From cdb27a953dfc2d9035e9852c9a3e3f800a736ed5 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Wed, 10 Aug 2016 08:47:26 -0700 Subject: [PATCH] Updating CHANGES and VERSION. --- CHANGES | 4 +++ NEWS | 75 +++++++++++++++++++++++++++++++++++++++++++++++++++------ VERSION | 2 +- 3 files changed, 73 insertions(+), 8 deletions(-) diff --git a/CHANGES b/CHANGES index de6c0b18a4..8606ee4584 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,8 @@ +2.4-907 | 2016-08-09 15:42:17 -0400 + + * Updating NEWS. + 2.4-905 | 2016-08-09 08:19:37 -0700 * GSSAPI analyzer now forwards authentication blobs more correctly. diff --git a/NEWS b/NEWS index a05c6020e6..570a8f6cfd 100644 --- a/NEWS +++ b/NEWS @@ -4,8 +4,8 @@ release. For an exhaustive list of changes, see the ``CHANGES`` file (note that submodules, such as BroControl and Broccoli, come with their own ``CHANGES``.) -Bro 2.5 (in progress) -===================== +Bro 2.5 +======= New Dependencies ---------------- @@ -137,6 +137,39 @@ New Functionality - Table expiration timeout expressions are evaluated dynamically as timestmaps are updated. +- The pcap buffer size can be set through the new option Pcap::bufsize. + +- Input framework readers Table and Event can now define a custom + event to receive logging messages. + +- New BroControl functionality in aux/broctl: + + - There is a new node type "logger" that can be specified in + node.cfg (that file has a commented-out example). The purpose of + this new node type is to receive logs from all nodes in a cluster + in order to reduce the load on the manager node. However, if + there is no "logger" node, then the manager node will handle + logging as usual. + + - The post-terminate script will send email if it fails to archive + any log files. These mails can be turned off by changing the + value of the new BroControl option MailArchiveLogFail. + + - Added the ability for "broctl deploy" to reload the BroControl + configuration (both broctl.cfg and node.cfg). This happens + automatically if broctl detects any changes to those config files + since the last time the config was loaded. Note that this feature + is relevant only when using the BroControl shell interactively. + + - The BroControl plugin API has a new function "broctl_config". + This gives plugin authors the ability to add their own script code + to the autogenerated broctl-config.bro script. + + - There is a new BroControl plugin for custom load balancing. This + plugin can be used by setting "lb_method=custom" for your worker + nodes in node.cfg. To support packet source plugins, it allows + configuration of a prefix and suffix for the interface name. + - New Bro plugins in aux/plugins: - af_packet: Native AF_PACKET support. @@ -147,11 +180,6 @@ New Functionality - redis: An experimental log writer for Redis. - tcprs: An TCP-level analyzer detecting retransmissions, reordering, and more. -- The pcap buffer size can be set through the new option Pcap::bufsize. - -- Input framework readers Table and Event can now define a custom - event to receive logging messages. - Changed Functionality --------------------- @@ -209,6 +237,39 @@ Changed Functionality would refuse to inspect the payload. Now, Bro will consider these connections as complete and all analyzers will process them notmally. +- Changed BroControl functionality in aux/broctl: + + - The networks.cfg file now contains private IP space 172.16.0.0/12 + by default. + + - Upon startup, if broctl can't get IP addresses from the "ifconfig" + command for any reason, then broctl will now also try to use the + "ip" command. + + - BroControl will now automatically search the Bro plugin directory + for BroControl plugins (in addition to all the other places where + BroControl searches). This enables automatic loading of + BroControl plugins that are provided by a Bro plugin. + + - Changed the default value of the StatusCmdShowAll option so that + the "broctl status" command runs faster. This also means that + there is no longer a "Peers" column in the status output by + default. + + - Users can now specify a more granular log expiration interval. The + BroControl option LogExpireInterval can be set to an arbitrary + time interval instead of just an integer number of days. The time + interval is specified as an integer followed by a time unit: + "day", "hr", or "min". For backward compatibility, an integer + value without a time unit is still interpreted as a number of + days. + + - Changed the text of crash report emails. Now crash reports tell + the user to forward the mail to the Bro team only when a backtrace + is included in the crash report. If there is no backtrace, then + the crash report includes instructions on how to get backtraces + included in future crash reports. + Removed Functionality --------------------- diff --git a/VERSION b/VERSION index daedcc6eac..0b81206c93 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.4-905 +2.4-907