diff --git a/scripts/base/init-default.bro b/scripts/base/init-default.bro
index b4f0769737..2af8f3bc3d 100644
--- a/scripts/base/init-default.bro
+++ b/scripts/base/init-default.bro
@@ -46,7 +46,7 @@
@load base/protocols/http
@load base/protocols/irc
@load base/protocols/modbus
-#@load base/protocols/mysql
+@load base/protocols/mysql
@load base/protocols/pop3
@load base/protocols/radius
@load base/protocols/rdp
diff --git a/scripts/test-all-policy.bro b/scripts/test-all-policy.bro
index 0fb74f91cf..468b02a81a 100644
--- a/scripts/test-all-policy.bro
+++ b/scripts/test-all-policy.bro
@@ -77,6 +77,7 @@
@load protocols/modbus/known-masters-slaves.bro
@load protocols/modbus/track-memmap.bro
@load protocols/mysql/software.bro
+@load protocols/rdp/indicate_ssl.bro
@load protocols/smtp/blocklists.bro
@load protocols/smtp/detect-suspicious-orig.bro
@load protocols/smtp/entities-excerpt.bro
diff --git a/src/analyzer/protocol/CMakeLists.txt b/src/analyzer/protocol/CMakeLists.txt
index 783f1e7469..cb823af519 100644
--- a/src/analyzer/protocol/CMakeLists.txt
+++ b/src/analyzer/protocol/CMakeLists.txt
@@ -21,6 +21,7 @@ add_subdirectory(irc)
add_subdirectory(login)
add_subdirectory(mime)
add_subdirectory(modbus)
+add_subdirectory(mysql)
add_subdirectory(ncp)
add_subdirectory(netbios)
add_subdirectory(netflow)
diff --git a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
index 7b144198ee..e5b4c00b9f 100644
--- a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
+++ b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
@@ -3,7 +3,7 @@
#empty_field (empty)
#unset_field -
#path loaded_scripts
-#open 2015-02-03-22-47-13
+#open 2015-03-05-20-42-42
#fields name
#types string
scripts/base/init-bare.bro
@@ -79,7 +79,6 @@ scripts/base/init-bare.bro
build/scripts/base/bif/plugins/Bro_Login.functions.bif.bro
build/scripts/base/bif/plugins/Bro_MIME.events.bif.bro
build/scripts/base/bif/plugins/Bro_Modbus.events.bif.bro
- build/scripts/base/bif/plugins/Bro_MySQL.events.bif.bro
build/scripts/base/bif/plugins/Bro_NCP.events.bif.bro
build/scripts/base/bif/plugins/Bro_NetBIOS.events.bif.bro
build/scripts/base/bif/plugins/Bro_NetBIOS.functions.bif.bro
@@ -88,6 +87,8 @@ scripts/base/init-bare.bro
build/scripts/base/bif/plugins/Bro_PIA.events.bif.bro
build/scripts/base/bif/plugins/Bro_POP3.events.bif.bro
build/scripts/base/bif/plugins/Bro_RADIUS.events.bif.bro
+ build/scripts/base/bif/plugins/Bro_RDP.events.bif.bro
+ build/scripts/base/bif/plugins/Bro_RDP.types.bif.bro
build/scripts/base/bif/plugins/Bro_RPC.events.bif.bro
build/scripts/base/bif/plugins/Bro_SNMP.events.bif.bro
build/scripts/base/bif/plugins/Bro_SMB.events.bif.bro
@@ -121,4 +122,4 @@ scripts/base/init-bare.bro
build/scripts/base/bif/plugins/Bro_SQLiteWriter.sqlite.bif.bro
scripts/policy/misc/loaded-scripts.bro
scripts/base/utils/paths.bro
-#close 2015-02-03-22-47-13
+#close 2015-03-05-20-42-42
diff --git a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
index b102ad26a5..ec0bae5e06 100644
--- a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
+++ b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
@@ -3,7 +3,7 @@
#empty_field (empty)
#unset_field -
#path loaded_scripts
-#open 2015-02-03-22-47-15
+#open 2015-03-05-20-59-07
#fields name
#types string
scripts/base/init-bare.bro
@@ -88,6 +88,8 @@ scripts/base/init-bare.bro
build/scripts/base/bif/plugins/Bro_PIA.events.bif.bro
build/scripts/base/bif/plugins/Bro_POP3.events.bif.bro
build/scripts/base/bif/plugins/Bro_RADIUS.events.bif.bro
+ build/scripts/base/bif/plugins/Bro_RDP.events.bif.bro
+ build/scripts/base/bif/plugins/Bro_RDP.types.bif.bro
build/scripts/base/bif/plugins/Bro_RPC.events.bif.bro
build/scripts/base/bif/plugins/Bro_SNMP.events.bif.bro
build/scripts/base/bif/plugins/Bro_SMB.events.bif.bro
@@ -231,6 +233,9 @@ scripts/base/init-default.bro
scripts/base/protocols/radius/__load__.bro
scripts/base/protocols/radius/main.bro
scripts/base/protocols/radius/consts.bro
+ scripts/base/protocols/rdp/__load__.bro
+ scripts/base/protocols/rdp/consts.bro
+ scripts/base/protocols/rdp/main.bro
scripts/base/protocols/snmp/__load__.bro
scripts/base/protocols/snmp/main.bro
scripts/base/protocols/smtp/__load__.bro
@@ -253,4 +258,4 @@ scripts/base/init-default.bro
scripts/base/misc/find-checksum-offloading.bro
scripts/base/misc/find-filtered-trace.bro
scripts/policy/misc/loaded-scripts.bro
-#close 2015-02-03-22-47-15
+#close 2015-03-05-20-59-07
diff --git a/testing/btest/Baseline/coverage.find-bro-logs/out b/testing/btest/Baseline/coverage.find-bro-logs/out
index 7c86f9e59b..8feda88d15 100644
--- a/testing/btest/Baseline/coverage.find-bro-logs/out
+++ b/testing/btest/Baseline/coverage.find-bro-logs/out
@@ -26,6 +26,7 @@ notice
notice_alarm
packet_filter
radius
+rdp
reporter
signatures
smtp
diff --git a/testing/btest/Baseline/plugins.hooks/output b/testing/btest/Baseline/plugins.hooks/output
index 7c2f35b641..df8f2156ca 100644
--- a/testing/btest/Baseline/plugins.hooks/output
+++ b/testing/btest/Baseline/plugins.hooks/output
@@ -32,6 +32,7 @@
0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_MYSQL, 1434/tcp)) ->
0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_MYSQL, 3306/tcp)) ->
0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_RADIUS, 1812/udp)) ->
+0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_RDP, 3389/tcp)) ->
0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SMTP, 25/tcp)) ->
0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SMTP, 587/tcp)) ->
0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SNMP, 161/udp)) ->
@@ -85,6 +86,7 @@
0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_MYSQL, 1434/tcp)) ->
0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_MYSQL, 3306/tcp)) ->
0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_RADIUS, 1812/udp)) ->
+0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_RDP, 3389/tcp)) ->
0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SMTP, 25/tcp)) ->
0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SMTP, 587/tcp)) ->
0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SNMP, 161/udp)) ->
@@ -115,6 +117,7 @@
0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_MODBUS, {502/tcp})) ->
0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_MYSQL, {3306<...>/tcp})) ->
0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_RADIUS, {1812/udp})) ->
+0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_RDP, {3389/tcp})) ->
0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SMTP, {25<...>/tcp})) ->
0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SNMP, {162<...>/udp})) ->
0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SOCKS, {1080/tcp})) ->
@@ -147,6 +150,7 @@
0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Notice::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) ->
0.000000 MetaHookPost CallFunction(Log::__add_filter, , (PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) ->
0.000000 MetaHookPost CallFunction(Log::__add_filter, , (RADIUS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) ->
+0.000000 MetaHookPost CallFunction(Log::__add_filter, , (RDP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) ->
0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Reporter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) ->
0.000000 MetaHookPost CallFunction(Log::__add_filter, , (SMTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) ->
0.000000 MetaHookPost CallFunction(Log::__add_filter, , (SNMP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) ->
@@ -178,6 +182,7 @@
0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Notice::LOG, [columns=, ev=Notice::log_notice])) ->
0.000000 MetaHookPost CallFunction(Log::__create_stream, , (PacketFilter::LOG, [columns=, ev=])) ->
0.000000 MetaHookPost CallFunction(Log::__create_stream, , (RADIUS::LOG, [columns=, ev=RADIUS::log_radius])) ->
+0.000000 MetaHookPost CallFunction(Log::__create_stream, , (RDP::LOG, [columns=, ev=RDP::log_rdp])) ->
0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Reporter::LOG, [columns=, ev=])) ->
0.000000 MetaHookPost CallFunction(Log::__create_stream, , (SMTP::LOG, [columns=, ev=SMTP::log_smtp])) ->
0.000000 MetaHookPost CallFunction(Log::__create_stream, , (SNMP::LOG, [columns=, ev=SNMP::log_snmp])) ->
@@ -192,7 +197,7 @@
0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Weird::LOG, [columns=, ev=Weird::log_weird])) ->
0.000000 MetaHookPost CallFunction(Log::__create_stream, , (X509::LOG, [columns=, ev=X509::log_x509])) ->
0.000000 MetaHookPost CallFunction(Log::__create_stream, , (mysql::LOG, [columns=, ev=MySQL::log_mysql])) ->
-0.000000 MetaHookPost CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1425348860.085231, node=bro, filter=ip or not ip, init=T, success=T])) ->
+0.000000 MetaHookPost CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1425589463.487177, node=bro, filter=ip or not ip, init=T, success=T])) ->
0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Cluster::LOG)) ->
0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Communication::LOG)) ->
0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Conn::LOG)) ->
@@ -210,6 +215,7 @@
0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Notice::LOG)) ->
0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (PacketFilter::LOG)) ->
0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (RADIUS::LOG)) ->
+0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (RDP::LOG)) ->
0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Reporter::LOG)) ->
0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (SMTP::LOG)) ->
0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (SNMP::LOG)) ->
@@ -241,6 +247,7 @@
0.000000 MetaHookPost CallFunction(Log::add_filter, , (Notice::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) ->
0.000000 MetaHookPost CallFunction(Log::add_filter, , (PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) ->
0.000000 MetaHookPost CallFunction(Log::add_filter, , (RADIUS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) ->
+0.000000 MetaHookPost CallFunction(Log::add_filter, , (RDP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) ->
0.000000 MetaHookPost CallFunction(Log::add_filter, , (Reporter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) ->
0.000000 MetaHookPost CallFunction(Log::add_filter, , (SMTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) ->
0.000000 MetaHookPost CallFunction(Log::add_filter, , (SNMP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) ->
@@ -272,6 +279,7 @@
0.000000 MetaHookPost CallFunction(Log::create_stream, , (Notice::LOG, [columns=, ev=Notice::log_notice])) ->
0.000000 MetaHookPost CallFunction(Log::create_stream, , (PacketFilter::LOG, [columns=, ev=])) ->
0.000000 MetaHookPost CallFunction(Log::create_stream, , (RADIUS::LOG, [columns=, ev=RADIUS::log_radius])) ->
+0.000000 MetaHookPost CallFunction(Log::create_stream, , (RDP::LOG, [columns=, ev=RDP::log_rdp])) ->
0.000000 MetaHookPost CallFunction(Log::create_stream, , (Reporter::LOG, [columns=, ev=])) ->
0.000000 MetaHookPost CallFunction(Log::create_stream, , (SMTP::LOG, [columns=, ev=SMTP::log_smtp])) ->
0.000000 MetaHookPost CallFunction(Log::create_stream, , (SNMP::LOG, [columns=, ev=SNMP::log_snmp])) ->
@@ -286,8 +294,8 @@
0.000000 MetaHookPost CallFunction(Log::create_stream, , (Weird::LOG, [columns=, ev=Weird::log_weird])) ->
0.000000 MetaHookPost CallFunction(Log::create_stream, , (X509::LOG, [columns=, ev=X509::log_x509])) ->
0.000000 MetaHookPost CallFunction(Log::create_stream, , (mysql::LOG, [columns=, ev=MySQL::log_mysql])) ->
-0.000000 MetaHookPost CallFunction(Log::default_path_func, , (PacketFilter::LOG, , [ts=1425348860.085231, node=bro, filter=ip or not ip, init=T, success=T])) ->
-0.000000 MetaHookPost CallFunction(Log::write, , (PacketFilter::LOG, [ts=1425348860.085231, node=bro, filter=ip or not ip, init=T, success=T])) ->
+0.000000 MetaHookPost CallFunction(Log::default_path_func, , (PacketFilter::LOG, , [ts=1425589463.487177, node=bro, filter=ip or not ip, init=T, success=T])) ->
+0.000000 MetaHookPost CallFunction(Log::write, , (PacketFilter::LOG, [ts=1425589463.487177, node=bro, filter=ip or not ip, init=T, success=T])) ->
0.000000 MetaHookPost CallFunction(Notice::want_pp, , ()) ->
0.000000 MetaHookPost CallFunction(PacketFilter::build, , ()) ->
0.000000 MetaHookPost CallFunction(PacketFilter::combine_filters, , (ip or not ip, and, )) ->
@@ -371,6 +379,8 @@
0.000000 MetaHookPost LoadFile(./Bro_PIA.events.bif.bro) -> -1
0.000000 MetaHookPost LoadFile(./Bro_POP3.events.bif.bro) -> -1
0.000000 MetaHookPost LoadFile(./Bro_RADIUS.events.bif.bro) -> -1
+0.000000 MetaHookPost LoadFile(./Bro_RDP.events.bif.bro) -> -1
+0.000000 MetaHookPost LoadFile(./Bro_RDP.types.bif.bro) -> -1
0.000000 MetaHookPost LoadFile(./Bro_RPC.events.bif.bro) -> -1
0.000000 MetaHookPost LoadFile(./Bro_RawReader.raw.bif.bro) -> -1
0.000000 MetaHookPost LoadFile(./Bro_SMB.events.bif.bro) -> -1
@@ -519,6 +529,7 @@
0.000000 MetaHookPost LoadFile(base<...>/pop3) -> -1
0.000000 MetaHookPost LoadFile(base<...>/queue) -> -1
0.000000 MetaHookPost LoadFile(base<...>/radius) -> -1
+0.000000 MetaHookPost LoadFile(base<...>/rdp) -> -1
0.000000 MetaHookPost LoadFile(base<...>/reporter) -> -1
0.000000 MetaHookPost LoadFile(base<...>/reporter.bif) -> -1
0.000000 MetaHookPost LoadFile(base<...>/signatures) -> -1
@@ -577,6 +588,7 @@
0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_MYSQL, 1434/tcp))
0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_MYSQL, 3306/tcp))
0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_RADIUS, 1812/udp))
+0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_RDP, 3389/tcp))
0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SMTP, 25/tcp))
0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SMTP, 587/tcp))
0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SNMP, 161/udp))
@@ -630,6 +642,7 @@
0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_MYSQL, 1434/tcp))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_MYSQL, 3306/tcp))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_RADIUS, 1812/udp))
+0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_RDP, 3389/tcp))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SMTP, 25/tcp))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SMTP, 587/tcp))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SNMP, 161/udp))
@@ -660,6 +673,7 @@
0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_MODBUS, {502/tcp}))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_MYSQL, {3306<...>/tcp}))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_RADIUS, {1812/udp}))
+0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_RDP, {3389/tcp}))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SMTP, {25<...>/tcp}))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SNMP, {162<...>/udp}))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SOCKS, {1080/tcp}))
@@ -692,6 +706,7 @@
0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Notice::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]))
0.000000 MetaHookPre CallFunction(Log::__add_filter, , (PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]))
0.000000 MetaHookPre CallFunction(Log::__add_filter, , (RADIUS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]))
+0.000000 MetaHookPre CallFunction(Log::__add_filter, , (RDP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]))
0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Reporter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]))
0.000000 MetaHookPre CallFunction(Log::__add_filter, , (SMTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]))
0.000000 MetaHookPre CallFunction(Log::__add_filter, , (SNMP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]))
@@ -723,6 +738,7 @@
0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Notice::LOG, [columns=, ev=Notice::log_notice]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, , (PacketFilter::LOG, [columns=, ev=]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, , (RADIUS::LOG, [columns=, ev=RADIUS::log_radius]))
+0.000000 MetaHookPre CallFunction(Log::__create_stream, , (RDP::LOG, [columns=, ev=RDP::log_rdp]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Reporter::LOG, [columns=, ev=]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, , (SMTP::LOG, [columns=, ev=SMTP::log_smtp]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, , (SNMP::LOG, [columns=, ev=SNMP::log_snmp]))
@@ -737,7 +753,7 @@
0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Weird::LOG, [columns=, ev=Weird::log_weird]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, , (X509::LOG, [columns=, ev=X509::log_x509]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, , (mysql::LOG, [columns=, ev=MySQL::log_mysql]))
-0.000000 MetaHookPre CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1425348860.085231, node=bro, filter=ip or not ip, init=T, success=T]))
+0.000000 MetaHookPre CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1425589463.487177, node=bro, filter=ip or not ip, init=T, success=T]))
0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Cluster::LOG))
0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Communication::LOG))
0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Conn::LOG))
@@ -755,6 +771,7 @@
0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Notice::LOG))
0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (PacketFilter::LOG))
0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (RADIUS::LOG))
+0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (RDP::LOG))
0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Reporter::LOG))
0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (SMTP::LOG))
0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (SNMP::LOG))
@@ -786,6 +803,7 @@
0.000000 MetaHookPre CallFunction(Log::add_filter, , (Notice::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]))
0.000000 MetaHookPre CallFunction(Log::add_filter, , (PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]))
0.000000 MetaHookPre CallFunction(Log::add_filter, , (RADIUS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]))
+0.000000 MetaHookPre CallFunction(Log::add_filter, , (RDP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]))
0.000000 MetaHookPre CallFunction(Log::add_filter, , (Reporter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=