diff --git a/CHANGES b/CHANGES
index f96eacf9d3..3ef88e415a 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,12 @@
+2.6-376 | 2019-06-05 13:29:57 -0700
+
+ * GH-379: move catch-and-release and unified2 scripts to policy/ (Jon Siwek, Corelight)
+
+ These are no longer loaded by default due to the performance impact they
+ cause simply by being loaded (they have event handlers for commonly
+ generated events) and they aren't generally useful enough to justify it.
+
2.6-375 | 2019-06-04 19:28:06 -0700
* Simplify threading::Value destructor (Jon Siwek, Corelight)
diff --git a/NEWS b/NEWS
index 4de34ba8e8..72752817eb 100644
--- a/NEWS
+++ b/NEWS
@@ -216,6 +216,27 @@ Changed Functionality
in scripts has also been updated to replace Sphinx cross-referencing roles
and directives like ":bro:see:" with ":zeek:zee:".
+- The catch-and-release and unified2 scripts are no longer loaded by
+ default. Because there was a performance impact simply from loading
+ them and it's unlikely a majority of user make use of their features,
+ they've been moved from the scripts/base/ directory into
+ scripts/policy/ and must be manually loaded to use their
+ functionality. The "drop" action for the notice framework is likewise
+ moved since it was implemented via catch-and-release. As a result,
+ the default notice.log no longer contains a "dropped" field.
+
+ If you previously used the catch-and-release functionality add this:
+
+ @load policy/frameworks/netcontrol/catch-and-release
+
+ If you previously used Notice::ACTION_DROP add:
+
+ @load policy/frameworks/notice/actions/drop
+
+ If you previously used the Unified2 file analysis support add:
+
+ @load policy/files/unified2
+
Removed Functionality
---------------------
diff --git a/VERSION b/VERSION
index bea240e646..8e8d4265a7 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-2.6-375
+2.6-376
diff --git a/doc b/doc
index c5d754ca08..09d21c86c3 160000
--- a/doc
+++ b/doc
@@ -1 +1 @@
-Subproject commit c5d754ca08384f3b024d6083551e2773b86a2d30
+Subproject commit 09d21c86c3f68b1fde426fe93d0b044ca839b968
diff --git a/scripts/base/frameworks/netcontrol/__load__.zeek b/scripts/base/frameworks/netcontrol/__load__.zeek
index a8e391f7c8..c18ad6a026 100644
--- a/scripts/base/frameworks/netcontrol/__load__.zeek
+++ b/scripts/base/frameworks/netcontrol/__load__.zeek
@@ -3,7 +3,6 @@
@load ./plugins
@load ./drop
@load ./shunt
-@load ./catch-and-release
# The cluster framework must be loaded first.
@load base/frameworks/cluster
diff --git a/scripts/base/frameworks/netcontrol/drop.zeek b/scripts/base/frameworks/netcontrol/drop.zeek
index 452dda27ee..d5feb8d83a 100644
--- a/scripts/base/frameworks/netcontrol/drop.zeek
+++ b/scripts/base/frameworks/netcontrol/drop.zeek
@@ -1,9 +1,9 @@
##! Implementation of the drop functionality for NetControl.
-module NetControl;
-
@load ./main
+module NetControl;
+
export {
redef enum Log::ID += { DROP };
diff --git a/scripts/base/frameworks/netcontrol/main.zeek b/scripts/base/frameworks/netcontrol/main.zeek
index 8de0209d6d..dae23072d6 100644
--- a/scripts/base/frameworks/netcontrol/main.zeek
+++ b/scripts/base/frameworks/netcontrol/main.zeek
@@ -10,11 +10,11 @@
##! provides convenience functions for a set of common operations. The
##! low-level API provides full flexibility.
-module NetControl;
-
@load ./plugin
@load ./types
+module NetControl;
+
export {
## The framework's logging stream identifier.
redef enum Log::ID += { LOG };
diff --git a/scripts/base/frameworks/netcontrol/non-cluster.zeek b/scripts/base/frameworks/netcontrol/non-cluster.zeek
index ff300f2492..e1363fd883 100644
--- a/scripts/base/frameworks/netcontrol/non-cluster.zeek
+++ b/scripts/base/frameworks/netcontrol/non-cluster.zeek
@@ -1,7 +1,8 @@
-module NetControl;
@load ./main
+module NetControl;
+
function activate(p: PluginState, priority: int)
{
activate_impl(p, priority);
diff --git a/scripts/base/frameworks/netcontrol/plugin.zeek b/scripts/base/frameworks/netcontrol/plugin.zeek
index ac94b265b3..36d5a76173 100644
--- a/scripts/base/frameworks/netcontrol/plugin.zeek
+++ b/scripts/base/frameworks/netcontrol/plugin.zeek
@@ -1,9 +1,9 @@
##! This file defines the plugin interface for NetControl.
-module NetControl;
-
@load ./types
+module NetControl;
+
export {
## This record keeps the per instance state of a plugin.
##
diff --git a/scripts/base/frameworks/netcontrol/plugins/acld.zeek b/scripts/base/frameworks/netcontrol/plugins/acld.zeek
index 99a9166ce9..b985fefc51 100644
--- a/scripts/base/frameworks/netcontrol/plugins/acld.zeek
+++ b/scripts/base/frameworks/netcontrol/plugins/acld.zeek
@@ -1,11 +1,11 @@
##! Acld plugin for the netcontrol framework.
-module NetControl;
-
@load ../main
@load ../plugin
@load base/frameworks/broker
+module NetControl;
+
export {
type AclRule : record {
command: string;
diff --git a/scripts/base/frameworks/netcontrol/plugins/broker.zeek b/scripts/base/frameworks/netcontrol/plugins/broker.zeek
index 599613d06d..92384cc183 100644
--- a/scripts/base/frameworks/netcontrol/plugins/broker.zeek
+++ b/scripts/base/frameworks/netcontrol/plugins/broker.zeek
@@ -2,12 +2,12 @@
##! used in NetControl on to Broker to allow for easy handling, e.g., of
##! command-line scripts.
-module NetControl;
-
@load ../main
@load ../plugin
@load base/frameworks/broker
+module NetControl;
+
export {
## This record specifies the configuration that is passed to :zeek:see:`NetControl::create_broker`.
type BrokerConfig: record {
diff --git a/scripts/base/frameworks/netcontrol/plugins/packetfilter.zeek b/scripts/base/frameworks/netcontrol/plugins/packetfilter.zeek
index 1fdb2ced73..3648ed3955 100644
--- a/scripts/base/frameworks/netcontrol/plugins/packetfilter.zeek
+++ b/scripts/base/frameworks/netcontrol/plugins/packetfilter.zeek
@@ -3,10 +3,10 @@
##! and can only add/remove filters for addresses, this is quite
##! limited in scope at the moment.
-module NetControl;
-
@load ../plugin
+module NetControl;
+
export {
## Instantiates the packetfilter plugin.
global create_packetfilter: function() : PluginState;
diff --git a/scripts/base/frameworks/notice/__load__.zeek b/scripts/base/frameworks/notice/__load__.zeek
index 54e704c744..4a272574d3 100644
--- a/scripts/base/frameworks/notice/__load__.zeek
+++ b/scripts/base/frameworks/notice/__load__.zeek
@@ -3,7 +3,6 @@
# There should be no overhead imposed by loading notice actions so we
# load them all.
-@load ./actions/drop
@load ./actions/email_admin
@load ./actions/page
@load ./actions/add-geodata
diff --git a/scripts/base/init-default.zeek b/scripts/base/init-default.zeek
index d8115895dc..ac69a28a5b 100644
--- a/scripts/base/init-default.zeek
+++ b/scripts/base/init-default.zeek
@@ -74,7 +74,6 @@
@load base/files/pe
@load base/files/hash
@load base/files/extract
-@load base/files/unified2
@load base/files/x509
@load base/misc/find-checksum-offloading
diff --git a/scripts/base/files/unified2/README b/scripts/policy/files/unified2/README
similarity index 100%
rename from scripts/base/files/unified2/README
rename to scripts/policy/files/unified2/README
diff --git a/scripts/base/files/unified2/__load__.zeek b/scripts/policy/files/unified2/__load__.zeek
similarity index 100%
rename from scripts/base/files/unified2/__load__.zeek
rename to scripts/policy/files/unified2/__load__.zeek
diff --git a/scripts/base/files/unified2/main.zeek b/scripts/policy/files/unified2/main.zeek
similarity index 100%
rename from scripts/base/files/unified2/main.zeek
rename to scripts/policy/files/unified2/main.zeek
diff --git a/scripts/base/frameworks/netcontrol/catch-and-release.zeek b/scripts/policy/frameworks/netcontrol/catch-and-release.zeek
similarity index 99%
rename from scripts/base/frameworks/netcontrol/catch-and-release.zeek
rename to scripts/policy/frameworks/netcontrol/catch-and-release.zeek
index 1a8ba88574..b11170929f 100644
--- a/scripts/base/frameworks/netcontrol/catch-and-release.zeek
+++ b/scripts/policy/frameworks/netcontrol/catch-and-release.zeek
@@ -1,10 +1,9 @@
##! Implementation of catch-and-release functionality for NetControl.
-module NetControl;
-
+@load base/frameworks/netcontrol
@load base/frameworks/cluster
-@load ./main
-@load ./drop
+
+module NetControl;
export {
diff --git a/scripts/base/frameworks/notice/actions/drop.zeek b/scripts/policy/frameworks/notice/actions/drop.zeek
similarity index 91%
rename from scripts/base/frameworks/notice/actions/drop.zeek
rename to scripts/policy/frameworks/notice/actions/drop.zeek
index 024c3b5b92..03862bac08 100644
--- a/scripts/base/frameworks/notice/actions/drop.zeek
+++ b/scripts/policy/frameworks/notice/actions/drop.zeek
@@ -1,8 +1,9 @@
##! This script extends the built in notice code to implement the IP address
##! dropping functionality.
-@load ../main
+@load base/frameworks/notice/main
@load base/frameworks/netcontrol
+@load policy/frameworks/netcontrol/catch-and-release
module Notice;
diff --git a/scripts/test-all-policy.zeek b/scripts/test-all-policy.zeek
index a6e5987664..1741d42a18 100644
--- a/scripts/test-all-policy.zeek
+++ b/scripts/test-all-policy.zeek
@@ -31,12 +31,16 @@
@load frameworks/intel/seen/ssl.zeek
@load frameworks/intel/seen/where-locations.zeek
@load frameworks/intel/seen/x509.zeek
+@load frameworks/netcontrol/catch-and-release.zeek
@load frameworks/files/detect-MHR.zeek
@load frameworks/files/entropy-test-all-files.zeek
#@load frameworks/files/extract-all-files.zeek
@load frameworks/files/hash-all-files.zeek
@load frameworks/notice/__load__.zeek
+@load frameworks/notice/actions/drop.zeek
@load frameworks/notice/extend-email/hostnames.zeek
+@load files/unified2/__load__.zeek
+@load files/unified2/main.zeek
@load files/x509/log-ocsp.zeek
@load frameworks/packet-filter/shunt.zeek
@load frameworks/software/version-changes.zeek
diff --git a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
index 4c33718ad2..3eec8e27cc 100644
--- a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
+++ b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
@@ -3,7 +3,7 @@
#empty_field (empty)
#unset_field -
#path loaded_scripts
-#open 2019-04-16-17-02-20
+#open 2019-06-05-18-41-18
#fields name
#types string
scripts/base/init-bare.zeek
@@ -206,31 +206,6 @@ scripts/base/init-default.zeek
scripts/base/frameworks/control/main.zeek
scripts/base/frameworks/cluster/pools.zeek
scripts/base/frameworks/notice/weird.zeek
- scripts/base/frameworks/notice/actions/drop.zeek
- scripts/base/frameworks/netcontrol/__load__.zeek
- scripts/base/frameworks/netcontrol/types.zeek
- scripts/base/frameworks/netcontrol/main.zeek
- scripts/base/frameworks/netcontrol/plugin.zeek
- scripts/base/frameworks/netcontrol/plugins/__load__.zeek
- scripts/base/frameworks/netcontrol/plugins/debug.zeek
- scripts/base/frameworks/netcontrol/plugins/openflow.zeek
- scripts/base/frameworks/openflow/__load__.zeek
- scripts/base/frameworks/openflow/consts.zeek
- scripts/base/frameworks/openflow/types.zeek
- scripts/base/frameworks/openflow/main.zeek
- scripts/base/frameworks/openflow/plugins/__load__.zeek
- scripts/base/frameworks/openflow/plugins/ryu.zeek
- scripts/base/utils/json.zeek
- scripts/base/frameworks/openflow/plugins/log.zeek
- scripts/base/frameworks/openflow/plugins/broker.zeek
- scripts/base/frameworks/openflow/non-cluster.zeek
- scripts/base/frameworks/netcontrol/plugins/packetfilter.zeek
- scripts/base/frameworks/netcontrol/plugins/broker.zeek
- scripts/base/frameworks/netcontrol/plugins/acld.zeek
- scripts/base/frameworks/netcontrol/drop.zeek
- scripts/base/frameworks/netcontrol/shunt.zeek
- scripts/base/frameworks/netcontrol/catch-and-release.zeek
- scripts/base/frameworks/netcontrol/non-cluster.zeek
scripts/base/frameworks/notice/actions/email_admin.zeek
scripts/base/frameworks/notice/actions/page.zeek
scripts/base/frameworks/notice/actions/add-geodata.zeek
@@ -269,6 +244,29 @@ scripts/base/init-default.zeek
scripts/base/frameworks/sumstats/non-cluster.zeek
scripts/base/frameworks/tunnels/__load__.zeek
scripts/base/frameworks/tunnels/main.zeek
+ scripts/base/frameworks/openflow/__load__.zeek
+ scripts/base/frameworks/openflow/consts.zeek
+ scripts/base/frameworks/openflow/types.zeek
+ scripts/base/frameworks/openflow/main.zeek
+ scripts/base/frameworks/openflow/plugins/__load__.zeek
+ scripts/base/frameworks/openflow/plugins/ryu.zeek
+ scripts/base/utils/json.zeek
+ scripts/base/frameworks/openflow/plugins/log.zeek
+ scripts/base/frameworks/openflow/plugins/broker.zeek
+ scripts/base/frameworks/openflow/non-cluster.zeek
+ scripts/base/frameworks/netcontrol/__load__.zeek
+ scripts/base/frameworks/netcontrol/types.zeek
+ scripts/base/frameworks/netcontrol/main.zeek
+ scripts/base/frameworks/netcontrol/plugin.zeek
+ scripts/base/frameworks/netcontrol/plugins/__load__.zeek
+ scripts/base/frameworks/netcontrol/plugins/debug.zeek
+ scripts/base/frameworks/netcontrol/plugins/openflow.zeek
+ scripts/base/frameworks/netcontrol/plugins/packetfilter.zeek
+ scripts/base/frameworks/netcontrol/plugins/broker.zeek
+ scripts/base/frameworks/netcontrol/plugins/acld.zeek
+ scripts/base/frameworks/netcontrol/drop.zeek
+ scripts/base/frameworks/netcontrol/shunt.zeek
+ scripts/base/frameworks/netcontrol/non-cluster.zeek
scripts/base/protocols/conn/__load__.zeek
scripts/base/protocols/conn/main.zeek
scripts/base/protocols/conn/contents.zeek
@@ -368,10 +366,8 @@ scripts/base/init-default.zeek
scripts/base/files/pe/main.zeek
scripts/base/files/extract/__load__.zeek
scripts/base/files/extract/main.zeek
- scripts/base/files/unified2/__load__.zeek
- scripts/base/files/unified2/main.zeek
scripts/base/misc/find-checksum-offloading.zeek
scripts/base/misc/find-filtered-trace.zeek
scripts/base/misc/version.zeek
scripts/policy/misc/loaded-scripts.zeek
-#close 2019-04-16-17-02-20
+#close 2019-06-05-18-41-19
diff --git a/testing/btest/Baseline/language.expire_subnet/output b/testing/btest/Baseline/language.expire_subnet/output
index dee030eb0c..76fb3cd8d3 100644
--- a/testing/btest/Baseline/language.expire_subnet/output
+++ b/testing/btest/Baseline/language.expire_subnet/output
@@ -15,11 +15,11 @@ Accessed table nums: two; three
Accessed table nets: two; zero, three
Time: 7.0 secs 518.0 msecs 828.0 usecs
-Expired Subnet: 192.168.4.0/24 --> four at 8.0 secs 835.0 msecs 30.0 usecs
-Expired Subnet: 192.168.1.0/24 --> one at 8.0 secs 835.0 msecs 30.0 usecs
Expired Num: 4 --> four at 8.0 secs 835.0 msecs 30.0 usecs
Expired Num: 1 --> one at 8.0 secs 835.0 msecs 30.0 usecs
Expired Num: 0 --> zero at 8.0 secs 835.0 msecs 30.0 usecs
+Expired Subnet: 192.168.4.0/24 --> four at 8.0 secs 835.0 msecs 30.0 usecs
+Expired Subnet: 192.168.1.0/24 --> one at 8.0 secs 835.0 msecs 30.0 usecs
Expired Subnet: 192.168.0.0/16 --> zero at 15.0 secs 150.0 msecs 681.0 usecs
Expired Subnet: 192.168.3.0/24 --> three at 15.0 secs 150.0 msecs 681.0 usecs
Expired Subnet: 192.168.2.0/24 --> two at 15.0 secs 150.0 msecs 681.0 usecs
diff --git a/testing/btest/Baseline/plugins.hooks/output b/testing/btest/Baseline/plugins.hooks/output
index 950b898ab1..cc8431a129 100644
--- a/testing/btest/Baseline/plugins.hooks/output
+++ b/testing/btest/Baseline/plugins.hooks/output
@@ -202,7 +202,6 @@
0.000000 MetaHookPost CallFunction(Log::__add_filter, , (KRB::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=kerberos, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=, config={}])) ->
0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Modbus::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=modbus, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=, config={}])) ->
0.000000 MetaHookPost CallFunction(Log::__add_filter, , (NTLM::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=ntlm, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=, config={}])) ->
-0.000000 MetaHookPost CallFunction(Log::__add_filter, , (NetControl::CATCH_RELEASE, [name=default, writer=Log::WRITER_ASCII, pred=, path=netcontrol_catch_release, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=, config={}])) ->
0.000000 MetaHookPost CallFunction(Log::__add_filter, , (NetControl::DROP, [name=default, writer=Log::WRITER_ASCII, pred=, path=netcontrol_drop, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=, config={}])) ->
0.000000 MetaHookPost CallFunction(Log::__add_filter, , (NetControl::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=netcontrol, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=, config={}])) ->
0.000000 MetaHookPost CallFunction(Log::__add_filter, , (NetControl::SHUNT, [name=default, writer=Log::WRITER_ASCII, pred=, path=netcontrol_shunt, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=, config={}])) ->
@@ -227,7 +226,6 @@
0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Software::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=software, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=, config={}])) ->
0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Syslog::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=syslog, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=, config={}])) ->
0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Tunnel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=tunnel, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=, config={}])) ->
-0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Unified2::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=unified2, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=, config={}])) ->
0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Weird::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=weird, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=, config={}])) ->
0.000000 MetaHookPost CallFunction(Log::__add_filter, , (X509::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=x509, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=, config={}])) ->
0.000000 MetaHookPost CallFunction(Log::__add_filter, , (mysql::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=mysql, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=, config={}])) ->
@@ -248,7 +246,6 @@
0.000000 MetaHookPost CallFunction(Log::__create_stream, , (KRB::LOG, [columns=KRB::Info, ev=KRB::log_krb, path=kerberos])) ->
0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Modbus::LOG, [columns=Modbus::Info, ev=Modbus::log_modbus, path=modbus])) ->
0.000000 MetaHookPost CallFunction(Log::__create_stream, , (NTLM::LOG, [columns=NTLM::Info, ev=, path=ntlm])) ->
-0.000000 MetaHookPost CallFunction(Log::__create_stream, , (NetControl::CATCH_RELEASE, [columns=NetControl::CatchReleaseInfo, ev=NetControl::log_netcontrol_catch_release, path=netcontrol_catch_release])) ->
0.000000 MetaHookPost CallFunction(Log::__create_stream, , (NetControl::DROP, [columns=NetControl::DropInfo, ev=NetControl::log_netcontrol_drop, path=netcontrol_drop])) ->
0.000000 MetaHookPost CallFunction(Log::__create_stream, , (NetControl::LOG, [columns=NetControl::Info, ev=NetControl::log_netcontrol, path=netcontrol])) ->
0.000000 MetaHookPost CallFunction(Log::__create_stream, , (NetControl::SHUNT, [columns=NetControl::ShuntInfo, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt])) ->
@@ -273,11 +270,10 @@
0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Software::LOG, [columns=Software::Info, ev=Software::log_software, path=software])) ->
0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Syslog::LOG, [columns=Syslog::Info, ev=, path=syslog])) ->
0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Tunnel::LOG, [columns=Tunnel::Info, ev=, path=tunnel])) ->
-0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Unified2::LOG, [columns=Unified2::Info, ev=Unified2::log_unified2, path=unified2])) ->
0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) ->
0.000000 MetaHookPost CallFunction(Log::__create_stream, , (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) ->
0.000000 MetaHookPost CallFunction(Log::__create_stream, , (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) ->
-0.000000 MetaHookPost CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1555986109.036092, node=bro, filter=ip or not ip, init=T, success=T])) ->
+0.000000 MetaHookPost CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1559762527.125384, node=bro, filter=ip or not ip, init=T, success=T])) ->
0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Broker::LOG)) ->
0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Cluster::LOG)) ->
0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Config::LOG)) ->
@@ -295,7 +291,6 @@
0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (KRB::LOG)) ->
0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Modbus::LOG)) ->
0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (NTLM::LOG)) ->
-0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (NetControl::CATCH_RELEASE)) ->
0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (NetControl::DROP)) ->
0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (NetControl::LOG)) ->
0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (NetControl::SHUNT)) ->
@@ -320,7 +315,6 @@
0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Software::LOG)) ->
0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Syslog::LOG)) ->
0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Tunnel::LOG)) ->
-0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Unified2::LOG)) ->
0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Weird::LOG)) ->
0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (X509::LOG)) ->
0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (mysql::LOG)) ->
@@ -341,7 +335,6 @@
0.000000 MetaHookPost CallFunction(Log::add_filter, , (KRB::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=, config={}])) ->
0.000000 MetaHookPost CallFunction(Log::add_filter, , (Modbus::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=, config={}])) ->
0.000000 MetaHookPost CallFunction(Log::add_filter, , (NTLM::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=, config={}])) ->
-0.000000 MetaHookPost CallFunction(Log::add_filter, , (NetControl::CATCH_RELEASE, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=, config={}])) ->
0.000000 MetaHookPost CallFunction(Log::add_filter, , (NetControl::DROP, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=, config={}])) ->
0.000000 MetaHookPost CallFunction(Log::add_filter, , (NetControl::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=, config={}])) ->
0.000000 MetaHookPost CallFunction(Log::add_filter, , (NetControl::SHUNT, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=, config={}])) ->
@@ -366,7 +359,6 @@
0.000000 MetaHookPost CallFunction(Log::add_filter, , (Software::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=, config={}])) ->
0.000000 MetaHookPost CallFunction(Log::add_filter, , (Syslog::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=, config={}])) ->
0.000000 MetaHookPost CallFunction(Log::add_filter, , (Tunnel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=, config={}])) ->
-0.000000 MetaHookPost CallFunction(Log::add_filter, , (Unified2::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=, config={}])) ->
0.000000 MetaHookPost CallFunction(Log::add_filter, , (Weird::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=, config={}])) ->
0.000000 MetaHookPost CallFunction(Log::add_filter, , (X509::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=, config={}])) ->
0.000000 MetaHookPost CallFunction(Log::add_filter, , (mysql::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=, config={}])) ->
@@ -387,7 +379,6 @@
0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (KRB::LOG, default)) ->
0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (Modbus::LOG, default)) ->
0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (NTLM::LOG, default)) ->
-0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (NetControl::CATCH_RELEASE, default)) ->
0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (NetControl::DROP, default)) ->
0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (NetControl::LOG, default)) ->
0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (NetControl::SHUNT, default)) ->
@@ -412,7 +403,6 @@
0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (Software::LOG, default)) ->
0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (Syslog::LOG, default)) ->
0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (Tunnel::LOG, default)) ->
-0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (Unified2::LOG, default)) ->
0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (Weird::LOG, default)) ->
0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (X509::LOG, default)) ->
0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (mysql::LOG, default)) ->
@@ -433,7 +423,6 @@
0.000000 MetaHookPost CallFunction(Log::create_stream, , (KRB::LOG, [columns=KRB::Info, ev=KRB::log_krb, path=kerberos])) ->
0.000000 MetaHookPost CallFunction(Log::create_stream, , (Modbus::LOG, [columns=Modbus::Info, ev=Modbus::log_modbus, path=modbus])) ->
0.000000 MetaHookPost CallFunction(Log::create_stream, , (NTLM::LOG, [columns=NTLM::Info, ev=, path=ntlm])) ->
-0.000000 MetaHookPost CallFunction(Log::create_stream, , (NetControl::CATCH_RELEASE, [columns=NetControl::CatchReleaseInfo, ev=NetControl::log_netcontrol_catch_release, path=netcontrol_catch_release])) ->
0.000000 MetaHookPost CallFunction(Log::create_stream, , (NetControl::DROP, [columns=NetControl::DropInfo, ev=NetControl::log_netcontrol_drop, path=netcontrol_drop])) ->
0.000000 MetaHookPost CallFunction(Log::create_stream, , (NetControl::LOG, [columns=NetControl::Info, ev=NetControl::log_netcontrol, path=netcontrol])) ->
0.000000 MetaHookPost CallFunction(Log::create_stream, , (NetControl::SHUNT, [columns=NetControl::ShuntInfo, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt])) ->
@@ -458,11 +447,10 @@
0.000000 MetaHookPost CallFunction(Log::create_stream, , (Software::LOG, [columns=Software::Info, ev=Software::log_software, path=software])) ->
0.000000 MetaHookPost CallFunction(Log::create_stream, , (Syslog::LOG, [columns=Syslog::Info, ev=, path=syslog])) ->
0.000000 MetaHookPost CallFunction(Log::create_stream, , (Tunnel::LOG, [columns=Tunnel::Info, ev=, path=tunnel])) ->
-0.000000 MetaHookPost CallFunction(Log::create_stream, , (Unified2::LOG, [columns=Unified2::Info, ev=Unified2::log_unified2, path=unified2])) ->
0.000000 MetaHookPost CallFunction(Log::create_stream, , (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) ->
0.000000 MetaHookPost CallFunction(Log::create_stream, , (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) ->
0.000000 MetaHookPost CallFunction(Log::create_stream, , (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) ->
-0.000000 MetaHookPost CallFunction(Log::write, , (PacketFilter::LOG, [ts=1555986109.036092, node=bro, filter=ip or not ip, init=T, success=T])) ->
+0.000000 MetaHookPost CallFunction(Log::write, , (PacketFilter::LOG, [ts=1559762527.125384, node=bro, filter=ip or not ip, init=T, success=T])) ->
0.000000 MetaHookPost CallFunction(NetControl::check_plugins, , ()) ->
0.000000 MetaHookPost CallFunction(NetControl::init, , ()) ->