* origin/topic/jsiwek/path-func-record-demote:
Fix filter path_func to allow record argument as a subset of stream's columns.
Conflicts:
src/LogMgr.cc
Closes#600.
* origin/topic/jsiwek/filter-rotation:
Remove Log::rotation_control (addresses #572).
Add an optional Log::RotationControl to Log::Filter records.
Closes#572.
entities.
Before, whether they did depended on libmagic. To do that,
smpt/entities.bro gets a new option `never_calc_md5`.
Also restructuring the tests a bit so that load a common
testing-setup.bro scripts that can set a global configuration.
Both related to Val lists constructed as arguments to events that were
not freed because the event function was never called (e.g. no handlers).
Addresses #574
- The check for the root_certs variable was recreating the certificate
store over and over again which would eventually consume lots of memory
in the x509_stores internal (c++) variable. The index check uses the
Val pointer value for comparison now.
- The value of the content-length headers has now been removed
but it could be added back locally at an installation by a user.
- Added fields to indicate if some parsing interruption happened
during the body transfer.
- Closes#581
- If a protocol violation happens, Bro now logs what it has seen
up until the protocol violation and deletes the c$ssl record
so that a long lived connection with a protocol violation does
continue to hold the memory.
- Removed an notice definition from the base SSL scripts.
- Moved a logging stream ID into the export section for known-services
and bumped priority for creating the stream.
- Adding configuration knobs for the SQL injection attack detection
script and renaming the HTTP::SQL_Injection_Attack notice to
HTTP::SQL_Injection_Attack_Against
- Bumped priority when creating Known::CERTS_LOG.
This required adding the ability for RecordVal::CoerceTo functions to
optionally allow orphaning fields. The default is to not allow it, but
now before writing to a log, the value of the stream's columns is coerced
down, if necessary, before passing it on to the filter's path_func.
Addresses #600.
This is because libmagic can return different results depending on
installation.
Note, this still doesn't fix all problems: smtp-entities sets md5
depending on the mime-type returned by libmagic ...
Log rotation is now controlled directly through Filter records.
Also addressed a TODO in the default_path_func regarding the
LogMgr::AddFilter function generating internal filter path
suggestions/fallbacks. Now, if the user doesn't explicitly set a filter
path, the filter's path will be the result of the first call to
default_path_func (happens during the first write to the log). And in
that case the path suggestion argument to the path_func is an empty
string.
The traces for external test-suites are no longer kept inside the
repositories themselves but downloaded separately via curl. This is
because git is pretty bad at dealing with large files.
See the README for more information.
