Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-08 01:28:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
2146 commits 385 branches 195 tags 261 MiB
Commit graph

84 commits

Author SHA1 Message Date
Bernhard Amann
417542f283 Merge branch 'topic/bernhard/log-threads' into topic/bernhard/input-threads 
Seems to work -- all test pass.
But there are thread-safety issues at the moment, because the constructors of IPAddr and IPPrefix are not thread-safe, but needed by workers.

Conflicts:
	src/logging/Manager.cc
 2012-02-27 22:59:08 -08:00
Bernhard Amann
d553a3c6f6 fix strange bug when using predicates and events at the same time on a tablefilter. 
Testcase is now more involved.
 2012-02-23 15:30:39 -08:00
Bernhard Amann
93fac7a4be fix one of the bugs seth found in the input framework. 
(bug in PutTable when the table contained only one element and that element should not be wrapped into a record)
 2012-02-22 10:46:35 -08:00
Bernhard Amann
7e5f733826 raw input reader for seth, which can simply read a file into string-events given a line separator. 2012-02-22 09:44:45 -08:00
Daniel Thayer
96df1bac40 Add test case for FTP over IPv4 2012-02-21 11:18:43 -06:00
Bernhard Amann
edd30da082 better testcase & fix a few bugs (that took way too long to find). 2012-02-20 15:30:21 -08:00
Bernhard Amann
4126b458ca Automatic file re-refresh and streaming works. 
* simple testcase for file refresh (check for changes) and streaming reads
* add events for simple put and delete operations
* fix bugs in table filter events (type for first element was wrong)
* and I think a couple of other small bugs
 2012-02-20 13:18:15 -08:00
Bernhard Amann
91943c2655 * rework script interface, add autostart stream flag that starts up a stream automatically when first filter has been added ( probably the most common use case ) 
* change internal reader interface again
* remove some quite embarassing bugs that must have been in the interface for rather long
* add different read methods to script & internal interface (like normal, streaming, etc). Not implemented in ascii reader yet.
 2012-02-16 15:03:20 -08:00
Daniel Thayer
278704f7a3 Add a test for FTP over IPv6 2012-02-16 15:17:55 -06:00
Bernhard Amann
88233efb2c It works. Even including all unit tests. 
But: there are still a few places where I am sure that there are race conditions & memory leaks & I do not really like the current interface & I have to add a few more messages between the front and backend.

But - it works :)
 2012-02-13 22:29:55 -08:00
Bernhard Amann
4e868d282d Merge branch 'topic/bernhard/log-threads' into topic/bernhard/input-threads 2012-02-13 02:37:02 -08:00
Seth Hall
2cd88ee4f6 Merge remote-tracking branch 'origin/topic/bernhard/software' 
* origin/topic/bernhard/software:
  change software framework interface again. At the moment everything should worl.
  start reworking interface of software framework. working apart from detect-webapps.bro, which direcly manipulates a no longer available interface...
  after talking to seth - change host_a field in record back to host.
  forgotten policy files.
  Software framework stores ports for server software.
 2012-02-03 16:17:04 -05:00
Bernhard Amann
eacdffff90 Merge remote-tracking branch 'origin/master' into topic/bernhard/software 
Conflicts:
	scripts/base/frameworks/software/main.bro
	scripts/policy/protocols/ftp/software.bro
 2012-01-20 12:51:58 -08:00
Bernhard Amann
92050af947 Merge remote-tracking branch 'origin/master' into topic/bernhard/input 2012-01-20 12:03:54 -08:00
Jon Siwek
ec6560a6ed Make communication log baseline test more reliable. 2012-01-13 16:06:44 -06:00
Bernhard Amann
5bef49d625 Merge remote-tracking branch 'origin/master' into topic/bernhard/input 
Conflicts:
	src/parse.y
 2012-01-05 01:11:13 -08:00
Seth Hall
f8ec98625d Merge remote-tracking branch 'origin/topic/robin/pp-alarms' 
* origin/topic/robin/pp-alarms:
  The silliest, tiniest little whitespace fixes.
  Update missing in last commit to this branch.
  Adding test for alarm mail.
  Tuning the pretty-printed alarms output.
 2012-01-04 13:41:28 -05:00
Jon Siwek
eeceb14c1a Merge branch 'master' into fastpath 2011-12-20 11:45:50 -06:00
Bernhard Amann
59967d40ac Merge remote-tracking branch 'origin/master' into topic/bernhard/input 
Conflicts:
	src/LogMgr.cc
	src/LogMgr.h
 2011-12-19 12:36:53 -08:00
Jon Siwek
578cd06176 Increase timeout interval of communication-related btests. 
This may help clear up some transient test failures on the NMI testbed.
 2011-12-19 13:12:02 -06:00
Robin Sommer
3220bbce55 Merge remote branch 'origin/topic/jsiwek/log-escaping' 
* origin/topic/jsiwek/log-escaping:
  Add missing ascii writer options to log header.
  Escape the ASCII log's set separator (addresses #712)
  Rewrite ODesc character escaping functionality. (addresses #681)

Closes #712.
 2011-12-19 06:37:54 -08:00
Bernhard Amann
dcc7fe3c38 start reworking interface of software framework. working apart from detect-webapps.bro, which direcly manipulates a no longer available interface... 2011-12-09 16:47:58 -08:00
Bernhard Amann
311cd1b116 after talking to seth - change host_a field in record back to host. 2011-12-08 14:25:46 -08:00
Bernhard Amann
7e3ebc1817 forgotten policy files. 2011-12-07 15:03:36 -08:00
Bernhard Amann
9f32f68a13 make test more robust. 2011-12-06 10:50:36 -08:00
Bernhard Amann
4a690484ec make port annotation work and ascii input reader way more rebust with better error messages. 2011-12-06 10:42:37 -08:00
Bernhard Amann
949ec6897a Merge remote-tracking branch 'origin/master' into topic/bernhard/localnet 2011-12-03 20:15:05 -08:00
Robin Sommer
f59c766858 Portability fix for new patch. 2011-12-02 17:00:08 -08:00
Robin Sommer
1e45910b25 Merge remote-tracking branch 'origin/topic/jsiwek/bro-log-suffix' 
* origin/topic/jsiwek/bro-log-suffix:
  Teach LogWriterAscii to use BRO_LOG_SUFFIX env. var. (addresses #704)

Closes #704.
 2011-12-02 16:52:18 -08:00
Jon Siwek
edc0a451f8 Teach LogWriterAscii to use BRO_LOG_SUFFIX env. var. (addresses #704) 2011-12-01 16:18:56 -06:00
Jon Siwek
0c8b5a712d Add a remote_log_peer event which contains an event_peer record param. 
Addresses #493.
 2011-12-01 14:07:08 -06:00
Robin Sommer
ebd15cf12e Fixing ASCII logger to escape the unset-field place-holder if written 
out literally.
 2011-11-29 17:01:47 -08:00
Bernhard Amann
a68e6b9fa4 allow sets to be read from files, convenience function for reading a file once, 
bug in destructor that could lead to a segfault.
 2011-11-29 15:05:09 -08:00
Bernhard Amann
4975584e01 change Log enum to Input enum. 2011-11-28 13:45:00 -08:00
Bernhard Amann
3c40f00a53 make filters pointers (for inheritance) 2011-11-22 16:09:13 -08:00
Bernhard Amann
3035eb2b21 fix a little bug that prevented several simultaneous filters from working. 2011-11-21 19:30:16 -08:00
Bernhard Amann
53af0544cc re-enable table events 2011-11-21 19:03:35 -08:00
Bernhard Amann
77a517f2b5 camel-casing for types 2011-11-21 15:45:27 -08:00
Bernhard Amann
92b3723b09 add very basic predicate test. 2011-11-21 15:36:03 -08:00
Bernhard Amann
18591b53d4 rename filter to tablefilter in preparation of event filters... 2011-11-21 15:20:52 -08:00
Bernhard Amann
f0e5303330 make want_record field for tablefilter work... 2011-11-21 15:09:00 -08:00
Bernhard Amann
029871e48c first test. 2011-11-20 13:42:02 -08:00
Robin Sommer
0b8428d1bb Merge branch 'master' into topic/robin/pp-alarms 2011-11-17 15:26:15 -08:00
Robin Sommer
7696c8b365 Merge remote-tracking branch 'origin/topic/jsiwek/require-libmagic-libz' 
* origin/topic/jsiwek/require-libmagic-libz:
  Promote libz and libmagic to required dependencies.

Conflicts:
	doc/quickstart.rst

Closes #674
 2011-11-15 17:08:24 -08:00
Robin Sommer
dacc019f1f Adding test for alarm mail. 
Can't test all the functionality, so skipping DNS lookup and the
actual mailing via sendmail.
 2011-11-15 08:51:48 -08:00
Seth Hall
d14349a6f8 Merge remote-tracking branch 'origin/master' into fastpath 2011-11-14 16:06:44 -05:00
Seth Hall
b12d2c768e Tiny bugfix for http file extraction along with test. 2011-11-14 15:24:15 -05:00
Jon Siwek
d750c3ba74 Promote libz and libmagic to required dependencies. 2011-11-11 12:39:00 -06:00
Seth Hall
320739e183 Updated/fixed MSIE version parsing in the software framework. 2011-10-25 09:30:06 -04:00
Jon Siwek
24f3eb7fc2 Fix test failure due to some platforms joining stderr/stdout differently. 2011-10-17 13:53:10 -05:00