Robin Sommer
3ac4ff6b42
Updates for log format changes.
2011-12-19 09:09:32 -08:00
Robin Sommer
a9f0b10e2e
Updating baselines for recent commits.
2011-12-19 07:44:29 -08:00
Robin Sommer
01e4588737
Merge remote branch 'origin/topic/jsiwek/record-coerce-default'
...
* origin/topic/jsiwek/record-coerce-default:
Fix &default fields in records not being initialized in coerced assignments.
Closes #722 .
2011-12-19 06:54:32 -08:00
Robin Sommer
5ee605f244
Merge remote branch 'origin/topic/bernhard/log-set-description'
...
* origin/topic/bernhard/log-set-description:
update baseline
make LogWriter output the type of data stored inside a set or vector.
2011-12-19 06:39:02 -08:00
Robin Sommer
3220bbce55
Merge remote branch 'origin/topic/jsiwek/log-escaping'
...
* origin/topic/jsiwek/log-escaping:
Add missing ascii writer options to log header.
Escape the ASCII log's set separator (addresses #712 )
Rewrite ODesc character escaping functionality. (addresses #681 )
Closes #712 .
2011-12-19 06:37:54 -08:00
Robin Sommer
0a3e160a8d
Merge remote branch 'origin/topic/seth/dns-updates'
...
* origin/topic/seth/dns-updates:
Fixed some bugs with capturing data in the base DNS script.
Some updates to the base DNS script.
Closes #702 .
2011-12-18 15:20:00 -08:00
Robin Sommer
719557a05b
Merge remote branch 'origin/fastpath'
...
* origin/fastpath:
Enable warnings for malformed Broxygen xref roles.
Broxygen fix for function parameter recognition; better than 80b2451
2011-12-18 15:10:49 -08:00
Jon Siwek
3b91df8cf5
Allow Broxygen markup "##<" for more general use.
2011-12-16 11:21:49 -06:00
Robin Sommer
4e17ef63f0
Merge remote branch 'origin/fastpath'
...
* origin/fastpath:
Fix missing action in notice policy for looking up GeoIP data.
Better persistent state config warning messages (fixes #433 ).
A few updates for SQL injection detection.
Fixed some DPD signatures for IRC. Fixes ticket #311 .
Removing Off_Port_Protocol_Found notice.
SSH::Interesting_Hostname_Login cleanup. Fixes #664 .
Teach Broxygen to more generally reference attribute values by name.
Fixed a really dumb bug that was causing the malware hash registry script to break.
Fix Broxygen confusing scoped id at start of line as function parameter.
Remove remnant of libmagic optionality
2011-12-16 02:36:43 -08:00
Jon Siwek
f302f2f3f2
Fix &default fields in records not being initialized in coerced assignments.
...
Addresses #722
2011-12-15 12:16:42 -06:00
Seth Hall
61aa592db5
A few updates for SQL injection detection.
...
- The biggest change is the change in notice names from
HTTP::SQL_Injection_Attack_Against to
HTTP::SQL_Injection_Victim
- A few new SQL injection attacks in the tests that we need to
support at some point.
2011-12-12 14:26:54 -05:00
Bernhard Amann
dcc7fe3c38
start reworking interface of software framework. working apart from detect-webapps.bro, which direcly manipulates a no longer available interface...
2011-12-09 16:47:58 -08:00
Bernhard Amann
311cd1b116
after talking to seth - change host_a field in record back to host.
2011-12-08 14:25:46 -08:00
Jon Siwek
80b24513e7
Fix Broxygen confusing scoped id at start of line as function parameter.
2011-12-07 17:08:38 -06:00
Bernhard Amann
7e3ebc1817
forgotten policy files.
2011-12-07 15:03:36 -08:00
Bernhard Amann
35fa52ea48
update baseline
2011-12-07 13:10:35 -08:00
Bernhard Amann
9f32f68a13
make test more robust.
2011-12-06 10:50:36 -08:00
Bernhard Amann
4a690484ec
make port annotation work and ascii input reader way more rebust with better error messages.
2011-12-06 10:42:37 -08:00
Bernhard Amann
949ec6897a
Merge remote-tracking branch 'origin/master' into topic/bernhard/localnet
2011-12-03 20:15:05 -08:00
Robin Sommer
f59c766858
Portability fix for new patch.
2011-12-02 17:00:08 -08:00
Robin Sommer
1e45910b25
Merge remote-tracking branch 'origin/topic/jsiwek/bro-log-suffix'
...
* origin/topic/jsiwek/bro-log-suffix:
Teach LogWriterAscii to use BRO_LOG_SUFFIX env. var. (addresses #704 )
Closes #704 .
2011-12-02 16:52:18 -08:00
Robin Sommer
03b7ebfb5b
Merge remote-tracking branch 'origin/topic/jsiwek/fix-dns-double-free'
...
* origin/topic/jsiwek/fix-dns-double-free:
Fix double-free of DNS_Mgr_Request object (addresses #661 )
Closes #661 .
2011-12-01 16:40:07 -08:00
Robin Sommer
df3ae4b30d
Merge remote-tracking branch 'origin/topic/jsiwek/remote-log-peer'
...
* origin/topic/jsiwek/remote-log-peer:
Add a remote_log_peer event which contains an event_peer record param.
Closes #493 .
2011-12-01 16:02:11 -08:00
Jon Siwek
edc0a451f8
Teach LogWriterAscii to use BRO_LOG_SUFFIX env. var. (addresses #704 )
2011-12-01 16:18:56 -06:00
Jon Siwek
0c8b5a712d
Add a remote_log_peer event which contains an event_peer record param.
...
Addresses #493 .
2011-12-01 14:07:08 -06:00
Jon Siwek
2913a990c4
Merge branch 'master' into fastpath
2011-12-01 09:12:42 -06:00
Jon Siwek
4444c56a94
Fix double-free of DNS_Mgr_Request object (addresses #661 )
...
In DNS::Resolve, they could be deleted once from where they were
stored in the nb_dns_info cookie and once again from where they
were stored in the DNS_Mgr::requests list. Before commit
bd9c937236
2011-11-30 13:31:54 -06:00
Jon Siwek
9be652f8ff
Rearrange packet filter and dpd documentation.
2011-11-30 10:13:20 -06:00
Seth Hall
bb47289bfa
Some updates to the base DNS script.
...
- Answers and TTLs are now vectors.
- The warning that was being generated (dns_reply_seen_after_done)
from transaction ID reuse is fixed.
- Updated the single failing btest baseline.
2011-11-30 10:19:41 -05:00
Robin Sommer
ebd15cf12e
Fixing ASCII logger to escape the unset-field place-holder if written
...
out literally.
2011-11-29 17:01:47 -08:00
Bernhard Amann
a68e6b9fa4
allow sets to be read from files, convenience function for reading a file once,
...
bug in destructor that could lead to a segfault.
2011-11-29 15:05:09 -08:00
Bernhard Amann
4975584e01
change Log enum to Input enum.
2011-11-28 13:45:00 -08:00
Bernhard Amann
3c40f00a53
make filters pointers (for inheritance)
2011-11-22 16:09:13 -08:00
Bernhard Amann
3035eb2b21
fix a little bug that prevented several simultaneous filters from working.
2011-11-21 19:30:16 -08:00
Bernhard Amann
53af0544cc
re-enable table events
2011-11-21 19:03:35 -08:00
Bernhard Amann
77a517f2b5
camel-casing for types
2011-11-21 15:45:27 -08:00
Bernhard Amann
92b3723b09
add very basic predicate test.
2011-11-21 15:36:03 -08:00
Bernhard Amann
bfe90199bd
Merge remote-tracking branch 'origin/master' into topic/bernhard/input
2011-11-21 15:21:20 -08:00
Bernhard Amann
18591b53d4
rename filter to tablefilter in preparation of event filters...
2011-11-21 15:20:52 -08:00
Bernhard Amann
f0e5303330
make want_record field for tablefilter work...
2011-11-21 15:09:00 -08:00
Bernhard Amann
029871e48c
first test.
2011-11-20 13:42:02 -08:00
Jon Siwek
305621672f
Teach Broxygen the .. bro:see:: directive
2011-11-19 07:19:57 -06:00
Robin Sommer
0b8428d1bb
Merge branch 'master' into topic/robin/pp-alarms
2011-11-17 15:26:15 -08:00
Jon Siwek
5227eb73c8
Teach Broxygen :bro:see: role for referencing any identifier in Bro domain.
2011-11-17 16:55:51 -06:00
Robin Sommer
7696c8b365
Merge remote-tracking branch 'origin/topic/jsiwek/require-libmagic-libz'
...
* origin/topic/jsiwek/require-libmagic-libz:
Promote libz and libmagic to required dependencies.
Conflicts:
doc/quickstart.rst
Closes #674
2011-11-15 17:08:24 -08:00
Robin Sommer
8de3614afa
Merge remote-tracking branch 'origin/topic/jsiwek/custom-b64-alphabet'
...
* origin/topic/jsiwek/custom-b64-alphabet:
Add decode_base64_custom BiF to allow alternate base64 alphabets.
Simplified the code a little bit.
Closes #670 .
2011-11-15 17:03:23 -08:00
Robin Sommer
dacc019f1f
Adding test for alarm mail.
...
Can't test all the functionality, so skipping DNS lookup and the
actual mailing via sendmail.
2011-11-15 08:51:48 -08:00
Seth Hall
d14349a6f8
Merge remote-tracking branch 'origin/master' into fastpath
2011-11-14 16:06:44 -05:00
Seth Hall
b12d2c768e
Tiny bugfix for http file extraction along with test.
2011-11-14 15:24:15 -05:00
Jon Siwek
5865bf3850
Add decode_base64_custom BiF to allow alternate base64 alphabets.
...
Addresses #670
2011-11-11 13:48:11 -06:00
