Commit graph

13 commits

Author SHA1 Message Date
Johanna Amann
0c875220e9 Default canonifier change to only remove first timestamp in line
In the past, we used a default canonifier, which removes everything that
looks like a timestamp from log files. The goal of this is to prevent
logs from changing, e.g., due to local system times ending up in log
files.

This, however, also has the side-effect of removing information that is
parsed from protocols which probably should be part of our tests.
There is at least one test (1999 certificates) where the entire test
output was essentially removed by the canonifier.

GH-4521 was similarly masked by this.

This commit changes the default canonifier, so that only the first
timestamp in a line is removed. This should skip timestamps that are
likely to change while keeping timestamps that are parsed
from protocol information.

A pass has been made over the tests, with some additional adjustments
for cases which require the old canonifier.

There are some cases in which we probably could go further and not
remove timestamps at all - that, however, seems like a follow-up
project.
2025-06-18 15:41:48 +01:00
Tim Wojtulewicz
5e5aceb6f7 Rename protocol_id field to ip_proto and similar renaming for name field 2024-11-13 12:02:00 -07:00
Tim Wojtulewicz
35ec9733c0 Add conn.log entries for connections with unhandled IP protocols 2024-11-13 11:25:40 -07:00
Christian Kreibich
1843e2daae Update btest baselines to reflect the use of local address ranges. 2023-03-15 17:11:04 -07:00
Johanna Amann
8972676e92 GH-1634: Address feedback
This commit addreses feedback for GH-1643, changing typos and renaming
one of the fields in x509.log.
2021-07-02 15:12:58 +01:00
Johanna Amann
6ac158dedd Baseline updates for recent SSL changes. 2021-06-29 15:03:03 +01:00
Johanna Amann
b02f22a667 Change SSL and X.509 logging format
This commit changes the SSL and X.509 logging formats to something that,
hopefully, slowly approaches what they will look like in the future.

X.509 log is not yet deduplicated; this will come in the future.

This commit introduces two new options, which determine if certificate
issuers and subjects are still logged in ssl.log. The default is to have
the host subject/issuer logged, but to remove client-certificate
information. Client-certificates are not a typically used feature
nowadays.
2021-06-29 09:26:43 +01:00
Christian Kreibich
0b674eb851 Baseline refresh to reflect btest 0.64 2020-12-06 20:19:49 -08:00
Tim Wojtulewicz
21872aef39 Updating test baselines for new dictionary code due to changes in ordering of fields in the dictionary 2020-08-09 21:13:10 -07:00
Johanna Amann
3bce313b12 Switch file UID hashing from md5 to highwayhash.
This commit switches UID hashing from md5 to a highway hash. It also
moves the salt value out of the file plugin - and makes it
installation-specific instead - it is moved to the global namespace.

There now are digest hash functions to make "static"
installation-specific hashes that are stable over workers available to
everyone; hashes can be 64, 128 or 256 bits in size.

Due to the fact that we switch the file hashing algorithm, all file
hashes change.

The underlyigng algorithm that is used for hashing is highwayhash-128,
which is significantly faster than md5.
2020-04-30 10:20:09 -07:00
Johanna Amann
6f9524e082 Make tunnel_parents in conn.log optional.
This makes conn.logs a bit prettier (and smaller) because all lines that
do not use a tunnel will now have a "-" instead of the "(empty)" for
tunnel_parents.
2018-01-12 13:46:00 -08:00
Johanna Amann
cdb6a1b6e6 Baseline updates after hash function change. 2016-07-13 10:11:37 -07:00
Johanna Amann
5a8eac521c StartTLS support for IRC 2015-07-29 11:47:59 -07:00