the file extension to use).
- BroControl comes with its own test-suite now. ``make test`` in
``aux/broctl`` will run it.
@ -384,6 +413,14 @@ Changed Functionality
- We removed the BitTorrent DPD signatures pending further updates to
that analyzer.
- In previous versions of BroControl, running "broctl cron" would create
a file ``$prefix/logs/stats/www`` (where "$prefix" indicates the
installation prefix of Bro). Now, it is created as a directory.
Therefore, if you perform an upgrade install and you're using BroControl,
then you may see an email (generated by "broctl cron") containing an
error message: "error running update-stats". To fix this problem,
either remove that file (it is not needed) or rename it.
Bro 2.1
=======

2
VERSION
View file

@ -1 +1 @@
2.2-beta-143
2.2-beta-148

1
doc/install/install.rst
View file

@ -97,6 +97,7 @@ build time:
* LibGeoIP (for geo-locating IP addresses)
* sendmail (enables Bro and BroControl to send mail)
* gawk (enables all features of bro-cut)
* gperftools (tcmalloc is used to improve memory and CPU usage)
* ipsumdump (for trace-summary; http://www.cs.ucla.edu/~kohler/ipsumdump)
* Ruby executable, library, and headers (for Broccoli Ruby bindings)

1
scripts/base/files/extract/README Normal file
View file

@ -0,0 +1 @@
Support for extracing files with the file analysis framework.

1
scripts/base/files/hash/README Normal file
View file

@ -0,0 +1 @@
Support for file hashes with the file analysis framework.

1
scripts/base/files/unified2/README Normal file
View file

@ -0,0 +1 @@
Support for Unified2 files in the file analysis framework.

1
scripts/base/frameworks/logging/postprocessors/README Normal file
View file

@ -0,0 +1 @@
Support for postprocessors in the logging framework.

2
scripts/base/frameworks/reporter/README Normal file
View file

@ -0,0 +1,2 @@
This framework is intended to create an output and filtering path for
internally generated messages/warnings/errors.

4
scripts/base/frameworks/signatures/README Normal file
View file

@ -0,0 +1,4 @@
The signature framework provides for doing low-level pattern matching. While
signatures are not Bro's preferred detection tool, they sometimes come in
handy and are closer to what many people are familiar with from using
other NIDS.

1
scripts/base/frameworks/sumstats/plugins/README Normal file
View file

@ -0,0 +1 @@
Plugins for the summary statistics framework.

1
scripts/policy/frameworks/intel/seen/README Normal file
View file

@ -0,0 +1 @@
Scripts that send data to the intelligence framework.

1
scripts/policy/misc/app-stats/plugins/README Normal file
View file

@ -0,0 +1 @@
Plugins for AppStats.

1
scripts/policy/tuning/README Normal file
View file

@ -0,0 +1 @@
Miscellaneous tuning parameters.