Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-04 07:38:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
18601 commits 385 branches 195 tags 258 MiB
Commit graph

1341 commits

Author SHA1 Message Date
Robin Sommer
8c53446292 Merge remote branch 'origin/fastpath' 
* origin/fastpath:
  Fixed major bug with cluster synchronization (it was broken!)
 2011-12-16 02:37:56 -08:00
Seth Hall
0b8b14a0ed Fixed major bug with cluster synchronization (it was broken!) 2011-12-15 15:59:51 -05:00
Seth Hall
b66c73baaa Fixed more bugs with delayed emails. 2011-12-15 15:57:42 -05:00
Seth Hall
667dcb251a Working around a problem with setting default container types. 2011-12-15 12:51:14 -05:00
Seth Hall
cb904cec4f Ugh, still major failure. I'm just cutting the timeout handling for now. 2011-12-15 12:46:15 -05:00
Seth Hall
f1f5719f83 Fixed a small bug major problem with email delay timeout catching. 2011-12-15 12:41:05 -05:00
Seth Hall
2d97e25eeb Initial fixes for the problem of async actions with notice email extensions. 2011-12-15 12:27:41 -05:00
Jon Siwek
303993254e Add more DPD and packet filter framework docs. 2011-12-14 16:07:36 -06:00
Jon Siwek
d89658c19b Add more signature framework documentation. 2011-12-14 12:50:54 -06:00
Jon Siwek
a543ebbea5 Add more notice framework documentation. 2011-12-14 10:05:52 -06:00
Jon Siwek
86cba4c33f Fix missing action in notice policy for looking up GeoIP data. 2011-12-13 16:17:44 -06:00
Seth Hall
76a0b9ad3c Fixed some DPD signatures for IRC. Fixes ticket #311. 
- The larger issue from ticket 313 still stands.
 2011-12-10 22:33:49 -05:00
Bernhard Amann
dcc7fe3c38 start reworking interface of software framework. working apart from detect-webapps.bro, which direcly manipulates a no longer available interface... 2011-12-09 16:47:58 -08:00
Jon Siwek
8e89d78788 Add more cluster and communication framework documentation. 2011-12-09 17:31:47 -06:00
Jon Siwek
1f57827e54 Add more logging framework documentation. 2011-12-09 14:30:21 -06:00
Bernhard Amann
0313039977 log protocol in notices. 2011-12-08 14:44:45 -08:00
Bernhard Amann
311cd1b116 after talking to seth - change host_a field in record back to host. 2011-12-08 14:25:46 -08:00
Jon Siwek
5126b65493 Add reporter bif/framework documentation. 2011-12-07 16:54:40 -06:00
Bernhard Amann
89a29c3d7d Merge remote-tracking branch 'origin/master' into topic/bernhard/input 2011-12-07 13:13:43 -08:00
Bernhard Amann
707926aaa4 Software framework stores ports for server software. 2011-12-07 12:12:46 -08:00
Jon Siwek
506a42638a Omit loading local-<node>.bro scripts from base cluster framework. 
The loading of these is better handled by BroControl and it seems
odd to load them from a base/ script anyway since they'll contain
site/policy specific code.

Addresses #663
 2011-12-05 13:02:39 -06:00
Bernhard Amann
949ec6897a Merge remote-tracking branch 'origin/master' into topic/bernhard/localnet 2011-12-03 20:15:05 -08:00
Jon Siwek
0c8b5a712d Add a remote_log_peer event which contains an event_peer record param. 
Addresses #493.
 2011-12-01 14:07:08 -06:00
Bernhard Amann
a68e6b9fa4 allow sets to be read from files, convenience function for reading a file once, 
bug in destructor that could lead to a segfault.
 2011-11-29 15:05:09 -08:00
Bernhard Amann
2a6387129c documentation 2011-11-29 11:25:11 -08:00
Bernhard Amann
4975584e01 change Log enum to Input enum. 2011-11-28 13:45:00 -08:00
Bernhard Amann
3c40f00a53 make filters pointers (for inheritance) 2011-11-22 16:09:13 -08:00
Bernhard Amann
53af0544cc re-enable table events 2011-11-21 19:03:35 -08:00
Bernhard Amann
18591b53d4 rename filter to tablefilter in preparation of event filters... 2011-11-21 15:20:52 -08:00
Bernhard Amann
b3f01915fb compiles with basic new filter framework - but crashes on use. 2011-11-20 12:07:50 -08:00
Bernhard Amann
e2c521fc4e start reworking input framework... 
does not compile at the moment, but there are a few uncommitted changes that will be reverted in the next commit.
 2011-11-18 10:49:20 -08:00
Bernhard Amann
4dd95fcf3c support for uninitialized fields & empty sets and tables. 
The only snag is... with the default output format of the log-file writer, the input reader cannot tell if a table or set is empty or uninitialized (both cases use the same character by default). In this case, by default it is assumed that the field/vector is uninitalized.
 2011-11-16 23:51:51 -08:00
Bernhard Amann
4fef1e3f8c set & entry separator configuration (with the restriction that they have to be exactly one character long) 2011-11-16 22:47:28 -08:00
Robin Sommer
c35094ea0b Update missing in last commit to this branch. 2011-11-15 16:42:23 -08:00
Bernhard Amann
b62e6899ad Merge remote-tracking branch 'origin/master' into topic/bernhard/input 2011-11-15 11:00:24 -08:00
Robin Sommer
2dc04b2ce5 Merge remote-tracking branch 'origin/master' into topic/robin/pp-alarms 2011-11-15 08:36:44 -08:00
Bernhard Amann
cde8153c18 switch to set if record or simple value is desired. 2011-11-15 08:36:03 -08:00
Seth Hall
4942767c4d More default "weird" tuning for the "SYN_with_data" notice. 
- I think the default tuning should be that anything not requiring
  a session to be established should use ACTION_LOG_PER_ORIG.

- We need to get some tie-in with the metrics framework in place
  so that we can find when lots of these values are being suppressed.
 2011-11-14 16:12:38 -05:00
Bernhard Amann
1d39eaf32d small fixes, less leakiness 2011-11-04 15:03:40 -07:00
Bernhard Amann
2aa0f6da57 beautify script calls, track filters 2011-11-04 14:33:34 -07:00
Bernhard Amann
72736510de Merge remote-tracking branch 'origin/master' into input 2011-11-04 14:12:59 -07:00
Bernhard Amann
2e3874331d support for filters and little event fix 2011-11-04 12:41:10 -07:00
Robin Sommer
e0692b898e Merge branch 'master' into topic/robin/pp-alarms 2011-11-03 15:30:41 -07:00
Robin Sommer
41a443677b Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  No longer write to the PacketFilter::LOG stream if not reading traffic.
 2011-11-03 15:27:23 -07:00
Robin Sommer
c4d6f814ff Tuning the pretty-printed alarms output. 
- Now including the included time range into the subject.

- With some notices, it got confused who's the orginator.
 2011-11-02 18:09:09 -07:00
Bernhard Amann
86730c13dd more complex types... 2011-11-02 15:36:35 -07:00
Bernhard Amann
b245d4168a yay, basic table assignment. 2011-11-02 15:36:35 -07:00
Bernhard Amann
5b0c307f87 very basic input to event working... 2011-11-02 15:36:34 -07:00
Bernhard Amann
3654060246 compiles. sill doesn't do much. 2011-11-02 15:36:34 -07:00
Bernhard Amann
9c8b0dec3b event from c++ to script works (at last...) 2011-11-02 15:36:33 -07:00