Write NetControl framework documentation.

In the process, some of the script documentation of the NetControl framework was also updated.
2025-10-16 13:38:19 +00:00 · 2016-06-22 16:02:48 -07:00 · 2016-06-22 16:02:48 -07:00 · f1267b0b94
commit f1267b0b94
parent 3b55a917ac
78 changed files with 1918 additions and 142 deletions
--- a/testing/btest/Baseline/doc.sphinx.netcontrol-3-ssh-guesser.bro/btest-doc.sphinx.netcontrol-3-ssh-guesser.bro#1
+++ b/testing/btest/Baseline/doc.sphinx.netcontrol-3-ssh-guesser.bro/btest-doc.sphinx.netcontrol-3-ssh-guesser.bro#1
@ -0,0 +1,32 @@
+.. rst-class:: btest-cmd
+
+    .. code-block:: none
+      :linenos:
+      :emphasize-lines: 1,1
+
+      # bro -C -r ssh/sshguess.pcap netcontrol-3-ssh-guesser.bro
+      netcontrol debug (Debug-All): init
+      netcontrol debug (Debug-All): add_rule: [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=192.168.56.1/32, mac=<uninitialized>], expire=10.0 mins, priority=0, location=ACTION_DROP: T, out_port=<uninitialized>, mod=<uninitialized>, id=2, cid=2, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _no_expire_plugins={\x0a\x0a}, _added=F]
+
+.. rst-class:: btest-cmd
+
+    .. code-block:: none
+      :linenos:
+      :emphasize-lines: 1,1
+
+      # cat netcontrol.log
+      #separator \x09
+      #set_separator	,
+      #empty_field	(empty)
+      #unset_field	-
+      #path	netcontrol
+      #open	2016-06-22-22-58-38
+      #fields	ts	rule_id	category	cmd	state	action	target	entity_type	entity	mod	msg	priority	expire	location	plugin
+      #types	time	string	enum	string	enum	string	enum	string	string	string	string	int	interval	string	string
+      0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activating plugin with priority 0	-	-	-	Debug-All
+      0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activation finished	-	-	-	Debug-All
+      0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	plugin initialization done	-	-	-	-
+      1427726711.398575	2	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.56.1/32	-	-	0	600.000000	ACTION_DROP: T	Debug-All
+      1427726711.398575	2	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.56.1/32	-	-	0	600.000000	ACTION_DROP: T	Debug-All
+      #close	2016-06-22-22-58-38
+
--- a/testing/btest/Baseline/doc.sphinx.netcontrol-3-ssh-guesser.bro/btest-doc.sphinx.netcontrol-3-ssh-guesser.bro#2
+++ b/testing/btest/Baseline/doc.sphinx.netcontrol-3-ssh-guesser.bro/btest-doc.sphinx.netcontrol-3-ssh-guesser.bro#2
@ -0,0 +1,18 @@
+.. rst-class:: btest-cmd
+
+    .. code-block:: none
+      :linenos:
+      :emphasize-lines: 1,1
+
+      # cat notice.log
+      #separator \x09
+      #set_separator	,
+      #empty_field	(empty)
+      #unset_field	-
+      #path	notice
+      #open	2016-06-22-22-58-38
+      #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	fuid	file_mime_type	file_desc	proto	note	msg	sub	src	dst	p	n	peer_descr	actions	suppress_for	dropped	remote_location.country_code	remote_location.region	remote_location.city	remote_location.latitude	remote_location.longitude
+      #types	time	string	addr	port	addr	port	string	string	string	enum	enum	string	string	addr	addr	port	count	string	set[enum]	interval	bool	string	string	string	double	double
+      1427726711.398575	-	-	-	-	-	-	-	-	-	SSH::Password_Guessing	192.168.56.1 appears to be guessing SSH passwords (seen in 10 connections).	Sampled servers:  192.168.56.103, 192.168.56.103, 192.168.56.103, 192.168.56.103, 192.168.56.103	192.168.56.1	-	-	-	bro	Notice::ACTION_DROP,Notice::ACTION_LOG	3600.000000	T	-	-	-	-	-
+      #close	2016-06-22-22-58-38
+