Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Updating CHANGES and VERSION.

Browse source
This commit is contained in:
Robin Sommer 2016-08-10 08:47:26 -07:00
parent fea63eef30
commit cdb27a953d
3 changed files with 73 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

4
CHANGES
View file

@ -1,4 +1,8 @@
2.4-907 | 2016-08-09 15:42:17 -0400
* Updating NEWS.
2.4-905 | 2016-08-09 08:19:37 -0700 2.4-905 | 2016-08-09 08:19:37 -0700
* GSSAPI analyzer now forwards authentication blobs more correctly. * GSSAPI analyzer now forwards authentication blobs more correctly.

75
NEWS
View file

@ -4,8 +4,8 @@ release. For an exhaustive list of changes, see the ``CHANGES`` file
(note that submodules, such as BroControl and Broccoli, come with (note that submodules, such as BroControl and Broccoli, come with
their own ``CHANGES``.) their own ``CHANGES``.)
Bro 2.5 (in progress) Bro 2.5
===================== =======
New Dependencies New Dependencies
---------------- ----------------
@ -137,6 +137,39 @@ New Functionality
- Table expiration timeout expressions are evaluated dynamically as - Table expiration timeout expressions are evaluated dynamically as
timestmaps are updated. timestmaps are updated.
- The pcap buffer size can be set through the new option Pcap::bufsize.
- Input framework readers Table and Event can now define a custom
event to receive logging messages.
- New BroControl functionality in aux/broctl:
- There is a new node type "logger" that can be specified in
node.cfg (that file has a commented-out example). The purpose of
this new node type is to receive logs from all nodes in a cluster
in order to reduce the load on the manager node. However, if
there is no "logger" node, then the manager node will handle
logging as usual.
- The post-terminate script will send email if it fails to archive
any log files. These mails can be turned off by changing the
value of the new BroControl option MailArchiveLogFail.
- Added the ability for "broctl deploy" to reload the BroControl
configuration (both broctl.cfg and node.cfg). This happens
automatically if broctl detects any changes to those config files
since the last time the config was loaded. Note that this feature
is relevant only when using the BroControl shell interactively.
- The BroControl plugin API has a new function "broctl_config".
This gives plugin authors the ability to add their own script code
to the autogenerated broctl-config.bro script.
- There is a new BroControl plugin for custom load balancing. This
plugin can be used by setting "lb_method=custom" for your worker
nodes in node.cfg. To support packet source plugins, it allows
configuration of a prefix and suffix for the interface name.
- New Bro plugins in aux/plugins: - New Bro plugins in aux/plugins:
- af_packet: Native AF_PACKET support. - af_packet: Native AF_PACKET support.
@ -147,11 +180,6 @@ New Functionality
- redis: An experimental log writer for Redis. - redis: An experimental log writer for Redis.
- tcprs: An TCP-level analyzer detecting retransmissions, reordering, and more. - tcprs: An TCP-level analyzer detecting retransmissions, reordering, and more.
- The pcap buffer size can be set through the new option Pcap::bufsize.
- Input framework readers Table and Event can now define a custom
event to receive logging messages.
Changed Functionality Changed Functionality
--------------------- ---------------------
@ -209,6 +237,39 @@ Changed Functionality
would refuse to inspect the payload. Now, Bro will consider these would refuse to inspect the payload. Now, Bro will consider these
connections as complete and all analyzers will process them notmally. connections as complete and all analyzers will process them notmally.
- Changed BroControl functionality in aux/broctl:
- The networks.cfg file now contains private IP space 172.16.0.0/12
by default.
- Upon startup, if broctl can't get IP addresses from the "ifconfig"
command for any reason, then broctl will now also try to use the
"ip" command.
- BroControl will now automatically search the Bro plugin directory
for BroControl plugins (in addition to all the other places where
BroControl searches). This enables automatic loading of
BroControl plugins that are provided by a Bro plugin.
- Changed the default value of the StatusCmdShowAll option so that
the "broctl status" command runs faster. This also means that
there is no longer a "Peers" column in the status output by
default.
- Users can now specify a more granular log expiration interval. The
BroControl option LogExpireInterval can be set to an arbitrary
time interval instead of just an integer number of days. The time
interval is specified as an integer followed by a time unit:
"day", "hr", or "min". For backward compatibility, an integer
value without a time unit is still interpreted as a number of
days.
- Changed the text of crash report emails. Now crash reports tell
the user to forward the mail to the Bro team only when a backtrace
is included in the crash report. If there is no backtrace, then
the crash report includes instructions on how to get backtraces
included in future crash reports.
Removed Functionality Removed Functionality
--------------------- ---------------------

2
VERSION
View file

@ -1 +1 @@
2.4-905 2.4-907