From e46cf884353a79252304b4b822aa58c4790f4715 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Tue, 15 Oct 2019 12:59:45 -0700 Subject: [PATCH] Add Supervisor BIF/event API skeleton --- .../base/frameworks/supervisor/__load__.zeek | 2 + scripts/base/frameworks/supervisor/api.zeek | 35 ++++++++++ scripts/base/frameworks/supervisor/main.zeek | 70 +++++++++++++++++++ scripts/base/init-bare.zeek | 2 + scripts/base/init-frameworks-and-bifs.zeek | 1 + src/CMakeLists.txt | 1 + src/Func.cc | 3 + src/NetVar.cc | 2 + src/NetVar.h | 1 + src/Supervisor.cc | 29 ++++++++ src/Supervisor.h | 5 ++ src/supervisor.bif | 35 ++++++++++ .../core.check-unused-event-handlers/.stderr | 7 +- .../canonified_loaded_scripts.log | 8 ++- .../canonified_loaded_scripts.log | 8 ++- testing/btest/Baseline/plugins.hooks/output | 35 ++++++++-- 16 files changed, 232 insertions(+), 12 deletions(-) create mode 100644 scripts/base/frameworks/supervisor/__load__.zeek create mode 100644 scripts/base/frameworks/supervisor/api.zeek create mode 100644 scripts/base/frameworks/supervisor/main.zeek create mode 100644 src/supervisor.bif diff --git a/scripts/base/frameworks/supervisor/__load__.zeek b/scripts/base/frameworks/supervisor/__load__.zeek new file mode 100644 index 0000000000..e3034f5f0b --- /dev/null +++ b/scripts/base/frameworks/supervisor/__load__.zeek @@ -0,0 +1,2 @@ +@load ./api +@load ./main diff --git a/scripts/base/frameworks/supervisor/api.zeek b/scripts/base/frameworks/supervisor/api.zeek new file mode 100644 index 0000000000..31480bda51 --- /dev/null +++ b/scripts/base/frameworks/supervisor/api.zeek @@ -0,0 +1,35 @@ +##! The Zeek process supervision API. +# TODO: add proper docs + +module Supervisor; + +export { + type Status: record { + # TODO: add proper status fields + n: count; + }; + + type NodeConfig: record { + # TODO: add proper config field + name: string; + }; + + global status: function(nodes: string &default="all"): Status; + global create: function(config: NodeConfig): string; + global destroy: function(nodes: string): bool; + global restart: function(nodes: string &default="all"): bool; + + global Supervisor::stop_request: event(); + + global Supervisor::status_request: event(id: count, nodes: string); + global Supervisor::status_response: event(id: count, result: Status); + + global Supervisor::create_request: event(id: count, config: NodeConfig); + global Supervisor::create_response: event(id: count, result: string); + + global Supervisor::destroy_request: event(id: count, nodes: string); + global Supervisor::destroy_response: event(id: count, result: bool); + + global Supervisor::restart_request: event(id: count, nodes: string); + global Supervisor::restart_response: event(id: count, result: bool); +} diff --git a/scripts/base/frameworks/supervisor/main.zeek b/scripts/base/frameworks/supervisor/main.zeek new file mode 100644 index 0000000000..3dc0651003 --- /dev/null +++ b/scripts/base/frameworks/supervisor/main.zeek @@ -0,0 +1,70 @@ +##! Implements Zeek process supervision configuration options and default +##! behavior. +# TODO: add proper docs + +@load ./api +@load base/frameworks/broker + +module Supervisor; + +export { + const topic_prefix = "zeek/supervisor" &redef; +} + +event zeek_init() &priority=10 + { + Broker::subscribe(Supervisor::topic_prefix); + } + +event Supervisor::stop_request() + { + terminate(); + } + +event Supervisor::status_request(id: count, nodes: string) + { + local res = Supervisor::status(nodes); + local topic = Supervisor::topic_prefix + "/status_response"; + Broker::publish(topic, Supervisor::status_response, id, res); + } + +event Supervisor::create_request(id: count, config: NodeConfig) + { + local res = Supervisor::create(config); + local topic = Supervisor::topic_prefix + "/create_response"; + Broker::publish(topic, Supervisor::create_response, id, res); + } + +event Supervisor::destroy_request(id: count, nodes: string) + { + local res = Supervisor::destroy(nodes); + local topic = Supervisor::topic_prefix + "/destroy_response"; + Broker::publish(topic, Supervisor::destroy_response, id, res); + } + +event Supervisor::restart_request(id: count, nodes: string) + { + local res = Supervisor::restart(nodes); + local topic = Supervisor::topic_prefix + "/restart_response"; + Broker::publish(topic, Supervisor::restart_response, id, res); + } + +function Supervisor::status(nodes: string): Status + { + return Supervisor::__status(nodes); + } + +function create(config: NodeConfig): string + { + return Supervisor::__create(config); + } + +function destroy(nodes: string): bool + { + return Supervisor::__destroy(nodes); + } + +function restart(nodes: string): bool + { + return Supervisor::__restart(nodes); + } diff --git a/scripts/base/init-bare.zeek b/scripts/base/init-bare.zeek index 82993bfb03..4667fb1fb2 100644 --- a/scripts/base/init-bare.zeek +++ b/scripts/base/init-bare.zeek @@ -1781,6 +1781,8 @@ type gtp_delete_pdp_ctx_response_elements: record { @load base/bif/reporter.bif @load base/bif/strings.bif @load base/bif/option.bif +@load base/frameworks/supervisor/api +@load base/bif/supervisor.bif global done_with_network = F; event net_done(t: time) { done_with_network = T; } diff --git a/scripts/base/init-frameworks-and-bifs.zeek b/scripts/base/init-frameworks-and-bifs.zeek index 19897e7ffb..a667110a87 100644 --- a/scripts/base/init-frameworks-and-bifs.zeek +++ b/scripts/base/init-frameworks-and-bifs.zeek @@ -5,6 +5,7 @@ # the separate file). @load base/frameworks/logging @load base/frameworks/broker +@load base/frameworks/supervisor @load base/frameworks/input @load base/frameworks/analyzer @load base/frameworks/files diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 2655b7f531..6ccb7c9124 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -111,6 +111,7 @@ set(BIF_SRCS strings.bif reporter.bif option.bif + supervisor.bif ) foreach (bift ${BIF_SRCS}) diff --git a/src/Func.cc b/src/Func.cc index 747029e4f8..e0debf40d5 100644 --- a/src/Func.cc +++ b/src/Func.cc @@ -717,12 +717,14 @@ void builtin_error(const char* msg, BroObj* arg) #include "reporter.bif.func_h" #include "strings.bif.func_h" #include "option.bif.func_h" +#include "supervisor.bif.func_h" #include "zeek.bif.func_def" #include "stats.bif.func_def" #include "reporter.bif.func_def" #include "strings.bif.func_def" #include "option.bif.func_def" +#include "supervisor.bif.func_def" #include "__all__.bif.cc" // Autogenerated for compiling in the bif_target() code. #include "__all__.bif.register.cc" // Autogenerated for compiling in the bif_target() code. @@ -750,6 +752,7 @@ void init_builtin_funcs() #include "reporter.bif.func_init" #include "strings.bif.func_init" #include "option.bif.func_init" +#include "supervisor.bif.func_init" did_builtin_init = true; } diff --git a/src/NetVar.cc b/src/NetVar.cc index 1ab99170bb..c3f8b34340 100644 --- a/src/NetVar.cc +++ b/src/NetVar.cc @@ -196,6 +196,7 @@ bro_uint_t bits_per_uid; #include "types.bif.netvar_def" #include "event.bif.netvar_def" #include "reporter.bif.netvar_def" +#include "supervisor.bif.netvar_def" void init_event_handlers() { @@ -240,6 +241,7 @@ void init_net_var() #include "const.bif.netvar_init" #include "types.bif.netvar_init" #include "reporter.bif.netvar_init" +#include "supervisor.bif.netvar_init" conn_id = internal_type("conn_id")->AsRecordType(); endpoint = internal_type("endpoint")->AsRecordType(); diff --git a/src/NetVar.h b/src/NetVar.h index 95eb99d844..a02c742859 100644 --- a/src/NetVar.h +++ b/src/NetVar.h @@ -203,3 +203,4 @@ extern void init_net_var(); #include "types.bif.netvar_h" #include "event.bif.netvar_h" #include "reporter.bif.netvar_h" +#include "supervisor.bif.netvar_h" diff --git a/src/Supervisor.cc b/src/Supervisor.cc index f63a8e350e..d6b7620abd 100644 --- a/src/Supervisor.cc +++ b/src/Supervisor.cc @@ -8,6 +8,8 @@ #include "Supervisor.h" #include "Reporter.h" #include "DebugLogger.h" +#include "Val.h" +#include "NetVar.h" #include "zeek-config.h" #include "util.h" @@ -212,3 +214,30 @@ void zeek::Supervisor::RunStem(std::unique_ptr pipe) write(pipe->WriteFD(), "hi", 2); } } + +RecordVal* zeek::Supervisor::Status(const std::string& nodes) + { + // TODO: return real status information + static auto count = 0; + auto rval = new RecordVal(BifType::Record::Supervisor::Status); + rval->Assign(0, val_mgr->GetCount(count++)); + return rval; + } + +std::string zeek::Supervisor::Create(const RecordVal* node_config) + { + // TODO: return error msg on fail, or empty on success + return ""; + } + +bool zeek::Supervisor::Destroy(const std::string& nodes) + { + // TODO: return true if a matching node exists + return false; + } + +bool zeek::Supervisor::Restart(const std::string& nodes) + { + // TODO: return true if a matching node exists + return false; + } diff --git a/src/Supervisor.h b/src/Supervisor.h index 7d553d3b68..0713b1f5cd 100644 --- a/src/Supervisor.h +++ b/src/Supervisor.h @@ -33,6 +33,11 @@ public: void ObserveChildSignal(); + RecordVal* Status(const std::string& nodes); + std::string Create(const RecordVal* node_config); + bool Destroy(const std::string& nodes); + bool Restart(const std::string& nodes); + private: // IOSource interface overrides: diff --git a/src/supervisor.bif b/src/supervisor.bif new file mode 100644 index 0000000000..cac895e774 --- /dev/null +++ b/src/supervisor.bif @@ -0,0 +1,35 @@ +##! The BIFs that define the Zeek supervisor control interface. + +%%{ +#include "Supervisor.h" +%%} + +module Supervisor; + +type Supervisor::Status: record; +type Supervisor::NodeConfig: record; + +function Supervisor::__status%(nodes: string%): Supervisor::Status + %{ + return zeek::supervisor->Status(nodes->CheckString()); + %} + +function Supervisor::__create%(config: Supervisor::NodeConfig%): string + %{ + auto rval = zeek::supervisor->Create(config->AsRecordVal()); + return new StringVal(rval); + %} + +function Supervisor::__destroy%(nodes: string%): bool + %{ + auto rval = zeek::supervisor->Destroy(nodes->CheckString()); + return val_mgr->GetBool(rval); + %} + +function Supervisor::__restart%(nodes: string%): bool + %{ + auto rval = zeek::supervisor->Restart(nodes->CheckString()); + return val_mgr->GetBool(rval); + %} + +# TODO: BIFs for "restart", "add", "remove" operations diff --git a/testing/btest/Baseline/core.check-unused-event-handlers/.stderr b/testing/btest/Baseline/core.check-unused-event-handlers/.stderr index 8c4e4def40..f7d99adbfe 100644 --- a/testing/btest/Baseline/core.check-unused-event-handlers/.stderr +++ b/testing/btest/Baseline/core.check-unused-event-handlers/.stderr @@ -1,3 +1,8 @@ -warning in , line 1: event handler never invoked: this_is_never_used warning in , line 1: event handler never invoked: InputConfig::new_value warning in , line 1: event handler never invoked: InputRaw::process_finished +warning in , line 1: event handler never invoked: Supervisor::create_request +warning in , line 1: event handler never invoked: Supervisor::destroy_request +warning in , line 1: event handler never invoked: Supervisor::restart_request +warning in , line 1: event handler never invoked: Supervisor::status_request +warning in , line 1: event handler never invoked: Supervisor::stop_request +warning in , line 1: event handler never invoked: this_is_never_used diff --git a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log index 072b83ffe0..76114aac6f 100644 --- a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log +++ b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log @@ -3,7 +3,7 @@ #empty_field (empty) #unset_field - #path loaded_scripts -#open 2019-07-29-19-05-26 +#open 2019-10-15-01-48-24 #fields name #types string scripts/base/init-bare.zeek @@ -14,6 +14,8 @@ scripts/base/init-bare.zeek build/scripts/base/bif/reporter.bif.zeek build/scripts/base/bif/strings.bif.zeek build/scripts/base/bif/option.bif.zeek + scripts/base/frameworks/supervisor/api.zeek + build/scripts/base/bif/supervisor.bif.zeek build/scripts/base/bif/plugins/Zeek_SNMP.types.bif.zeek build/scripts/base/bif/plugins/Zeek_KRB.types.bif.zeek build/scripts/base/bif/event.bif.zeek @@ -35,6 +37,8 @@ scripts/base/init-frameworks-and-bifs.zeek build/scripts/base/bif/data.bif.zeek build/scripts/base/bif/store.bif.zeek scripts/base/frameworks/broker/log.zeek + scripts/base/frameworks/supervisor/__load__.zeek + scripts/base/frameworks/supervisor/main.zeek scripts/base/frameworks/input/__load__.zeek scripts/base/frameworks/input/main.zeek build/scripts/base/bif/input.bif.zeek @@ -181,4 +185,4 @@ scripts/base/init-frameworks-and-bifs.zeek build/scripts/base/bif/plugins/Zeek_SQLiteWriter.sqlite.bif.zeek scripts/policy/misc/loaded-scripts.zeek scripts/base/utils/paths.zeek -#close 2019-07-29-19-05-26 +#close 2019-10-15-01-48-24 diff --git a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log index 42dbfbd772..a95b7505f3 100644 --- a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log +++ b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log @@ -3,7 +3,7 @@ #empty_field (empty) #unset_field - #path loaded_scripts -#open 2019-08-06-00-02-39 +#open 2019-10-15-01-48-24 #fields name #types string scripts/base/init-bare.zeek @@ -14,6 +14,8 @@ scripts/base/init-bare.zeek build/scripts/base/bif/reporter.bif.zeek build/scripts/base/bif/strings.bif.zeek build/scripts/base/bif/option.bif.zeek + scripts/base/frameworks/supervisor/api.zeek + build/scripts/base/bif/supervisor.bif.zeek build/scripts/base/bif/plugins/Zeek_SNMP.types.bif.zeek build/scripts/base/bif/plugins/Zeek_KRB.types.bif.zeek build/scripts/base/bif/event.bif.zeek @@ -35,6 +37,8 @@ scripts/base/init-frameworks-and-bifs.zeek build/scripts/base/bif/data.bif.zeek build/scripts/base/bif/store.bif.zeek scripts/base/frameworks/broker/log.zeek + scripts/base/frameworks/supervisor/__load__.zeek + scripts/base/frameworks/supervisor/main.zeek scripts/base/frameworks/input/__load__.zeek scripts/base/frameworks/input/main.zeek build/scripts/base/bif/input.bif.zeek @@ -375,4 +379,4 @@ scripts/base/init-default.zeek scripts/base/misc/find-filtered-trace.zeek scripts/base/misc/version.zeek scripts/policy/misc/loaded-scripts.zeek -#close 2019-08-06-00-02-39 +#close 2019-10-15-01-48-25 diff --git a/testing/btest/Baseline/plugins.hooks/output b/testing/btest/Baseline/plugins.hooks/output index 94cb9c0d34..de6971d4d5 100644 --- a/testing/btest/Baseline/plugins.hooks/output +++ b/testing/btest/Baseline/plugins.hooks/output @@ -157,6 +157,8 @@ 0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_TEREDO, {3544/udp})) -> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_VXLAN, {4789/udp})) -> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_XMPP, {5222<...>/tcp})) -> +0.000000 MetaHookPost CallFunction(Broker::__subscribe, , (zeek/supervisor)) -> +0.000000 MetaHookPost CallFunction(Broker::subscribe, , (zeek/supervisor)) -> 0.000000 MetaHookPost CallFunction(Cluster::is_enabled, , ()) -> 0.000000 MetaHookPost CallFunction(Cluster::is_enabled, , ()) -> 0.000000 MetaHookPost CallFunction(Cluster::local_node_type, , ()) -> @@ -274,7 +276,7 @@ 0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) -> 0.000000 MetaHookPost CallFunction(Log::__create_stream, , (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) -> 0.000000 MetaHookPost CallFunction(Log::__create_stream, , (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) -> -0.000000 MetaHookPost CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1565053246.404549, node=zeek, filter=ip or not ip, init=T, success=T])) -> +0.000000 MetaHookPost CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1571104127.525167, node=zeek, filter=ip or not ip, init=T, success=T])) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Broker::LOG)) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Cluster::LOG)) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Config::LOG)) -> @@ -455,7 +457,7 @@ 0.000000 MetaHookPost CallFunction(Log::create_stream, , (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) -> 0.000000 MetaHookPost CallFunction(Log::create_stream, , (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) -> 0.000000 MetaHookPost CallFunction(Log::create_stream, , (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) -> -0.000000 MetaHookPost CallFunction(Log::write, , (PacketFilter::LOG, [ts=1565053246.404549, node=zeek, filter=ip or not ip, init=T, success=T])) -> +0.000000 MetaHookPost CallFunction(Log::write, , (PacketFilter::LOG, [ts=1571104127.525167, node=zeek, filter=ip or not ip, init=T, success=T])) -> 0.000000 MetaHookPost CallFunction(NetControl::check_plugins, , ()) -> 0.000000 MetaHookPost CallFunction(NetControl::init, , ()) -> 0.000000 MetaHookPost CallFunction(Notice::want_pp, , ()) -> @@ -693,6 +695,7 @@ 0.000000 MetaHookPost LoadFile(0, .<...>/add-geodata.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, .<...>/addrs.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, .<...>/analyzer.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/api.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, .<...>/ascii.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, .<...>/average.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, .<...>/benchmark.zeek) -> -1 @@ -766,6 +769,7 @@ 0.000000 MetaHookPost LoadFile(0, .<...>/store.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, .<...>/strings.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, .<...>/sum.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/supervisor.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, .<...>/thresholds.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, .<...>/top-k.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, .<...>/topk.zeek) -> -1 @@ -787,6 +791,7 @@ 0.000000 MetaHookPost LoadFile(0, base<...>/addrs.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/analyzer) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/analyzer.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, base<...>/api.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/bif) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/broker) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/cluster) -> -1 @@ -867,6 +872,8 @@ 0.000000 MetaHookPost LoadFile(0, base<...>/strings.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/strings.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/sumstats) -> -1 +0.000000 MetaHookPost LoadFile(0, base<...>/supervisor) -> -1 +0.000000 MetaHookPost LoadFile(0, base<...>/supervisor.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/syslog) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/thresholds.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/time.zeek) -> -1 @@ -1052,6 +1059,8 @@ 0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_TEREDO, {3544/udp})) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_VXLAN, {4789/udp})) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_XMPP, {5222<...>/tcp})) +0.000000 MetaHookPre CallFunction(Broker::__subscribe, , (zeek/supervisor)) +0.000000 MetaHookPre CallFunction(Broker::subscribe, , (zeek/supervisor)) 0.000000 MetaHookPre CallFunction(Cluster::is_enabled, , ()) 0.000000 MetaHookPre CallFunction(Cluster::is_enabled, , ()) 0.000000 MetaHookPre CallFunction(Cluster::local_node_type, , ()) @@ -1169,7 +1178,7 @@ 0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, , (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, , (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) -0.000000 MetaHookPre CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1565053246.404549, node=zeek, filter=ip or not ip, init=T, success=T])) +0.000000 MetaHookPre CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1571104127.525167, node=zeek, filter=ip or not ip, init=T, success=T])) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Broker::LOG)) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Cluster::LOG)) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Config::LOG)) @@ -1350,7 +1359,7 @@ 0.000000 MetaHookPre CallFunction(Log::create_stream, , (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) 0.000000 MetaHookPre CallFunction(Log::create_stream, , (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) 0.000000 MetaHookPre CallFunction(Log::create_stream, , (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) -0.000000 MetaHookPre CallFunction(Log::write, , (PacketFilter::LOG, [ts=1565053246.404549, node=zeek, filter=ip or not ip, init=T, success=T])) +0.000000 MetaHookPre CallFunction(Log::write, , (PacketFilter::LOG, [ts=1571104127.525167, node=zeek, filter=ip or not ip, init=T, success=T])) 0.000000 MetaHookPre CallFunction(NetControl::check_plugins, , ()) 0.000000 MetaHookPre CallFunction(NetControl::init, , ()) 0.000000 MetaHookPre CallFunction(Notice::want_pp, , ()) @@ -1588,6 +1597,7 @@ 0.000000 MetaHookPre LoadFile(0, .<...>/add-geodata.zeek) 0.000000 MetaHookPre LoadFile(0, .<...>/addrs.zeek) 0.000000 MetaHookPre LoadFile(0, .<...>/analyzer.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/api.zeek) 0.000000 MetaHookPre LoadFile(0, .<...>/ascii.zeek) 0.000000 MetaHookPre LoadFile(0, .<...>/average.zeek) 0.000000 MetaHookPre LoadFile(0, .<...>/benchmark.zeek) @@ -1661,6 +1671,7 @@ 0.000000 MetaHookPre LoadFile(0, .<...>/store.zeek) 0.000000 MetaHookPre LoadFile(0, .<...>/strings.bif.zeek) 0.000000 MetaHookPre LoadFile(0, .<...>/sum.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/supervisor.bif.zeek) 0.000000 MetaHookPre LoadFile(0, .<...>/thresholds.zeek) 0.000000 MetaHookPre LoadFile(0, .<...>/top-k.bif.zeek) 0.000000 MetaHookPre LoadFile(0, .<...>/topk.zeek) @@ -1682,6 +1693,7 @@ 0.000000 MetaHookPre LoadFile(0, base<...>/addrs.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/analyzer) 0.000000 MetaHookPre LoadFile(0, base<...>/analyzer.bif.zeek) +0.000000 MetaHookPre LoadFile(0, base<...>/api.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/bif) 0.000000 MetaHookPre LoadFile(0, base<...>/broker) 0.000000 MetaHookPre LoadFile(0, base<...>/cluster) @@ -1762,6 +1774,8 @@ 0.000000 MetaHookPre LoadFile(0, base<...>/strings.bif.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/strings.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/sumstats) +0.000000 MetaHookPre LoadFile(0, base<...>/supervisor) +0.000000 MetaHookPre LoadFile(0, base<...>/supervisor.bif.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/syslog) 0.000000 MetaHookPre LoadFile(0, base<...>/thresholds.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/time.zeek) @@ -1947,6 +1961,8 @@ 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_TEREDO, {3544/udp}) 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_VXLAN, {4789/udp}) 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_XMPP, {5222<...>/tcp}) +0.000000 | HookCallFunction Broker::__subscribe(zeek/supervisor) +0.000000 | HookCallFunction Broker::subscribe(zeek/supervisor) 0.000000 | HookCallFunction Cluster::is_enabled() 0.000000 | HookCallFunction Cluster::local_node_type() 0.000000 | HookCallFunction Cluster::register_pool([topic=zeek<...>/logger, node_type=Cluster::LOGGER, max_nodes=, exclusive=F]) @@ -2063,7 +2079,7 @@ 0.000000 | HookCallFunction Log::__create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird]) 0.000000 | HookCallFunction Log::__create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509]) 0.000000 | HookCallFunction Log::__create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql]) -0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1565053246.404549, node=zeek, filter=ip or not ip, init=T, success=T]) +0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1571104127.525167, node=zeek, filter=ip or not ip, init=T, success=T]) 0.000000 | HookCallFunction Log::add_default_filter(Broker::LOG) 0.000000 | HookCallFunction Log::add_default_filter(Cluster::LOG) 0.000000 | HookCallFunction Log::add_default_filter(Config::LOG) @@ -2244,7 +2260,7 @@ 0.000000 | HookCallFunction Log::create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird]) 0.000000 | HookCallFunction Log::create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509]) 0.000000 | HookCallFunction Log::create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql]) -0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1565053246.404549, node=zeek, filter=ip or not ip, init=T, success=T]) +0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1571104127.525167, node=zeek, filter=ip or not ip, init=T, success=T]) 0.000000 | HookCallFunction NetControl::check_plugins() 0.000000 | HookCallFunction NetControl::init() 0.000000 | HookCallFunction Notice::want_pp() @@ -2482,6 +2498,7 @@ 0.000000 | HookLoadFile .<...>/add-geodata.zeek 0.000000 | HookLoadFile .<...>/addrs.zeek 0.000000 | HookLoadFile .<...>/analyzer.bif.zeek +0.000000 | HookLoadFile .<...>/api.zeek 0.000000 | HookLoadFile .<...>/archive.sig 0.000000 | HookLoadFile .<...>/ascii.zeek 0.000000 | HookLoadFile .<...>/audio.sig @@ -2563,6 +2580,7 @@ 0.000000 | HookLoadFile .<...>/store.zeek 0.000000 | HookLoadFile .<...>/strings.bif.zeek 0.000000 | HookLoadFile .<...>/sum.zeek +0.000000 | HookLoadFile .<...>/supervisor.bif.zeek 0.000000 | HookLoadFile .<...>/thresholds.zeek 0.000000 | HookLoadFile .<...>/top-k.bif.zeek 0.000000 | HookLoadFile .<...>/topk.zeek @@ -2585,6 +2603,7 @@ 0.000000 | HookLoadFile base<...>/addrs.zeek 0.000000 | HookLoadFile base<...>/analyzer 0.000000 | HookLoadFile base<...>/analyzer.bif.zeek +0.000000 | HookLoadFile base<...>/api.zeek 0.000000 | HookLoadFile base<...>/bif 0.000000 | HookLoadFile base<...>/broker 0.000000 | HookLoadFile base<...>/cluster @@ -2665,6 +2684,8 @@ 0.000000 | HookLoadFile base<...>/strings.bif.zeek 0.000000 | HookLoadFile base<...>/strings.zeek 0.000000 | HookLoadFile base<...>/sumstats +0.000000 | HookLoadFile base<...>/supervisor +0.000000 | HookLoadFile base<...>/supervisor.bif.zeek 0.000000 | HookLoadFile base<...>/syslog 0.000000 | HookLoadFile base<...>/thresholds.zeek 0.000000 | HookLoadFile base<...>/time.zeek @@ -2678,7 +2699,7 @@ 0.000000 | HookLoadFile base<...>/xmpp 0.000000 | HookLoadFile base<...>/zeek.bif.zeek 0.000000 | HookLogInit packet_filter 1/1 {ts (time), node (string), filter (string), init (bool), success (bool)} -0.000000 | HookLogWrite packet_filter [ts=1565053246.404549, node=zeek, filter=ip or not ip, init=T, success=T] +0.000000 | HookLogWrite packet_filter [ts=1571104127.525167, node=zeek, filter=ip or not ip, init=T, success=T] 0.000000 | HookQueueEvent NetControl::init() 0.000000 | HookQueueEvent filter_change_tracking() 0.000000 | HookQueueEvent zeek_init()