Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-09 18:18:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
9501 commits 387 branches 195 tags 267 MiB
Commit graph

9501 commits

This branch
This branch
All branches
Author SHA1 Message Date
Jon Siwek
f41f392743 Improve input framework re-read logic 
Changed from checking for "has newer modification time" to "has
different modification time or inode number".
 2018-08-24 12:46:31 -05:00
Jon Siwek
5c9813eadb Merge branch 'topic/feature/upstream/refresh-maxmind-db' of https://github.com/corelight/bro 
* 'topic/feature/upstream/refresh-maxmind-db' of https://github.com/corelight/bro:
  Detect MaxMind DB changes and auto-reload
 2018-08-24 10:27:26 -05:00
Jonathan Perkins
2b0e265a1f Detect MaxMind DB changes and auto-reload 2018-08-24 08:56:23 -05:00
Jon Siwek
d43238fe69 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Fix finding of kerberos and libmaxminddb in CMakeLists.txt
 2018-08-23 16:55:50 -05:00
Jon Siwek
af181474c1 BIT-1885: fix "kill" threading message 
Now goes through the proper (main thread) channels to signal the
thread to stop.
 2018-08-23 16:48:49 -05:00
Johanna Amann
b2a0418dc5 Final touches to SSL events with record layer version. 2018-08-23 14:18:38 -07:00
Daniel Thayer
7739aaf780 Fix finding of kerberos and libmaxminddb in CMakeLists.txt 
On an older system (CentOS 7), there was a bug where although the
headers and libraries for kerberos and maxminddb were found correctly,
both of those components were listed as "false" in the "Bro Build Summary"
output from cmake.
 2018-08-23 15:59:35 -05:00
Jon Siwek
b9dfca7789 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Improve readability of the Travis job log
 2018-08-23 15:21:25 -05:00
Jon Siwek
620cd671ba Fix tracking of DCE-RPC context identifier mappings 
This adds previously-missing support for "Alter Context"
request/response PDUs (initial patch contributed by Mark Fernandez).

Also, context ID arguments were added to dce_rpc_bind, dce_rpc_request,
and dce_rpc_response in order to properly track what endpoint/operation
a given opnum maps to.
 2018-08-23 15:11:38 -05:00
Daniel Thayer
419b5d9ee0 Improve readability of the Travis job log 
Use quiet mode in git checkout to suppress a dozen lines of output.
Also added a blank line of output just before attempting to get the
private tests.
 2018-08-23 12:27:08 -05:00
Robin Sommer
45338b1942 Merge remote-tracking branch 'origin/topic/jsiwek/bit-1885' 
* origin/topic/jsiwek/bit-1885:
  BIT-1885: fix input framework memory leak
  Increase timeout for a memleak test
 2018-08-23 15:53:35 +00:00
Jon Siwek
b847b3b4d9 BIT-1885: fix input framework memory leak 
For input threads that get joined during run-time instead of being
signalled to stop at termination-time as typical (e.g. an error occurs
or process exits w/ non-zero status) messages could remain in the
thread's queue and leak.

This patches threads to ensure they enter the proper "finished"
state so that the thread manager can attempt to fully process and
empty out their queues before joining them.
 2018-08-22 19:23:10 -05:00
Jon Siwek
f5848f0279 Increase timeout for a memleak test 2018-08-22 19:22:08 -05:00
Jon Siwek
66871ba948 Ensure external test repo hashes track origin/master 2018-08-22 12:06:33 -05:00
Jon Siwek
12955d8676 Updating submodule(s). 
[nomail]
 2018-08-22 11:55:29 -05:00
Jon Siwek
1f70f607ce Fix "unused CMake variable" configuration warnings 2018-08-22 11:49:33 -05:00
Jon Siwek
f3f5ca923e Updating submodule(s). 
[nomail]
 2018-08-22 11:01:39 -05:00
Jon Siwek
ef3d451af3 Fix Travis CI script to checkout particular commits of external tests 2018-08-21 16:49:06 -05:00
Jon Siwek
553ce6aca1 Fix signed/unsigned comparison warning 2018-08-21 16:16:00 -05:00
Jon Siwek
9121c0436f Add --with-broker configure option 2018-08-21 15:55:56 -05:00
Jon Siwek
b679a51376 Merge remote-tracking branch 'origin/topic/jazoff/fix-snaplen' 
* origin/topic/jazoff/fix-snaplen:
  problem: default snaplen is too small for jumbo frames
 2018-08-21 14:54:55 -05:00
Jon Siwek
b63f0e2675 Updating submodule(s). 
[nomail]
 2018-08-21 10:02:02 -05:00
Johanna Amann
aa2488fb69 Merge remote-tracking branch 'origin/master' into topic/johanna/tls-more-data 2018-08-20 16:10:21 -07:00
Jon Siwek
ee0bbdad34 Fix outdated documentation test baselines 2018-08-20 15:51:51 -05:00
Jon Siwek
bcf97f70ea Merge remote-tracking branch 'origin/topic/jsiwek/empty-lines' 
* origin/topic/jsiwek/empty-lines:
  Add 'smtp_excessive_pending_cmds' weird
  Fix SMTP command string comparisons
  Improve handling of empty lines in several text protocol analyzers
  Add rate-limiting sampling mechanism for weird events
  Teach timestamp canonifier about timestamps before ~2001
 2018-08-20 15:35:16 -05:00
Jon Siwek
000072978a Merge remote-tracking branch 'origin/topic/dnthayer/ticket1700-part2' 
* origin/topic/dnthayer/ticket1700-part2:
  Remove the node-specific local-*.bro scripts
 2018-08-20 15:02:41 -05:00
Daniel Thayer
052a5b4d84 Remove the node-specific local-*.bro scripts 2018-08-20 12:57:00 -05:00
Jon Siwek
4912513517 Improve diff-remove-abspath canonifier: collapse '/' sequences 2018-08-20 12:47:57 -05:00
Jon Siwek
6595b21e2e Merge remote-tracking branch 'origin/topic/dnthayer/ticket1963' 
* origin/topic/dnthayer/ticket1963:
  Remove unused redef-able constants
  Convert some redef-able constants to runtime options
 2018-08-20 12:44:58 -05:00
Jon Siwek
1671244a64 Merge remote-tracking branch 'origin/topic/dnthayer/doc-fixes-for-2.6' 
* origin/topic/dnthayer/doc-fixes-for-2.6:
  Fix some typos and improve formatting in NEWS
  Update the operators documentation
  Replace references to libgeoip in the documentation
  Update install instructions for python-ipaddress
  Update documentation of "option" and "redef" declarations
  Improvements to the config framework documentation
  Rearrange some lines on the "Log Files" documentation page
  Improve install/setup instructions for libmaxminddb
  Update NEWS for config framework clusterization changes
  Update config framework doc for clusterization changes
  Fix typos and formatting issues in config framework docs
 2018-08-17 17:10:34 -05:00
Jon Siwek
edf8658b11 Merge remote-tracking branch 'origin/topic/vladg/dhcp_event_deprecation' 
* origin/topic/vladg/dhcp_event_deprecation:
  Add script to support the old DHCP events

Updated coverage tests and fixed incorrect DHCP:: scoping on some things
 2018-08-17 16:38:19 -05:00
Jon Siwek
fa46c6a16a Updating submodule(s). 
[nomail]
 2018-08-17 15:16:25 -05:00
Jon Siwek
bd24421734 BIT-466: add redef += support to vectors 2018-08-17 15:16:15 -05:00
Daniel Thayer
1a4629b0dc Merge remote-tracking branch 'origin/master' into topic/dnthayer/ticket1963 2018-08-17 14:11:47 -05:00
Johanna Amann
b1dbd757a6 Merge remote-tracking branch 'origin/master' into topic/johanna/tls-more-data 2018-08-17 11:52:00 -07:00
Johanna Amann
95c72f3717 Update submodule 
[nomail]
 2018-08-17 11:25:58 -07:00
Daniel Thayer
a71ed6f781 Merge remote-tracking branch 'origin/master' into topic/dnthayer/doc-fixes-for-2.6 2018-08-17 11:34:16 -05:00
Daniel Thayer
ab2f745edb Fix some typos and improve formatting in NEWS 2018-08-17 11:33:19 -05:00
Daniel Thayer
8fe300a47c Update the operators documentation 
Added documentation for some new operators and improve documentation of
the "in" operator.  Also corrected a few typos in the docs.
 2018-08-17 11:30:39 -05:00
Jon Siwek
fcabd72b92 BIT-1815: move SMB::write_cmd_log functionality into policy/ script 
The option is removed, but same functionality is now enabled simply
by loading policy/protocols/smb/log-cmds.bro
 2018-08-17 11:15:18 -05:00
Jon Siwek
fc7d3cd981 Fix possible race in netcontrol acld/broker plugins 
Best to subscribe before connecting
 2018-08-17 10:31:31 -05:00
Jon Siwek
a04c76c035 Enable SMB by default by moving scripts from policy/ to base/ 2018-08-16 17:23:28 -05:00
Jon Siwek
7fdf621a1d BIT-1924: add DHCP port to software.log for completeness 2018-08-16 16:08:29 -05:00
Daniel Thayer
c941c565a6 Replace references to libgeoip in the documentation 
Replace references to the old libgeoip library with "libmaxminddb" or
"GeoIP support".
 2018-08-16 15:45:58 -05:00
Daniel Thayer
f40e317c0d Update install instructions for python-ipaddress 2018-08-16 15:41:18 -05:00
Daniel Thayer
4613347a95 Update documentation of "option" and "redef" declarations 
Add documentation of using "redef" on a runtime option.  Also mention
how to change an option's value at runtime.
 2018-08-16 14:23:25 -05:00
Jon Siwek
81a8961f16 BIT-1858: fix logged-names for DNS RR types 44 and 45 2018-08-16 14:13:31 -05:00
Jon Siwek
15dc5d1dda BIT-1850: add missing DCE/RPC PDU type enum values 2018-08-16 14:09:03 -05:00
Daniel Thayer
6ef98cdb77 Improvements to the config framework documentation 
Add documentation of using redef to redefine initial value of options.
Mention caveats for changing the value of specific data types.
Show an example of how to use the Config::set_value() function.
Other small improvements to the examples and text.
 2018-08-16 13:32:46 -05:00
Jon Siwek
da9f91fc19 Add env. variables to override Broker listen/connect retry intervals 
And use them to default retries to 1sec for all unit tests.
 2018-08-16 12:16:03 -05:00