c$conn was originally set in connection_established(), which is only
used by TCP connections, and in connection_state_remove(). Using
new_connection() allows us to have c$conn available for any connection
and for any script that wants to extend logging to conn.log.
- New ACTION_ADD_GEODATA to add geodata to notices in an extension
field named remote_location.
- Loading extend-email/hostnames by default now that it only
does anything when the ACTION_EMAIL action is applied (finally).
The format string given to the reporter warning call wasn't printing
the handler names. Also changed it so that each warning message has
the full context of the warning.
The main script now uses the Reporter::error BIF instead of scheduling
a reporter_error event to report an invalid node name. The later only
works if the reporter framework is loaded, but the BIF will do the right
thing and use stderr if there's no event handler.
I also @if'd out most of the setup-connections script when the node is
invalid because that's what the cluster/__load__.bro would normally do.
- While updating, I did some further work on the branch.
- New function in the base/utils/files for extracting filenames
from content-dispositions.
- New script for entity excerpt extraction if you aren't interested
in full extraction. The data goes a log field too.
- Some renaming and reorganization of types.
- Updated tests to work with new code.
* origin/topic/jsiwek/smtp-refactor:
Make the doc.coverage test happy.
SMTP script refactor. (addresses #509)
Conflicts:
doc/scripts/DocSourcesList.cmake
policy/protocols/smtp/__load__.bro
policy/protocols/smtp/base/__load__.bro
When not reporting via events, the final contents of the message buffer
after formatting was being used as a format string to fprintf instead of
writing out the actual string.
- Metrics API is much more similar to the Logging framework's API now.
- Filters define all output and metrics collection now.
- Initial attempt at thresholding and generating notices.
and runs; need to go back through and make sure this code is actually
doing what I want it to do.
Note: Added new function unique_id_from(pool: string, prefix: string)
that allows the user to explicitly specify a randomness pool to use when
generating unique IDs.
* test-all.bro renamed to test-all-policy.bro because it lists
only the optional scripts now.
* A new test that checks that the default config loads everything
in base/*/
* A new test that runs bare mode but loads all optional policy
scripts (which fails horribly right now ...)
* A new loaded_scripts test for the bare mode.
- Fixing the parts of the `make restdoc` and `make doc` process that were
broken by the last Bro script re-organization
- Generated documentation for Bro scripts derived from BiFs now use the
original BiF source file as the "original source file" link
- Renaming of the internal POLICYDEST definition and other misc places that
refer to "policy" scripts; that terminology doesn't make total sense now
- Added a documentation blacklist reminder test that will fail if there's
scripts that are blacklisted from being documentated because they're still
in progress
- Some minor Bro script changes to fix small @load dependency errors
Addresses #543
* topic/robin/rotation-pp:
Adding a default_path_func that makes the default naming scheme script-level controlled.
Reworking logging's postprocessor logic.
Conflicts:
scripts/base/frameworks/logging/main.bro
testing/btest/policy/frameworks/logging/rotate-custom.bro
The communication subsystem is now disabled until a new BiF,
enable_communication(), is called. The base scripts do this
automatically when either a Communication::Node is defined, or Bro is
asked to listen for incoming connections.
