mirror of
https://github.com/zeek/zeek.git
synced 2025-10-15 13:08:20 +00:00
Add broctl items to NEWS
This commit is contained in:
Daniel Thayer
parent
ee5f87c634
commit
e0fb634f0c
1 changed files with 39 additions and 4 deletions
43
NEWS
43
NEWS
|
|
@ -67,14 +67,33 @@ New Functionality
|
|||
- The SSL analysis now alert when encountering SSL connections with
|
||||
old protocol versions or unsafe cipher suites.
|
||||
|
||||
- [TODO] Add new BroControl features.
|
||||
|
||||
- A new icmp_sent_payload event provides access to ICMP payload.
|
||||
|
||||
- Bro now parses DTLS traffic.
|
||||
|
||||
- Bro now has an RDP analyzer.
|
||||
|
||||
- BroControl now has a new command "deploy" which is equivalent to running
|
||||
the "check", "install", "stop", and "start" commands (in that order).
|
||||
|
||||
- BroControl now has a new option "StatusCmdShowAll" that controls whether
|
||||
or not the broctl "status" command gathers all of the status information.
|
||||
This option can be used to make the "status" command run significantly
|
||||
faster (in this case, the "Peers" column will not be shown in the output).
|
||||
|
||||
- BroControl now has a new option "StatsLogEnable" that controls whether
|
||||
or not broctl will record information to the "stats.log" file. This option
|
||||
can be used to make the "broctl cron" command run slightly faster (in this
|
||||
case, "broctl cron" will also no longer send email about not seeing any
|
||||
packets on the monitoring interfaces).
|
||||
|
||||
- BroControl now has a new option "MailHostUpDown" which controls whether or
|
||||
not the "broctl cron" command will send email when it notices that a host
|
||||
in the cluster is up or down.
|
||||
|
||||
- BroControl now has a new option "CommandTimeout" which specifies the number
|
||||
of seconds to wait for a command that broctl ran to return results.
|
||||
|
||||
Changed Functionality
|
||||
---------------------
|
||||
|
||||
|
|
@ -114,8 +133,6 @@ Changed Functionality
|
|||
- The default name for extracted files changed from extract-protocol-id
|
||||
to extract-timestamp-protocol-id.
|
||||
|
||||
- [TODO] Add changed BroControl features.
|
||||
|
||||
- The weird named "unmatched_HTTP_reply" has been removed since it can
|
||||
be detected at the script-layer and is handled correctly by the
|
||||
default HTTP scripts.
|
||||
|
|
@ -131,6 +148,24 @@ Changed Functionality
|
|||
|
||||
- TODO: what SSH events got changed or removed?
|
||||
|
||||
- BroControl now establishes only one ssh connection from the manager to
|
||||
each remote host in a cluster configuration (previously, there would be
|
||||
one ssh connection per remote Bro process).
|
||||
|
||||
- BroControl now uses SQLite to record state information instead of a
|
||||
plain text file (the file "spool/broctl.dat" is no longer used).
|
||||
On FreeBSD, this means that there is a new dependency on the package
|
||||
"py27-sqlite3".
|
||||
|
||||
- BroControl now records the expected running state of each Bro node right
|
||||
before each start or stop. The "broctl cron" command uses this info to
|
||||
either start or stop Bro nodes as needed so that the actual state matches
|
||||
the expected state (previously, "broctl cron" could only start nodes in
|
||||
the "crashed" state, and could never stop a node).
|
||||
|
||||
- BroControl now sends all normal command output (i.e., not error messages)
|
||||
to stdout. Error messages are still sent to stderr, however.
|
||||
|
||||
Deprecated Functionality
|
||||
------------------------
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue