Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
1603 commits 386 branches 195 tags 256 MiB
Commit graph

188 commits

Author SHA1 Message Date
Robin Sommer
314e9c41f9 Removing debugging code. 2011-10-26 14:39:07 -07:00
Robin Sommer
eb6313adcb Now actually pretty-printing the notices. 
Output is similar to Bro 1.x.
 2011-10-26 13:42:42 -07:00
Robin Sommer
39ed489028 Small fixes, and new option to specify a different dest address. 2011-10-26 11:12:50 -07:00
Robin Sommer
73d5643302 A new notice script that pretty-prints alarms in the summary email. 
It works already, but the actual pretty-printing is still missing.
 2011-10-26 10:40:12 -07:00
Seth Hall
17d03c9936 Fix a problem with DNS servers being logged that aren't actually servers. 2011-10-25 16:20:29 -04:00
Seth Hall
3d6d75b647 Updating test baselines for recent changes. 2011-10-25 14:51:32 -04:00
Jon Siwek
55978d1c18 Changed generated root cert DN format for RFC2253 compliance. 2011-10-25 11:09:31 -05:00
Seth Hall
b2323305f8 Adding sub messages to emails. 2011-10-25 11:36:24 -04:00
Seth Hall
4753f2aeca Adding extra fields to smtp and http to track transaction depth. 
- This will for help linking in analysis scripts and databases later.

- Test baseline updates coming in a few minutes.
 2011-10-25 11:34:48 -04:00
Seth Hall
2131468b08 Merging this branch. It's working better than the existing code. 2011-10-25 11:17:19 -04:00
Seth Hall
dcc8d8456a Removed some fields from http analysis that weren't commonly needed or were wrong. 2011-10-25 09:32:31 -04:00
Seth Hall
320739e183 Updated/fixed MSIE version parsing in the software framework. 2011-10-25 09:30:06 -04:00
Jon Siwek
522e0e4d46 Update Mozilla trust roots to index certs by subject distinguished name. 2011-10-25 07:52:24 -05:00
Seth Hall
e6a8489780 Testing a fix for SSH login detection heuristic. 2011-10-25 00:01:04 -04:00
Seth Hall
7f838b6181 Merge branch 'topic/seth/weird-updates' 2011-10-24 23:47:31 -04:00
Seth Hall
ff51068598 Fixing a bug with handling downgrade from weird conn to orig. 2011-10-22 01:13:15 -04:00
Seth Hall
7746f5b223 Final notice email tuning. 2011-10-21 23:08:56 -04:00
Seth Hall
0e79ec46b6 More notice email tuning. 2011-10-21 22:58:44 -04:00
Seth Hall
75e5caeff5 Attempt to make hostname notice email extension work and small format adjustments. 2011-10-21 22:51:56 -04:00
Seth Hall
74240610c5 Fixed a problem with sending notice emails I introduced earlier. 2011-10-21 22:41:43 -04:00
Seth Hall
29bace02b2 More small weird refinements to reduce overload attacks. 2011-10-21 14:31:40 -04:00
Seth Hall
0cdcf490d6 Restoring former default weird behavior for unsolicited_SYN_response. 2011-10-21 14:17:54 -04:00
Seth Hall
f0b32b21ee weird.bro rewrite. 
- I want to test it for a short while before committing it to
  master just to make sure it is a sane modification.
 2011-10-21 14:08:54 -04:00
Seth Hall
892245316f Merge branch 'master' of ssh://git.bro-ids.org/bro 2011-10-21 14:03:43 -04:00
Seth Hall
8b56c54348 Slightly restructured http file hashing to fix a bug. 2011-10-21 14:03:31 -04:00
Seth Hall
43da40f2c6 Changed the notice name for interesting ssh logins to correctly reflect semantics of the notice. 
- SSH::Login_From_Interesting_Hostname is now SSH::Interesting_Hostname_Login

- Added some documentation.
 2011-10-21 14:03:03 -04:00
Seth Hall
3900d88e60 Field name change to notice framwork. $result -> $action 
- $result is renamed to $action to reflect changes to the notice framework
  since there is already another result-like field ($suppress_for) and
  there may be more in the future.

- Slipped in a change to add connection information to notice emails too.
 2011-10-21 14:01:39 -04:00
Seth Hall
8661abe9d9 Small script refinements and documentation updates. 2011-10-21 13:58:58 -04:00
Jon Siwek
d84de52ee0 Don't install test-all-policy.bro script as it's for testing only. 
Addresses #622
 2011-10-12 12:42:12 -05:00
Seth Hall
8627b87b3e Fixing another "field missing" error reported by Martin. 2011-10-08 00:13:20 -04:00
Seth Hall
0803df2e14 Changed communication option from listen_encrypted to listen_ssl. 
- Robin pointed out that SSL is providing authentication
  as well as encryption so listen_ssl is a more
  proper variable name.
 2011-10-07 23:57:08 -04:00
Seth Hall
6d67f7830d Added to the likely_server_ports set for protocols with analyzers. 
- Updated some tests since Bro is getting the direction
  correct now.

- Updated BPF filter test since I added a few ports to IRC
  as well.
 2011-10-07 13:44:28 -04:00
Seth Hall
686946d0dd Internal simplication for FTP analysis scripts. 2011-10-07 13:36:02 -04:00
Seth Hall
8600b676e6 Fixed a TODO in the DNS analysis script. 2011-10-07 13:32:44 -04:00
Seth Hall
acc4d6ccd3 Removed unused script code from init-bare.bro 2011-10-07 13:31:28 -04:00
Seth Hall
8b90a3f403 Tiny comment tweak 2011-10-07 13:30:09 -04:00
Seth Hall
38bd2cc085 Documentation fix that was breaking a test. 2011-10-07 13:29:56 -04:00
Seth Hall
da9b8cc283 Modification to the Communication framework API. 
- Simplified the communication API and made it easier to change
  to encrypted connections by not having separate variables to
  define encrypted and unencrypted ports.

- Now, to enable listening without configuring nodes just
  load the frameworks/communication/listen script.

- If encrypted listening is desired set the following:
	redef Communication::listen_encrypted=T;

- Accompanying test updates.
 2011-10-07 13:29:26 -04:00
Seth Hall
a3e91c5b33 Fixed a bug in the known-hosts script. 2011-10-07 04:48:51 -04:00
Seth Hall
1dd3ba7f7d Fixed another "identifier not exported" error. 2011-10-07 03:32:28 -04:00
Seth Hall
9e41a7976b Merge branch 'master' of ssh://git.bro-ids.org/bro 2011-10-07 02:51:52 -04:00
Seth Hall
9602e6e2f3 Fixed the "identifier is not exported" error. 2011-10-07 02:51:40 -04:00
Robin Sommer
a08c478079 Fixing a number of reporter calls. 2011-10-06 21:26:49 -07:00
Robin Sommer
90d2136fd1 Filtering some potentially high-volume DNS weirds. 2011-10-06 18:10:15 -07:00
Robin Sommer
60b43a417e Removing unnecessary load. 2011-10-06 16:56:40 -07:00
Robin Sommer
fe77d385e0 Merge remote-tracking branch 'origin/topic/jsiwek/broctl-tweaks' 
* origin/topic/jsiwek/broctl-tweaks:
  Consolidating some node-specific functionality from scripts in broctl repo.
 2011-10-05 16:54:39 -07:00
Robin Sommer
25fe7e91db Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Add check for optional HTTP::Info status_code.
  Changing some external testing scripts.

Conflicts:
	scripts/base/protocols/http/main.bro
 2011-10-05 16:24:33 -07:00
Jon Siwek
88e089864b Consolidating some node-specific functionality from scripts in broctl repo. 2011-10-05 16:33:40 -05:00
Seth Hall
0e4fecdfe4 HTTP bug fix reported by Martin. 2011-10-05 09:35:19 -04:00
Seth Hall
13ab46e793 Updating files for tests. 
- All but scripts.base.frameworks.notice.suppression-disable
  pass for me now.
 2011-10-04 23:50:52 -04:00