mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
Prefer explicit construction to coercion in record initialization
While we support initializing records via coercion from an expression
list, e.g.,
local x: X = [$x1=1, $x2=2];
this can sometimes obscure the code to readers, e.g., when assigning to
value declared and typed elsewhere. The language runtime has a similar
overhead since instead of just constructing a known type it needs to
check at runtime that the coercion from the expression list is valid;
this can be slower than just writing the readible code in the first
place, see #4559.
With this patch we use explicit construction, e.g.,
local x = X($x1=1, $x2=2);
This commit is contained in:
Benjamin Bannier
Christian Kreibich
parent
54f9e45597
commit
d5fd29edcd
139 changed files with 786 additions and 788 deletions
|
|
@ -46,7 +46,7 @@ export {
|
|||
|
||||
event zeek_init() &priority=5
|
||||
{
|
||||
Log::create_stream(LOG, [$columns=Info, $path="analyzer", $ev=log_analyzer, $policy=log_policy]);
|
||||
Log::create_stream(LOG, Log::Stream($columns=Info, $path="analyzer", $ev=log_analyzer, $policy=log_policy));
|
||||
}
|
||||
|
||||
function log_analyzer_failure(ts: time, atype: AllAnalyzers::Tag, info: AnalyzerViolationInfo)
|
||||
|
|
|
|||
|
|
@ -47,17 +47,17 @@ export {
|
|||
|
||||
event zeek_init() &priority=5
|
||||
{
|
||||
Log::create_stream(Broker::LOG, [$columns=Info, $path="broker", $policy=log_policy]);
|
||||
Log::create_stream(Broker::LOG, Log::Stream($columns=Info, $path="broker", $policy=log_policy));
|
||||
}
|
||||
|
||||
function log_status(ev: string, endpoint: EndpointInfo, msg: string)
|
||||
{
|
||||
local r: Info;
|
||||
|
||||
r = [$ts = network_time(),
|
||||
$ev = ev,
|
||||
$ty = STATUS,
|
||||
$message = msg];
|
||||
r = Broker::Info($ts = network_time(),
|
||||
$ev = ev,
|
||||
$ty = STATUS,
|
||||
$message = msg);
|
||||
|
||||
if ( endpoint?$network )
|
||||
r$peer = endpoint$network;
|
||||
|
|
@ -87,10 +87,10 @@ event Broker::error(code: ErrorCode, msg: string)
|
|||
ev = subst_string(ev, "_", "-");
|
||||
ev = to_lower(ev);
|
||||
|
||||
Log::write(Broker::LOG, [$ts = network_time(),
|
||||
Log::write(Broker::LOG, Info($ts = network_time(),
|
||||
$ev = ev,
|
||||
$ty = ERROR,
|
||||
$message = msg]);
|
||||
$message = msg));
|
||||
|
||||
Reporter::error(fmt("Broker error (%s): %s", code, msg));
|
||||
}
|
||||
|
|
@ -115,8 +115,8 @@ event Broker::internal_log_event(lvl: LogSeverityLevel, id: string, description:
|
|||
severity = Broker::DEBUG_EVENT;
|
||||
break;
|
||||
}
|
||||
Log::write(Broker::LOG, [$ts = network_time(),
|
||||
Log::write(Broker::LOG, Info($ts = network_time(),
|
||||
$ty = severity,
|
||||
$ev = id,
|
||||
$message = description]);
|
||||
$message = description));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -5,13 +5,13 @@
|
|||
|
||||
module Cluster;
|
||||
|
||||
global broker_backpressure_disconnects_cf = Telemetry::register_counter_family([
|
||||
global broker_backpressure_disconnects_cf = Telemetry::register_counter_family(Telemetry::MetricOpts(
|
||||
$prefix="zeek",
|
||||
$name="broker-backpressure-disconnects",
|
||||
$unit="",
|
||||
$label_names=vector("peer"),
|
||||
$help_text="Number of Broker peerings dropped due to a neighbor falling behind in message I/O",
|
||||
]);
|
||||
));
|
||||
|
||||
event Broker::peer_removed(endpoint: Broker::EndpointInfo, msg: string)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -7,13 +7,13 @@ module Cluster;
|
|||
## This gauge tracks the current number of locally queued messages in each
|
||||
## Broker peering's send buffer. The "peer" label identifies the remote side of
|
||||
## the peering, containing a Zeek cluster node name.
|
||||
global broker_peer_buffer_messages_gf = Telemetry::register_gauge_family([
|
||||
global broker_peer_buffer_messages_gf = Telemetry::register_gauge_family(Telemetry::MetricOpts(
|
||||
$prefix="zeek",
|
||||
$name="broker-peer-buffer-messages",
|
||||
$unit="",
|
||||
$label_names=vector("peer"),
|
||||
$help_text="Number of messages queued in Broker's send buffers",
|
||||
]);
|
||||
));
|
||||
|
||||
## This gauge tracks recent maximum queue lengths for each Broker peering's send
|
||||
## buffer. Most of the time the send buffers are nearly empty, so this gauge
|
||||
|
|
@ -23,26 +23,26 @@ global broker_peer_buffer_messages_gf = Telemetry::register_gauge_family([
|
|||
## observed message. That is, Zeek keeps a timestamp of when the window started,
|
||||
## and once it notices that the interval has passed, it moves the start of the
|
||||
## window to current time.
|
||||
global broker_peer_buffer_recent_max_messages_gf = Telemetry::register_gauge_family([
|
||||
global broker_peer_buffer_recent_max_messages_gf = Telemetry::register_gauge_family(Telemetry::MetricOpts(
|
||||
$prefix="zeek",
|
||||
$name="broker-peer-buffer-recent-max-messages",
|
||||
$unit="",
|
||||
$label_names=vector("peer"),
|
||||
$help_text="Maximum number of messages recently queued in Broker's send buffers",
|
||||
]);
|
||||
));
|
||||
|
||||
## This counter tracks for each Broker peering the number of times its send
|
||||
## buffer has overflowed. For the "disconnect" policy this can at most be 1,
|
||||
## since Broker stops the peering at this time. For the "drop_oldest" and
|
||||
## "drop_newest" policies (see :zeek:see:`Broker:peer_overflow_policy`) the count
|
||||
## instead reflects the number of messages lost.
|
||||
global broker_peer_buffer_overflows_cf = Telemetry::register_counter_family([
|
||||
global broker_peer_buffer_overflows_cf = Telemetry::register_counter_family(Telemetry::MetricOpts(
|
||||
$prefix="zeek",
|
||||
$name="broker-peer-buffer-overflows",
|
||||
$unit="",
|
||||
$label_names=vector("peer"),
|
||||
$help_text="Number of overflows in Broker's send buffers",
|
||||
]);
|
||||
));
|
||||
|
||||
|
||||
# A helper to track overflow counts over past peerings as well as the current
|
||||
|
|
|
|||
|
|
@ -492,7 +492,7 @@ function nodeid_to_node(id: string): NamedNode
|
|||
return NamedNode($name=name, $node=n);
|
||||
}
|
||||
|
||||
return NamedNode($name="", $node=[$node_type=NONE, $ip=0.0.0.0]);
|
||||
return NamedNode($name="", $node=Node($node_type=NONE, $ip=0.0.0.0));
|
||||
}
|
||||
|
||||
event Cluster::hello(name: string, id: string) &priority=10
|
||||
|
|
@ -572,7 +572,7 @@ event zeek_init() &priority=5
|
|||
terminate();
|
||||
}
|
||||
|
||||
Log::create_stream(Cluster::LOG, [$columns=Info, $path="cluster", $policy=log_policy]);
|
||||
Log::create_stream(Cluster::LOG, Log::Stream($columns=Info, $path="cluster", $policy=log_policy));
|
||||
}
|
||||
|
||||
function create_store(name: string, persistent: bool &default=F): Cluster::StoreInfo
|
||||
|
|
@ -654,7 +654,7 @@ function create_store(name: string, persistent: bool &default=F): Cluster::Store
|
|||
|
||||
function log(msg: string)
|
||||
{
|
||||
Log::write(Cluster::LOG, [$ts = network_time(), $node = node, $message = msg]);
|
||||
Log::write(Cluster::LOG, Info($ts = network_time(), $node = node, $message = msg));
|
||||
}
|
||||
|
||||
function init(): bool
|
||||
|
|
|
|||
|
|
@ -42,7 +42,7 @@ function __init_cluster_nodes(): bool
|
|||
if ( endp$role in rolemap )
|
||||
typ = rolemap[endp$role];
|
||||
|
||||
cnode = [$node_type=typ, $ip=endp$host, $p=endp$p];
|
||||
cnode = Cluster::Node($node_type=typ, $ip=endp$host, $p=endp$p);
|
||||
if ( |manager_name| > 0 && cnode$node_type != Cluster::MANAGER )
|
||||
cnode$manager = manager_name;
|
||||
if ( endp?$metrics_port )
|
||||
|
|
|
|||
|
|
@ -40,14 +40,14 @@ event zeek_init() &priority=5
|
|||
return;
|
||||
|
||||
for ( fi in config_files )
|
||||
Input::add_table([$reader=Input::READER_CONFIG,
|
||||
Input::add_table(Input::TableDescription($reader=Input::READER_CONFIG,
|
||||
$mode=Input::REREAD,
|
||||
$source=fi,
|
||||
$name=cat("config-", fi),
|
||||
$idx=ConfigItem,
|
||||
$val=ConfigItem,
|
||||
$want_record=F,
|
||||
$destination=current_config]);
|
||||
$destination=current_config));
|
||||
}
|
||||
|
||||
event InputConfig::new_value(name: string, source: string, id: string, value: any)
|
||||
|
|
@ -67,11 +67,11 @@ function read_config(filename: string)
|
|||
|
||||
local iname = cat("config-oneshot-", filename);
|
||||
|
||||
Input::add_event([$reader=Input::READER_CONFIG,
|
||||
Input::add_event(Input::EventDescription($reader=Input::READER_CONFIG,
|
||||
$mode=Input::MANUAL,
|
||||
$source=filename,
|
||||
$name=iname,
|
||||
$fields=EventFields,
|
||||
$ev=config_line]);
|
||||
$ev=config_line));
|
||||
Input::remove(iname);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -153,7 +153,7 @@ function config_option_changed(ID: string, new_value: any, location: string): an
|
|||
|
||||
event zeek_init() &priority=10
|
||||
{
|
||||
Log::create_stream(LOG, [$columns=Info, $ev=log_config, $path="config", $policy=log_policy]);
|
||||
Log::create_stream(LOG, Log::Stream($columns=Info, $ev=log_config, $path="config", $policy=log_policy));
|
||||
|
||||
# Limit logging to the manager - everyone else just feeds off it.
|
||||
@if ( !Cluster::is_enabled() || Cluster::local_node_type() == Cluster::MANAGER )
|
||||
|
|
|
|||
|
|
@ -341,7 +341,7 @@ global analyzer_add_callbacks: table[Files::Tag] of function(f: fa_file, args: A
|
|||
|
||||
event zeek_init() &priority=5
|
||||
{
|
||||
Log::create_stream(Files::LOG, [$columns=Info, $ev=log_files, $path="files", $policy=log_policy]);
|
||||
Log::create_stream(Files::LOG, Log::Stream($columns=Info, $ev=log_files, $path="files", $policy=log_policy));
|
||||
}
|
||||
|
||||
function set_info(f: fa_file)
|
||||
|
|
|
|||
|
|
@ -68,13 +68,13 @@ event zeek_init() &priority=5
|
|||
if ( |path_prefix| > 0 && sub_bytes(a_file, 0, 1) != "/" )
|
||||
source = cat(rstrip(path_prefix, "/"), "/", a_file);
|
||||
|
||||
Input::add_event([$source=source,
|
||||
$reader=Input::READER_ASCII,
|
||||
$mode=Input::REREAD,
|
||||
$name=cat("intel-", a_file),
|
||||
$fields=Intel::Item,
|
||||
$ev=Intel::read_entry,
|
||||
$error_ev=Intel::read_error]);
|
||||
Input::add_event(Input::EventDescription($source=source,
|
||||
$reader=Input::READER_ASCII,
|
||||
$mode=Input::REREAD,
|
||||
$name=cat("intel-", a_file),
|
||||
$fields=Intel::Item,
|
||||
$ev=Intel::read_entry,
|
||||
$error_ev=Intel::read_error));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -280,7 +280,7 @@ global min_data_store: MinDataStore &redef;
|
|||
|
||||
event zeek_init() &priority=5
|
||||
{
|
||||
Log::create_stream(LOG, [$columns=Info, $ev=log_intel, $path="intel", $policy=log_policy]);
|
||||
Log::create_stream(LOG, Log::Stream($columns=Info, $ev=log_intel, $path="intel", $policy=log_policy));
|
||||
}
|
||||
|
||||
# Function that abstracts expiration of different types.
|
||||
|
|
@ -289,7 +289,7 @@ function expire_item(indicator: string, indicator_type: Type, metas: set[MetaDat
|
|||
if ( hook item_expired(indicator, indicator_type, metas) )
|
||||
return item_expiration;
|
||||
else
|
||||
remove([$indicator=indicator, $indicator_type=indicator_type, $meta=[$source=""]], T);
|
||||
remove(Item($indicator=indicator, $indicator_type=indicator_type, $meta=MetaData($source="")), T);
|
||||
return 0 sec;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -425,7 +425,7 @@ export {
|
|||
};
|
||||
|
||||
## Sentinel value for indicating that a filter was not found when looked up.
|
||||
const no_filter: Filter = [$name="<not found>"];
|
||||
const no_filter = Filter($name="<not found>");
|
||||
|
||||
## Creates a new logging stream with the default filter.
|
||||
##
|
||||
|
|
@ -997,7 +997,7 @@ function flush(id: ID): bool
|
|||
|
||||
function add_default_filter(id: ID) : bool
|
||||
{
|
||||
return add_filter(id, [$name="default"]);
|
||||
return add_filter(id, Filter($name="default"));
|
||||
}
|
||||
|
||||
function remove_default_filter(id: ID) : bool
|
||||
|
|
@ -1008,7 +1008,7 @@ function remove_default_filter(id: ID) : bool
|
|||
event zeek_init() &priority=5
|
||||
{
|
||||
if ( print_to_log != REDIRECT_NONE )
|
||||
Log::create_stream(PRINTLOG, [$columns=PrintLogInfo, $ev=log_print, $path=print_log_path]);
|
||||
Log::create_stream(PRINTLOG, Log::Stream($columns=PrintLogInfo, $ev=log_print, $path=print_log_path));
|
||||
}
|
||||
|
||||
function empty_post_delay_cb(rec: any, id: ID): bool {
|
||||
|
|
|
|||
|
|
@ -7,9 +7,9 @@
|
|||
##! names is printed out as meta information, with no "# fields" prepended; no
|
||||
##! other meta data gets included in that mode. Example filter using this::
|
||||
##!
|
||||
##! local f: Log::Filter = [$name = "my-filter",
|
||||
##! $writer = Log::WRITER_ASCII,
|
||||
##! $config = table(["tsv"] = "T")];
|
||||
##! local f = Log::Filter($name = "my-filter",
|
||||
##! $writer = Log::WRITER_ASCII,
|
||||
##! $config = table(["tsv"] = "T"));
|
||||
##!
|
||||
|
||||
module LogAscii;
|
||||
|
|
|
|||
|
|
@ -59,13 +59,13 @@ export {
|
|||
|
||||
event zeek_init() &priority=5
|
||||
{
|
||||
Log::create_stream(NetControl::DROP_LOG, [$columns=DropInfo, $ev=log_netcontrol_drop, $path="netcontrol_drop", $policy=log_policy_drop]);
|
||||
Log::create_stream(NetControl::DROP_LOG, Log::Stream($columns=DropInfo, $ev=log_netcontrol_drop, $path="netcontrol_drop", $policy=log_policy_drop));
|
||||
}
|
||||
|
||||
function drop_connection(c: conn_id, t: interval, location: string &default="") : string
|
||||
{
|
||||
local e: Entity = [$ty=CONNECTION, $conn=c];
|
||||
local r: Rule = [$ty=DROP, $target=FORWARD, $entity=e, $expire=t, $location=location];
|
||||
local e = Entity($ty=CONNECTION, $conn=c);
|
||||
local r = Rule($ty=DROP, $target=FORWARD, $entity=e, $expire=t, $location=location);
|
||||
|
||||
if ( ! hook NetControl::drop_rule_policy(r) )
|
||||
return "";
|
||||
|
|
@ -88,8 +88,8 @@ function drop_connection(c: conn_id, t: interval, location: string &default="")
|
|||
|
||||
function drop_address(a: addr, t: interval, location: string &default="") : string
|
||||
{
|
||||
local e: Entity = [$ty=ADDRESS, $ip=addr_to_subnet(a)];
|
||||
local r: Rule = [$ty=DROP, $target=FORWARD, $entity=e, $expire=t, $location=location];
|
||||
local e = Entity($ty=ADDRESS, $ip=addr_to_subnet(a));
|
||||
local r = Rule($ty=DROP, $target=FORWARD, $entity=e, $expire=t, $location=location);
|
||||
|
||||
if ( ! hook NetControl::drop_rule_policy(r) )
|
||||
return "";
|
||||
|
|
|
|||
|
|
@ -383,7 +383,7 @@ global rule_entities: table[Entity, RuleType] of Rule;
|
|||
|
||||
event zeek_init() &priority=5
|
||||
{
|
||||
Log::create_stream(NetControl::LOG, [$columns=Info, $ev=log_netcontrol, $path="netcontrol", $policy=log_policy]);
|
||||
Log::create_stream(NetControl::LOG, Log::Stream($columns=Info, $ev=log_netcontrol, $path="netcontrol", $policy=log_policy));
|
||||
}
|
||||
|
||||
function entity_to_info(info: Info, e: Entity)
|
||||
|
|
@ -489,22 +489,22 @@ function rule_to_info(info: Info, r: Rule)
|
|||
|
||||
function log_msg(msg: string, p: PluginState)
|
||||
{
|
||||
Log::write(LOG, [$ts=network_time(), $category=MESSAGE, $msg=msg, $plugin=p$plugin$name(p)]);
|
||||
Log::write(LOG, Info($ts=network_time(), $category=MESSAGE, $msg=msg, $plugin=p$plugin$name(p)));
|
||||
}
|
||||
|
||||
function log_error(msg: string, p: PluginState)
|
||||
{
|
||||
Log::write(LOG, [$ts=network_time(), $category=ERROR, $msg=msg, $plugin=p$plugin$name(p)]);
|
||||
Log::write(LOG, Info($ts=network_time(), $category=ERROR, $msg=msg, $plugin=p$plugin$name(p)));
|
||||
}
|
||||
|
||||
function log_msg_no_plugin(msg: string)
|
||||
{
|
||||
Log::write(LOG, [$ts=network_time(), $category=MESSAGE, $msg=msg]);
|
||||
Log::write(LOG, Info($ts=network_time(), $category=MESSAGE, $msg=msg));
|
||||
}
|
||||
|
||||
function log_rule(r: Rule, cmd: string, state: InfoState, p: PluginState, msg: string &default="")
|
||||
{
|
||||
local info: Info = [$ts=network_time()];
|
||||
local info = Info($ts=network_time());
|
||||
info$category = RULE;
|
||||
info$cmd = cmd;
|
||||
info$state = state;
|
||||
|
|
@ -519,14 +519,14 @@ function log_rule(r: Rule, cmd: string, state: InfoState, p: PluginState, msg: s
|
|||
|
||||
function log_rule_error(r: Rule, msg: string, p: PluginState)
|
||||
{
|
||||
local info: Info = [$ts=network_time(), $category=ERROR, $msg=msg, $plugin=p$plugin$name(p)];
|
||||
local info = Info($ts=network_time(), $category=ERROR, $msg=msg, $plugin=p$plugin$name(p));
|
||||
rule_to_info(info, r);
|
||||
Log::write(LOG, info);
|
||||
}
|
||||
|
||||
function log_rule_no_plugin(r: Rule, state: InfoState, msg: string)
|
||||
{
|
||||
local info: Info = [$ts=network_time()];
|
||||
local info = Info($ts=network_time());
|
||||
info$category = RULE;
|
||||
info$state = state;
|
||||
info$msg = msg;
|
||||
|
|
@ -538,16 +538,16 @@ function log_rule_no_plugin(r: Rule, state: InfoState, msg: string)
|
|||
|
||||
function whitelist_address(a: addr, t: interval, location: string &default="") : string
|
||||
{
|
||||
local e: Entity = [$ty=ADDRESS, $ip=addr_to_subnet(a)];
|
||||
local r: Rule = [$ty=WHITELIST, $priority=whitelist_priority, $target=FORWARD, $entity=e, $expire=t, $location=location];
|
||||
local e = Entity($ty=ADDRESS, $ip=addr_to_subnet(a));
|
||||
local r = Rule($ty=WHITELIST, $priority=whitelist_priority, $target=FORWARD, $entity=e, $expire=t, $location=location);
|
||||
|
||||
return add_rule(r);
|
||||
}
|
||||
|
||||
function whitelist_subnet(s: subnet, t: interval, location: string &default="") : string
|
||||
{
|
||||
local e: Entity = [$ty=ADDRESS, $ip=s];
|
||||
local r: Rule = [$ty=WHITELIST, $priority=whitelist_priority, $target=FORWARD, $entity=e, $expire=t, $location=location];
|
||||
local e = Entity($ty=ADDRESS, $ip=s);
|
||||
local r = Rule($ty=WHITELIST, $priority=whitelist_priority, $target=FORWARD, $entity=e, $expire=t, $location=location);
|
||||
|
||||
return add_rule(r);
|
||||
}
|
||||
|
|
@ -561,8 +561,8 @@ function redirect_flow(f: flow_id, out_port: count, t: interval, location: strin
|
|||
$dst_h=addr_to_subnet(f$dst_h),
|
||||
$dst_p=f$dst_p
|
||||
);
|
||||
local e: Entity = [$ty=FLOW, $flow=flow];
|
||||
local r: Rule = [$ty=REDIRECT, $target=FORWARD, $entity=e, $expire=t, $location=location, $out_port=out_port];
|
||||
local e = Entity($ty=FLOW, $flow=flow);
|
||||
local r = Rule($ty=REDIRECT, $target=FORWARD, $entity=e, $expire=t, $location=location, $out_port=out_port);
|
||||
|
||||
return add_rule(r);
|
||||
}
|
||||
|
|
@ -570,19 +570,19 @@ function redirect_flow(f: flow_id, out_port: count, t: interval, location: strin
|
|||
function quarantine_host(infected: addr, dns: addr, quarantine: addr, t: interval, location: string &default="") : vector of string
|
||||
{
|
||||
local orules: vector of string = vector();
|
||||
local edrop: Entity = [$ty=FLOW, $flow=Flow($src_h=addr_to_subnet(infected))];
|
||||
local rdrop: Rule = [$ty=DROP, $target=FORWARD, $entity=edrop, $expire=t, $location=location];
|
||||
local edrop = Entity($ty=FLOW, $flow=Flow($src_h=addr_to_subnet(infected)));
|
||||
local rdrop = Rule($ty=DROP, $target=FORWARD, $entity=edrop, $expire=t, $location=location);
|
||||
orules += add_rule(rdrop);
|
||||
|
||||
local todnse: Entity = [$ty=FLOW, $flow=Flow($src_h=addr_to_subnet(infected), $dst_h=addr_to_subnet(dns), $dst_p=53/udp)];
|
||||
local todnse = Entity($ty=FLOW, $flow=Flow($src_h=addr_to_subnet(infected), $dst_h=addr_to_subnet(dns), $dst_p=53/udp));
|
||||
local todnsr = Rule($ty=MODIFY, $target=FORWARD, $entity=todnse, $expire=t, $location=location, $mod=FlowMod($dst_h=quarantine), $priority=+5);
|
||||
orules += add_rule(todnsr);
|
||||
|
||||
local fromdnse: Entity = [$ty=FLOW, $flow=Flow($src_h=addr_to_subnet(dns), $src_p=53/udp, $dst_h=addr_to_subnet(infected))];
|
||||
local fromdnse = Entity($ty=FLOW, $flow=Flow($src_h=addr_to_subnet(dns), $src_p=53/udp, $dst_h=addr_to_subnet(infected)));
|
||||
local fromdnsr = Rule($ty=MODIFY, $target=FORWARD, $entity=fromdnse, $expire=t, $location=location, $mod=FlowMod($src_h=dns), $priority=+5);
|
||||
orules += add_rule(fromdnsr);
|
||||
|
||||
local wle: Entity = [$ty=FLOW, $flow=Flow($src_h=addr_to_subnet(infected), $dst_h=addr_to_subnet(quarantine), $dst_p=80/tcp)];
|
||||
local wle = Entity($ty=FLOW, $flow=Flow($src_h=addr_to_subnet(infected), $dst_h=addr_to_subnet(quarantine), $dst_p=80/tcp));
|
||||
local wlr = Rule($ty=WHITELIST, $target=FORWARD, $entity=wle, $expire=t, $location=location, $priority=+5);
|
||||
orules += add_rule(wlr);
|
||||
|
||||
|
|
|
|||
|
|
@ -303,7 +303,7 @@ function create_acld(config: AcldConfig) : PluginState
|
|||
add netcontrol_acld_topics[config$acld_topic];
|
||||
|
||||
local host = cat(config$acld_host);
|
||||
local p: PluginState = [$acld_config=config, $plugin=acld_plugin, $acld_id=netcontrol_acld_current_id];
|
||||
local p = PluginState($acld_config=config, $plugin=acld_plugin, $acld_id=netcontrol_acld_current_id);
|
||||
|
||||
if ( [config$acld_port, host] in netcontrol_acld_peers )
|
||||
Reporter::warning(fmt("Peer %s:%s was added to NetControl acld plugin twice.", host, config$acld_port));
|
||||
|
|
|
|||
|
|
@ -117,7 +117,7 @@ global debug_plugin = Plugin(
|
|||
|
||||
function create_debug(do_something: bool, name: string) : PluginState
|
||||
{
|
||||
local p: PluginState = [$plugin=debug_plugin];
|
||||
local p = PluginState($plugin=debug_plugin);
|
||||
|
||||
# FIXME: Why's the default not working?
|
||||
p$config = table();
|
||||
|
|
@ -132,7 +132,7 @@ function create_debug(do_something: bool, name: string) : PluginState
|
|||
|
||||
function create_debug_error(name: string) : PluginState
|
||||
{
|
||||
local p: PluginState = copy([$plugin=debug_plugin]);
|
||||
local p = copy(PluginState($plugin=debug_plugin));
|
||||
p$config["name"] = name;
|
||||
p$config["all"] = "1";
|
||||
p$plugin$add_rule = debug_add_rule_error;
|
||||
|
|
@ -141,7 +141,7 @@ function create_debug_error(name: string) : PluginState
|
|||
|
||||
function create_debug_exists(name: string) : PluginState
|
||||
{
|
||||
local p: PluginState = copy([$plugin=debug_plugin]);
|
||||
local p = copy(PluginState($plugin=debug_plugin));
|
||||
p$config["name"] = name;
|
||||
p$config["all"] = "1";
|
||||
p$plugin$add_rule = debug_add_rule_exists;
|
||||
|
|
|
|||
|
|
@ -447,7 +447,7 @@ global openflow_plugin = Plugin(
|
|||
|
||||
function create_openflow(controller: OpenFlow::Controller, config: OfConfig &default=[]) : PluginState
|
||||
{
|
||||
local p: PluginState = [$plugin=openflow_plugin, $of_controller=controller, $of_config=config];
|
||||
local p = PluginState($plugin=openflow_plugin, $of_controller=controller, $of_config=config);
|
||||
|
||||
return p;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -106,7 +106,7 @@ global packetfilter_plugin = Plugin(
|
|||
|
||||
function create_packetfilter() : PluginState
|
||||
{
|
||||
local p: PluginState = [$plugin=packetfilter_plugin];
|
||||
local p = PluginState($plugin=packetfilter_plugin);
|
||||
|
||||
return p;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -40,7 +40,7 @@ export {
|
|||
|
||||
event zeek_init() &priority=5
|
||||
{
|
||||
Log::create_stream(NetControl::SHUNT, [$columns=ShuntInfo, $ev=log_netcontrol_shunt, $path="netcontrol_shunt", $policy=log_policy_shunt]);
|
||||
Log::create_stream(NetControl::SHUNT, Log::Stream($columns=ShuntInfo, $ev=log_netcontrol_shunt, $path="netcontrol_shunt", $policy=log_policy_shunt));
|
||||
}
|
||||
|
||||
function shunt_flow(f: flow_id, t: interval, location: string &default="") : string
|
||||
|
|
@ -51,8 +51,8 @@ function shunt_flow(f: flow_id, t: interval, location: string &default="") : str
|
|||
$dst_h=addr_to_subnet(f$dst_h),
|
||||
$dst_p=f$dst_p
|
||||
);
|
||||
local e: Entity = [$ty=FLOW, $flow=flow];
|
||||
local r: Rule = [$ty=DROP, $target=MONITOR, $entity=e, $expire=t, $location=location];
|
||||
local e = Entity($ty=FLOW, $flow=flow);
|
||||
local r = Rule($ty=DROP, $target=MONITOR, $entity=e, $expire=t, $location=location);
|
||||
|
||||
local id = add_rule(r);
|
||||
|
||||
|
|
|
|||
|
|
@ -102,9 +102,9 @@ event zeek_init()
|
|||
|
||||
# This replaces the standard non-pretty-printing filter.
|
||||
Log::add_filter(Notice::ALARM_LOG,
|
||||
[$name="alarm-mail", $writer=Log::WRITER_NONE,
|
||||
$interv=Log::default_mail_alarms_interval,
|
||||
$postprocessor=pp_postprocessor]);
|
||||
Log::Filter($name="alarm-mail", $writer=Log::WRITER_NONE,
|
||||
$interv=Log::default_mail_alarms_interval,
|
||||
$postprocessor=pp_postprocessor));
|
||||
}
|
||||
|
||||
hook notice(n: Notice::Info) &priority=-5
|
||||
|
|
|
|||
|
|
@ -381,16 +381,16 @@ function log_mailing_postprocessor(info: Log::RotationInfo): bool
|
|||
|
||||
event zeek_init() &priority=5
|
||||
{
|
||||
Log::create_stream(Notice::LOG, [$columns=Info, $ev=log_notice, $path="notice", $policy=log_policy]);
|
||||
Log::create_stream(Notice::LOG, Log::Stream($columns=Info, $ev=log_notice, $path="notice", $policy=log_policy));
|
||||
|
||||
Log::create_stream(Notice::ALARM_LOG, [$columns=Notice::Info, $path="notice_alarm", $policy=log_policy_alarm]);
|
||||
Log::create_stream(Notice::ALARM_LOG, Log::Stream($columns=Notice::Info, $path="notice_alarm", $policy=log_policy_alarm));
|
||||
# If Zeek is configured for mailing notices, set up mailing for alarms.
|
||||
# Make sure that this alarm log is also output as text so that it can
|
||||
# be packaged up and emailed later.
|
||||
if ( ! reading_traces() && mail_dest != "" )
|
||||
Log::add_filter(Notice::ALARM_LOG,
|
||||
[$name="alarm-mail", $path="alarm-mail", $writer=Log::WRITER_ASCII,
|
||||
$interv=24hrs, $postprocessor=log_mailing_postprocessor]);
|
||||
Log::Filter($name="alarm-mail", $path="alarm-mail", $writer=Log::WRITER_ASCII,
|
||||
$interv=24hrs, $postprocessor=log_mailing_postprocessor));
|
||||
}
|
||||
|
||||
function email_headers(subject_desc: string, dest: string): string
|
||||
|
|
|
|||
|
|
@ -318,7 +318,7 @@ const notice_actions = {
|
|||
|
||||
event zeek_init() &priority=5
|
||||
{
|
||||
Log::create_stream(Weird::LOG, [$columns=Info, $ev=log_weird, $path="weird", $policy=log_policy]);
|
||||
Log::create_stream(Weird::LOG, Log::Stream($columns=Info, $ev=log_weird, $path="weird", $policy=log_policy));
|
||||
}
|
||||
|
||||
function flow_id_string(src: addr, dst: addr): string
|
||||
|
|
|
|||
|
|
@ -50,12 +50,12 @@ export {
|
|||
|
||||
event zeek_init() &priority=5
|
||||
{
|
||||
Log::create_stream(OpenFlow::LOG, [$columns=Info, $ev=log_openflow, $path="openflow", $policy=log_policy]);
|
||||
Log::create_stream(OpenFlow::LOG, Log::Stream($columns=Info, $ev=log_openflow, $path="openflow", $policy=log_policy));
|
||||
}
|
||||
|
||||
function log_flow_mod(state: ControllerState, match: ofp_match, flow_mod: OpenFlow::ofp_flow_mod): bool
|
||||
{
|
||||
Log::write(OpenFlow::LOG, [$ts=network_time(), $dpid=state$log_dpid, $match=match, $flow_mod=flow_mod]);
|
||||
Log::write(LOG, Info($ts=network_time(), $dpid=state$log_dpid, $match=match, $flow_mod=flow_mod));
|
||||
if ( state$log_success_event )
|
||||
event OpenFlow::flow_mod_success(state$_name, match, flow_mod);
|
||||
|
||||
|
|
|
|||
|
|
@ -175,7 +175,7 @@ event filter_change_tracking()
|
|||
|
||||
event zeek_init() &priority=5
|
||||
{
|
||||
Log::create_stream(PacketFilter::LOG, [$columns=Info, $path="packet_filter", $policy=log_policy]);
|
||||
Log::create_stream(PacketFilter::LOG, Log::Stream($columns=Info, $path="packet_filter", $policy=log_policy));
|
||||
|
||||
# Preverify the capture and restrict filters to give more granular failure messages.
|
||||
for ( id, cf in capture_filters )
|
||||
|
|
@ -303,9 +303,9 @@ function install(): bool
|
|||
local error_string : string;
|
||||
if ( state == Pcap::fatal )
|
||||
{
|
||||
NOTICE([$note=Compile_Failure,
|
||||
$msg=fmt("Compiling packet filter failed"),
|
||||
$sub=tmp_filter]);
|
||||
NOTICE(Notice::Info($note=Compile_Failure,
|
||||
$msg=fmt("Compiling packet filter failed"),
|
||||
$sub=tmp_filter));
|
||||
|
||||
error_string = fmt("Bad pcap filter '%s': %s", tmp_filter,
|
||||
Pcap::get_filter_state_string(DefaultPcapFilter));
|
||||
|
|
@ -326,8 +326,8 @@ function install(): bool
|
|||
}
|
||||
local diff = current_time()-ts;
|
||||
if ( diff > max_filter_compile_time )
|
||||
NOTICE([$note=Too_Long_To_Compile_Filter,
|
||||
$msg=fmt("A BPF filter is taking longer than %0.1f seconds to compile", diff)]);
|
||||
NOTICE(Notice::Info($note=Too_Long_To_Compile_Filter,
|
||||
$msg=fmt("A BPF filter is taking longer than %0.1f seconds to compile", diff)));
|
||||
|
||||
# Set it to the current filter if it passed precompiling
|
||||
current_filter = tmp_filter;
|
||||
|
|
@ -350,9 +350,9 @@ function install(): bool
|
|||
info$success = F;
|
||||
info$failure_reason = Pcap::get_filter_state_string(DefaultPcapFilter);
|
||||
|
||||
NOTICE([$note=Install_Failure,
|
||||
$msg=fmt("Installing packet filter failed"),
|
||||
$sub=current_filter]);
|
||||
NOTICE(Notice::Info($note=Install_Failure,
|
||||
$msg=fmt("Installing packet filter failed"),
|
||||
$sub=current_filter));
|
||||
}
|
||||
|
||||
if ( reading_live_traffic() || reading_traces() )
|
||||
|
|
|
|||
|
|
@ -24,10 +24,10 @@ event net_stats_update(last_stat: NetStats)
|
|||
{
|
||||
local new_recvd = ns$pkts_recvd - last_stat$pkts_recvd;
|
||||
local new_link = ns$pkts_link - last_stat$pkts_link;
|
||||
NOTICE([$note=Dropped_Packets,
|
||||
$msg=fmt("%d packets dropped after filtering, %d received%s",
|
||||
new_dropped, new_recvd + new_dropped,
|
||||
new_link != 0 ? fmt(", %d on link", new_link) : "")]);
|
||||
NOTICE(Notice::Info($note=Dropped_Packets,
|
||||
$msg=fmt("%d packets dropped after filtering, %d received%s",
|
||||
new_dropped, new_recvd + new_dropped,
|
||||
new_link != 0 ? fmt(", %d on link", new_link) : "")));
|
||||
}
|
||||
|
||||
schedule stats_collection_interval { net_stats_update(ns) };
|
||||
|
|
|
|||
|
|
@ -40,20 +40,20 @@ export {
|
|||
|
||||
event zeek_init() &priority=5
|
||||
{
|
||||
Log::create_stream(Reporter::LOG, [$columns=Info, $path="reporter", $policy=log_policy]);
|
||||
Log::create_stream(Reporter::LOG, Log::Stream($columns=Info, $path="reporter", $policy=log_policy));
|
||||
}
|
||||
|
||||
event reporter_info(t: time, msg: string, location: string) &priority=-5
|
||||
{
|
||||
Log::write(Reporter::LOG, [$ts=t, $level=INFO, $message=msg, $location=location]);
|
||||
Log::write(Reporter::LOG, Info($ts=t, $level=INFO, $message=msg, $location=location));
|
||||
}
|
||||
|
||||
event reporter_warning(t: time, msg: string, location: string) &priority=-5
|
||||
{
|
||||
Log::write(Reporter::LOG, [$ts=t, $level=WARNING, $message=msg, $location=location]);
|
||||
Log::write(Reporter::LOG, Info($ts=t, $level=WARNING, $message=msg, $location=location));
|
||||
}
|
||||
|
||||
event reporter_error(t: time, msg: string, location: string) &priority=-5
|
||||
{
|
||||
Log::write(Reporter::LOG, [$ts=t, $level=ERROR, $message=msg, $location=location]);
|
||||
Log::write(Reporter::LOG, Info($ts=t, $level=ERROR, $message=msg, $location=location));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -145,14 +145,14 @@ global did_sig_log: set[string] &read_expire = 1 hr;
|
|||
|
||||
event zeek_init() &priority=5
|
||||
{
|
||||
Log::create_stream(Signatures::LOG, [$columns=Info, $ev=log_signature, $path="signatures", $policy=log_policy]);
|
||||
Log::create_stream(Signatures::LOG, Log::Stream($columns=Info, $ev=log_signature, $path="signatures", $policy=log_policy));
|
||||
}
|
||||
|
||||
event sig_summary(orig: addr, id: string, msg: string)
|
||||
{
|
||||
NOTICE([$note=Signature_Summary, $src=orig,
|
||||
$msg=fmt("%s: %s", orig, msg),
|
||||
$n=count_per_orig[orig,id] ]);
|
||||
NOTICE(Notice::Info($note=Signature_Summary, $src=orig,
|
||||
$msg=fmt("%s: %s", orig, msg),
|
||||
$n=count_per_orig[orig,id]));
|
||||
}
|
||||
|
||||
event signature_match(state: signature_state, msg: string, data: string)
|
||||
|
|
@ -189,16 +189,16 @@ event signature_match(state: signature_state, msg: string, data: string)
|
|||
|
||||
if ( action != SIG_QUIET && action != SIG_COUNT_PER_RESP )
|
||||
{
|
||||
local info: Info = [$ts=network_time(),
|
||||
$note=Sensitive_Signature,
|
||||
$uid=state$conn$uid,
|
||||
$src_addr=src_addr,
|
||||
$src_port=src_port,
|
||||
$dst_addr=dst_addr,
|
||||
$dst_port=dst_port,
|
||||
$event_msg=fmt("%s: %s", src_addr, msg),
|
||||
$sig_id=sig_id,
|
||||
$sub_msg=data];
|
||||
local info = Info($ts=network_time(),
|
||||
$note=Sensitive_Signature,
|
||||
$uid=state$conn$uid,
|
||||
$src_addr=src_addr,
|
||||
$src_port=src_port,
|
||||
$dst_addr=dst_addr,
|
||||
$dst_port=dst_port,
|
||||
$event_msg=fmt("%s: %s", src_addr, msg),
|
||||
$sig_id=sig_id,
|
||||
$sub_msg=data);
|
||||
Log::write(Signatures::LOG, info);
|
||||
}
|
||||
|
||||
|
|
@ -211,12 +211,12 @@ event signature_match(state: signature_state, msg: string, data: string)
|
|||
local dst = state$conn$id$resp_h;
|
||||
if ( ++count_per_resp[dst,sig_id] in count_thresholds )
|
||||
{
|
||||
NOTICE([$note=Count_Signature, $conn=state$conn,
|
||||
$msg=msg,
|
||||
$n=count_per_resp[dst,sig_id],
|
||||
$sub=fmt("%d matches of signature %s on host %s",
|
||||
count_per_resp[dst,sig_id],
|
||||
sig_id, dst)]);
|
||||
NOTICE(Notice::Info($note=Count_Signature, $conn=state$conn,
|
||||
$msg=msg,
|
||||
$n=count_per_resp[dst,sig_id],
|
||||
$sub=fmt("%d matches of signature %s on host %s",
|
||||
count_per_resp[dst,sig_id],
|
||||
sig_id, dst)));
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -241,10 +241,10 @@ event signature_match(state: signature_state, msg: string, data: string)
|
|||
}
|
||||
|
||||
if ( notice )
|
||||
NOTICE([$note=Sensitive_Signature,
|
||||
$conn=state$conn, $src=src_addr,
|
||||
$dst=dst_addr, $msg=fmt("%s: %s", src_addr, msg),
|
||||
$sub=data]);
|
||||
NOTICE(Notice::Info($note=Sensitive_Signature,
|
||||
$conn=state$conn, $src=src_addr,
|
||||
$dst=dst_addr, $msg=fmt("%s: %s", src_addr, msg),
|
||||
$sub=data));
|
||||
|
||||
if ( action == SIG_FILE_BUT_NO_SCAN || action == SIG_SUMMARY )
|
||||
return;
|
||||
|
|
@ -273,12 +273,12 @@ event signature_match(state: signature_state, msg: string, data: string)
|
|||
orig, sig_id, hcount);
|
||||
|
||||
Log::write(Signatures::LOG,
|
||||
[$ts=network_time(), $note=Multiple_Sig_Responders,
|
||||
$src_addr=orig, $sig_id=sig_id, $event_msg=msg,
|
||||
$host_count=hcount, $sub_msg=horz_scan_msg]);
|
||||
Info($ts=network_time(), $note=Multiple_Sig_Responders,
|
||||
$src_addr=orig, $sig_id=sig_id, $event_msg=msg,
|
||||
$host_count=hcount, $sub_msg=horz_scan_msg));
|
||||
|
||||
NOTICE([$note=Multiple_Sig_Responders, $src=orig,
|
||||
$msg=msg, $n=hcount, $sub=horz_scan_msg]);
|
||||
NOTICE(Notice::Info($note=Multiple_Sig_Responders, $src=orig,
|
||||
$msg=msg, $n=hcount, $sub=horz_scan_msg));
|
||||
|
||||
last_hthresh[orig] = hcount;
|
||||
}
|
||||
|
|
@ -290,16 +290,16 @@ event signature_match(state: signature_state, msg: string, data: string)
|
|||
orig, vcount, resp);
|
||||
|
||||
Log::write(Signatures::LOG,
|
||||
[$ts=network_time(),
|
||||
$note=Multiple_Signatures,
|
||||
$src_addr=orig,
|
||||
$dst_addr=resp, $sig_id=sig_id, $sig_count=vcount,
|
||||
$event_msg=fmt("%s different signatures triggered", vcount),
|
||||
$sub_msg=vert_scan_msg]);
|
||||
Info($ts=network_time(),
|
||||
$note=Multiple_Signatures,
|
||||
$src_addr=orig,
|
||||
$dst_addr=resp, $sig_id=sig_id, $sig_count=vcount,
|
||||
$event_msg=fmt("%s different signatures triggered", vcount),
|
||||
$sub_msg=vert_scan_msg));
|
||||
|
||||
NOTICE([$note=Multiple_Signatures, $src=orig, $dst=resp,
|
||||
$msg=fmt("%s different signatures triggered", vcount),
|
||||
$n=vcount, $sub=vert_scan_msg]);
|
||||
NOTICE(Notice::Info($note=Multiple_Signatures, $src=orig, $dst=resp,
|
||||
$msg=fmt("%s different signatures triggered", vcount),
|
||||
$n=vcount, $sub=vert_scan_msg));
|
||||
|
||||
last_vthresh[orig] = vcount;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -126,7 +126,7 @@ export {
|
|||
|
||||
event zeek_init() &priority=5
|
||||
{
|
||||
Log::create_stream(Software::LOG, [$columns=Info, $ev=log_software, $path="software", $policy=log_policy]);
|
||||
Log::create_stream(Software::LOG, Log::Stream($columns=Info, $ev=log_software, $path="software", $policy=log_policy));
|
||||
}
|
||||
|
||||
type Description: record {
|
||||
|
|
@ -163,7 +163,7 @@ function parse(unparsed_version: string): Description
|
|||
else
|
||||
v = Version($major=extract_count(vs));
|
||||
|
||||
return [$version=v, $unparsed_version=unparsed_version, $name=software_name];
|
||||
return Description($version=v, $unparsed_version=unparsed_version, $name=software_name);
|
||||
}
|
||||
}
|
||||
else
|
||||
|
|
@ -236,7 +236,7 @@ function parse(unparsed_version: string): Description
|
|||
}
|
||||
}
|
||||
|
||||
return [$version=v, $unparsed_version=unparsed_version, $name=alternate_names[software_name]];
|
||||
return Description($version=v, $unparsed_version=unparsed_version, $name=alternate_names[software_name]);
|
||||
}
|
||||
|
||||
global parse_cache: table[string] of Description &read_expire=65secs;
|
||||
|
|
@ -269,13 +269,13 @@ function parse_mozilla(unparsed_version: string): Description
|
|||
{
|
||||
software_name = "MSIE";
|
||||
if ( /Trident\/4\.0/ in unparsed_version )
|
||||
v = [$major=8,$minor=0];
|
||||
v = Version($major=8,$minor=0);
|
||||
else if ( /Trident\/5\.0/ in unparsed_version )
|
||||
v = [$major=9,$minor=0];
|
||||
v = Version($major=9,$minor=0);
|
||||
else if ( /Trident\/6\.0/ in unparsed_version )
|
||||
v = [$major=10,$minor=0];
|
||||
v = Version($major=10,$minor=0);
|
||||
else if ( /Trident\/7\.0/ in unparsed_version )
|
||||
v = [$major=11,$minor=0];
|
||||
v = Version($major=11,$minor=0);
|
||||
else
|
||||
{
|
||||
parts = split_string_all(unparsed_version, /MSIE [0-9]{1,2}\.*[0-9]*b?[0-9]*/);
|
||||
|
|
@ -373,7 +373,7 @@ function parse_mozilla(unparsed_version: string): Description
|
|||
v = parse(parts[1])$version;
|
||||
}
|
||||
|
||||
return [$version=v, $unparsed_version=unparsed_version, $name=software_name];
|
||||
return Description($version=v, $unparsed_version=unparsed_version, $name=software_name);
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -8,8 +8,8 @@ export {
|
|||
|
||||
event max_file_depth_exceeded(f: fa_file, args: Files::AnalyzerArgs, limit: count)
|
||||
{
|
||||
NOTICE([
|
||||
$note=Spicy::Spicy_Max_File_Depth_Exceeded,
|
||||
$msg=fmt("Maximum file depth exceeded for file %s", f$id)
|
||||
]);
|
||||
NOTICE(Notice::Info(
|
||||
$note=Spicy::Spicy_Max_File_Depth_Exceeded,
|
||||
$msg=fmt("Maximum file depth exceeded for file %s", f$id)
|
||||
));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -312,7 +312,7 @@ event zeek_init() &priority=100000
|
|||
|
||||
function init_resultval(r: Reducer): ResultVal
|
||||
{
|
||||
local rv: ResultVal = [$begin=network_time(), $end=network_time()];
|
||||
local rv = ResultVal($begin=network_time(), $end=network_time());
|
||||
hook init_resultval_hook(r, rv);
|
||||
return rv;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -54,7 +54,7 @@ hook register_observe_plugins()
|
|||
if ( r$num_last_elements > 0 )
|
||||
{
|
||||
if ( ! rv?$last_elements )
|
||||
rv$last_elements = Queue::init([$max_len=r$num_last_elements]);
|
||||
rv$last_elements = Queue::init(Queue::Settings($max_len=r$num_last_elements));
|
||||
Queue::put(rv$last_elements, obs);
|
||||
}
|
||||
});
|
||||
|
|
|
|||
|
|
@ -296,12 +296,12 @@ function register_counter_family(opts: MetricOpts): CounterFamily
|
|||
}
|
||||
|
||||
# Fallback Counter returned when there are issues with the labels.
|
||||
global error_counter_cf = register_counter_family([
|
||||
global error_counter_cf = register_counter_family(MetricOpts(
|
||||
$prefix="zeek",
|
||||
$name="telemetry_counter_usage_error",
|
||||
$unit="",
|
||||
$help_text="This counter is returned when label usage for counters is wrong. Check reporter.log if non-zero."
|
||||
]);
|
||||
));
|
||||
|
||||
function counter_with(cf: CounterFamily, label_values: labels_vector): Counter
|
||||
{
|
||||
|
|
@ -355,12 +355,12 @@ function register_gauge_family(opts: MetricOpts): GaugeFamily
|
|||
}
|
||||
|
||||
# Fallback Gauge returned when there are issues with the label usage.
|
||||
global error_gauge_cf = register_gauge_family([
|
||||
global error_gauge_cf = register_gauge_family(MetricOpts(
|
||||
$prefix="zeek",
|
||||
$name="telemetry_gauge_usage_error",
|
||||
$unit="",
|
||||
$help_text="This gauge is returned when label usage for gauges is wrong. Check reporter.log if non-zero."
|
||||
]);
|
||||
));
|
||||
|
||||
function gauge_with(gf: GaugeFamily, label_values: labels_vector): Gauge
|
||||
{
|
||||
|
|
@ -424,13 +424,13 @@ function register_histogram_family(opts: MetricOpts): HistogramFamily
|
|||
}
|
||||
|
||||
# Fallback Histogram when there are issues with the labels.
|
||||
global error_histogram_hf = register_histogram_family([
|
||||
global error_histogram_hf = register_histogram_family(MetricOpts(
|
||||
$prefix="zeek",
|
||||
$name="telemetry_histogram_usage_error",
|
||||
$unit="",
|
||||
$help_text="This histogram is returned when label usage for histograms is wrong. Check reporter.log if non-zero.",
|
||||
$bounds=vector(1.0)
|
||||
]);
|
||||
));
|
||||
|
||||
function histogram_with(hf: HistogramFamily, label_values: labels_vector): Histogram
|
||||
{
|
||||
|
|
@ -474,14 +474,14 @@ event run_sync_hook()
|
|||
}
|
||||
|
||||
# Expose the Zeek version as Prometheus style info metric
|
||||
global version_gauge_family = Telemetry::register_gauge_family([
|
||||
global version_gauge_family = Telemetry::register_gauge_family(Telemetry::MetricOpts(
|
||||
$prefix="zeek",
|
||||
$name="version_info",
|
||||
$unit="",
|
||||
$help_text="The Zeek version",
|
||||
$label_names=vector("version_number", "major", "minor", "patch", "commit",
|
||||
"beta", "debug","version_string")
|
||||
]);
|
||||
));
|
||||
|
||||
event zeek_init()
|
||||
{
|
||||
|
|
|
|||
|
|
@ -92,7 +92,7 @@ export {
|
|||
|
||||
event zeek_init() &priority=5
|
||||
{
|
||||
Log::create_stream(Tunnel::LOG, [$columns=Info, $path="tunnel", $policy=log_policy]);
|
||||
Log::create_stream(Tunnel::LOG, Log::Stream($columns=Info, $path="tunnel", $policy=log_policy));
|
||||
}
|
||||
|
||||
function register_all(ecv: EncapsulatingConnVector)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue