Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Update submodules and NEWS.

Browse source
This commit is contained in:
Jon Siwek 2014-05-19 14:12:13 -05:00
parent 2738ce6292
commit b0644270c3
2 changed files with 39 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

50
NEWS
View file

@ -7,8 +7,6 @@ their own ``CHANGES``.)
Bro 2.3 Bro 2.3
======= =======
[In progress]
Dependencies Dependencies
------------ ------------
@ -31,23 +29,43 @@ New Functionality
and "file-mime" gives the MIME type string of content that matches and "file-mime" gives the MIME type string of content that matches
the magic and an optional strength value for the match. (See also the magic and an optional strength value for the match. (See also
"Changed Functionality" below for changes due to switching from "Changed Functionality" below for changes due to switching from
using libmagic to such wsignatures.) using libmagic to such signatures.)
- A new built-in function, "file_magic", can be used to get all file - A new built-in function, "file_magic", can be used to get all file
magic matches and their corresponding strength against a given chunk magic matches and their corresponding strength against a given chunk
of data. of data.
- The SSL analyzer now has support heartbeats as well as for a few - The SSL analyzer now supports heartbeats as well as a few
extensions, including server_name, alpn, and ec-curves. extensions, including server_name, alpn, and ec-curves.
- The SSL analyzer comes with Heartbleed detector script in - The SSL analyzer comes with Heartbleed detector script in
protocols/ssl/heartbleed.bro. protocols/ssl/heartbleed.bro. Note that loading this script changes
the default value of "SSL::disable_analyzer_after_detection" from true
to false to prevent encrypted heartbeats from being ignored.
- The X509 analyzer can now perform OSCP validation. - The X509 analyzer can now perform OSCP validation.
- Bro now analyzers for SNMP and Radius, which produce corresponding - Bro now has analyzers for SNMP and Radius, which produce corresponding
snmp.log and radius.log output (as well as various events of course). snmp.log and radius.log output (as well as various events of course).
- BroControl has a new option "BroPort" which allows a user to specify
the starting port number for Bro.
- BroControl has a new option "StatsLogExpireInterval" which allows a
user to specify when entries in the stats.log file expire.
- BroControl has a new option "PFRINGClusterType" which allows a user
to specify a PF_RING cluster type.
- BroControl now supports PF_RING+DNA. There is also a new option
"PFRINGFirstAppInstance" that allows a user to specify the starting
application instance number for processes running on a DNA cluster.
See the BroControl documentation for more details.
- BroControl now warns a user to run "broctl install" if Bro has
been upgraded or if the broctl or node configuration has changed
since the most recent install.
Changed Functionality Changed Functionality
--------------------- ---------------------
@ -71,16 +89,14 @@ Changed Functionality
reporting missing data. Instead, if Bro never sees any data segments reporting missing data. Instead, if Bro never sees any data segments
for analyzed TCP connections, the new for analyzed TCP connections, the new
base/misc/find-filtered-trace.bro script will log a warning in base/misc/find-filtered-trace.bro script will log a warning in
reporter.log and to stderr. reporter.log and to stderr. The old behavior can be reverted by
redef'ing "detect_filtered_trace".
The old behavior can be reverted by redef'ing
"detect_filtered_trace".
- We have removed the packet sorter component. - We have removed the packet sorter component.
- Bro no longer uses libmagic to identify file types but instead now - Bro no longer uses libmagic to identify file types but instead now
comes with its own signature library (which initially is still comes with its own signature library (which initially is still
derived from libmagic;s database). This leads to a number of further derived from libmagic's database). This leads to a number of further
changes with regards to MIME types: changes with regards to MIME types:
* The second parameter of the "identify_data" built-in function * The second parameter of the "identify_data" built-in function
@ -95,7 +111,7 @@ Changed Functionality
in Bro as magic databases are no longer used/installed. in Bro as magic databases are no longer used/installed.
* Removed "binary" and "octet-stream" mime type detections. They * Removed "binary" and "octet-stream" mime type detections. They
don' provide any more information than an uninitialized don't provide any more information than an uninitialized
mime_type field. mime_type field.
* The "fa_file" record now contains a "mime_types" field that * The "fa_file" record now contains a "mime_types" field that
@ -106,6 +122,16 @@ Changed Functionality
- dns_TXT_reply() now supports more than one string entry by receiving - dns_TXT_reply() now supports more than one string entry by receiving
a vector of strings. a vector of strings.
- BroControl now runs the "exec" and "df" broctl commands only once
per host, instead of once per Bro node. The output of these
commands has been changed slightly to include both the host and
node names.
- Several performance improvements were made. Particular emphasis
was put on the File Analysis system, which generally will now emit
far fewer file handle request events due to protocol analyzers now
caching that information internally.
Bro 2.2 Bro 2.2
======= =======

2
aux/broctl

@ -1 +1 @@
Subproject commit 73f4307742bb8841017ee1b4eb5927674bc5f792 Subproject commit 7e5cf52a9ef98c7e4d9f0225b082b518f871f728