Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-05 08:08:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
10798 commits 385 branches 195 tags 258 MiB
Commit graph

1825 commits

Author SHA1 Message Date
Jon Siwek
de640d651f Fix a unit test relying on a bash-ism 2018-11-02 18:31:45 -05:00
Jon Siwek
b2560384c4 Add script-layer call stack to internal errors messages that abort 2018-11-02 17:43:34 -05:00
Jon Siwek
802b4f876e Improve Travis script to show multiple core dump stacks 2018-11-02 09:39:01 -05:00
Jon Siwek
3251792ddb Improve a weird stats unit test 2018-11-02 08:58:08 -05:00
Jon Siwek
8544508d33 Fix Travis script typo 2018-11-01 20:39:33 -05:00
Jon Siwek
53f4e09342 Add more debug output to Travis script 2018-11-01 19:58:03 -05:00
Jon Siwek
5ddb2b37c0 Add core file search and stack trace output for Travis builds 2018-11-01 18:36:31 -05:00
Jon Siwek
cbaab3d4fa GH-199: change bro --help exit status from 1 to 0 
Fixes #199
 2018-10-31 22:28:38 -05:00
Jon Siwek
8c02aa5211 Merge remote-tracking branch 'origin/topic/vladg/mysql_nul_string_fix' 
* origin/topic/vladg/mysql_nul_string_fix:
  Add a test with an encrypted MySQL connection
  Fix parsing of MySQL NUL Strings, where we now require it to have a NUL value at the end.
 2018-10-30 10:00:39 -05:00
Jon Siwek
0cc5e4e044 Add missing record field comment 2018-10-26 10:42:05 -05:00
Jon Siwek
8d0087154a Add missing record field comments 2018-10-26 10:24:30 -05:00
Jon Siwek
6a059a1cf7 Fix minor documentation mistakes 2018-10-25 18:56:38 -05:00
Jon Siwek
30778f50f9 Merge remote-tracking branch 'origin/topic/vlad/ssh_auth_none_fix' 
* origin/topic/vlad/ssh_auth_none_fix:
  Update btest baselines for fix in 46f727a6fa
  Generate ssh_auth_attempted for the 'none' authentication method.
 2018-10-23 13:03:19 -05:00
Jon Siwek
2586e5aa3e Improve scripts/base/utils/dir unit test 2018-10-19 11:16:38 -05:00
Jon Siwek
6378c3dc90 Fix documentation link for notice_alarm.log fields 2018-10-18 10:22:03 -05:00
Jon Siwek
9a295a7009 Merge branch 'master' of https://github.com/spitfire55/bro 
* 'master' of https://github.com/spitfire55/bro:
  Revert DNS query 255 from ANY to *
  Missing commas...
  Fix typo in dce-rpc consts
  Refactor to use consistent numeric type in dce_rpc. Add missing DNS query type codes

I added back in DNS constants for PTR, EDNS, and ANY to avoid breaking
code for any people that use them.

Also omitted the DNP3 function code 0x83 name change from
"AUTHENTICATE_RESP" to "AUTHENTICATE_RESPONSE", again to avoid
potentially breaking code unnecessarily: "RESP" vs. "RESPONSE" is not
wrong in any sense, just maybe a matter of clarify.
 2018-10-16 15:56:37 -05:00
Jon Siwek
0a0e2e5363 Merge remote-tracking branch 'origin/topic/vladg/ssh_is_server_fix' 
* origin/topic/vladg/ssh_is_server_fix:
  Update baselines for SSH capabilities fix
  Fix SSH analyzer bug where is_server in capabilities is wrong.
 2018-10-16 13:42:24 -05:00
Johanna Amann
b682782024 Fix typo in Sessions.h 
Found by Eiji Yanagi (Cisco).
 2018-10-16 09:23:43 -07:00
Jon Siwek
c8637b7430 Merge branch 'master' of https://github.com/spitfire55/bro 
* 'master' of https://github.com/spitfire55/bro:
  Add DCE_RPC exchange_mapi operations to relevant consts.bro file
 2018-10-15 16:43:50 -05:00
Jon Siwek
70233148be GH-186: fix JSON formatting of timestamps before Unix epoch 2018-10-12 21:34:28 +00:00
Jon Siwek
f05ef0cb1e Fix test baseline for plugin skeleton update 2018-10-12 12:51:53 -04:00
Jon Siwek
dc7bdc4ca6 Merge remote-tracking branch 'origin/topic/johanna/local-nets-option' 
* origin/topic/johanna/local-nets-option:
  Convert site::local_nets, etc. into options.
 2018-10-12 12:18:53 -04:00
Jon Siwek
8792f5545c Fix crash when modifying a table from within its &expire_func 2018-10-12 08:35:25 -04:00
Jon Siwek
0f55080625 GH-184: add bro-config --build_type, outputs CMake build type 2018-10-05 14:27:12 -05:00
Jon Siwek
0350004f1e Add return value checks for some RPC parsing functions 2018-10-04 11:33:57 -05:00
Jon Siwek
894b24d180 Improve broker.remote_id unit test 2018-10-03 15:50:07 -05:00
Jon Siwek
3c395aa22d Fix memory leak in broker type checking 2018-10-03 11:10:32 -05:00
Jon Siwek
98181dd67c Update testing/btest/README 2018-10-02 16:05:38 -05:00
Jon Siwek
0c02b11226 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Add some missing @TEST-REQUIRES to a few tests
 2018-09-25 16:38:50 -05:00
Jon Siwek
c32b359e7e Merge branch 'master' of https://github.com/Neverlord/bro 
* 'master' of https://github.com/Neverlord/bro:
  Fix BasicThread::SetOSName on FreeBSD
 2018-09-24 10:56:31 -05:00
Jon Siwek
f7da111d1c Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Fix some broken @TEST-REQUIRES
 2018-09-21 13:29:44 -05:00
Jon Siwek
2ede95422b Emit missing GeoIP database errors only once at startup 
Instead of one error per lookup.
 2018-09-21 13:27:27 -05:00
Jon Siwek
d7097635f4 Fix compile error in MMDB GeoIP code 
Seems to be from the ambiguity addressed via [1].  In C++11,
the compiler could treat it as an initializer list ctor instead
of a copy constructor for a single-element list.

[1] http://open-std.org/JTC1/SC22/WG21/docs/cwg_defects.html#1467
 2018-09-21 10:22:03 -05:00
Jon Siwek
c75d1d0521 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Add a missing "break" in OSFinger.cc
  Fix buffer sizes in the rotate_file function
 2018-09-20 13:16:04 -05:00
Jon Siwek
c2c5754e28 Merge branch 'topic/jazoff/sqli-policy-hook' of https://github.com/JustinAzoff/bro 
* 'topic/jazoff/sqli-policy-hook' of https://github.com/JustinAzoff/bro:
  add sqli_policy hook
 2018-09-19 15:22:45 -05:00
Jon Siwek
3a66bc7c9d Updating CHANGES and VERSION. 2018-09-18 16:54:20 -05:00
Jon Siwek
43363ce51b Updating CHANGES and VERSION. 2018-09-18 15:21:31 -05:00
Jon Siwek
114cd2c860 Updating CHANGES and VERSION. 2018-09-12 20:19:51 -05:00
Jon Siwek
161aae828a Merge remote-tracking branch 'origin/topic/seth/fix-raw-reader-subprocess-exit' 
* origin/topic/seth/fix-raw-reader-subprocess-exit:
  Fix an issue with raw reader culling streams for dead processes.

Updated the 'exec' utility to no longer remove input streams for
processes that are finished as the core C++ code will take care of that
(and trying to remove a stream multiple times emits a warning message).
 2018-09-11 13:05:40 -05:00
Jon Siwek
13483e4892 Try to fix a rare broker test instability 2018-09-10 19:47:53 -05:00
Jon Siwek
4d7b0387ea Stabilize a unit test. 2018-09-10 18:35:08 -05:00
Jon Siwek
7e26bfe07f Fix recursive type checks/casts of broker data into type 'any' 2018-09-10 14:55:50 -05:00
Jon Siwek
4bd6da7186 Update default Broker/CAF thread tuning 2018-09-07 17:50:28 -05:00
Jon Siwek
9af0255ef7 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Update NEWS explaining Bro runs as 1 process instead of 2
  Update NEWS for changes to broctl "top" command output
 2018-09-07 11:24:57 -05:00
Jon Siwek
73c8cf733a Give Cluster::rr_topic "key" argument a default value 2018-09-07 09:58:57 -05:00
Jon Siwek
c73bb8fdc4 Disable broker message forwarding by default 
Still finding it to not be foolproof enough to enable generally for all
nodes in a cluster.  Specific/advanced use-cases may still consider
enabling, possibly just for specific nodes.
 2018-09-06 18:32:22 -05:00
Jon Siwek
ddcd7f3405 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Added a documentation comment for the Input::Event type
  Update NEWS
  Update the install documentation
  Fix a typo and indentation in the configure script
  Add krb5 devel package to Travis docker containers
 2018-09-06 08:59:43 -05:00
Jon Siwek
b99be6458b Merge remote-tracking branch 'origin/topic/johanna/weird-options' 
* origin/topic/johanna/weird-options:
  Update test baselines (weird options)
  Weird settings: make constants into options.
  Permit weird sampling rate of 0.
 2018-09-05 16:57:08 -05:00
Jon Siwek
f00e2167a7 BIT-1208: remove unused weirds from Weird::actions table 2018-09-05 15:13:38 -05:00
Robin Sommer
e275927a64 Fix printf format specification for reporting packet stats. 
We were using '%d' for unsigned integers, leading to output like this:

    1535403189.557168 -483803356 packets received on interface 0:1, 0 dropped
 2018-09-05 19:32:15 +00:00