Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 22:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
1890 commits 386 branches 195 tags 257 MiB
Commit graph

276 commits

Author SHA1 Message Date
Robin Sommer
3d2dc5f5fc Merge remote-tracking branch 'origin/topic/script-reference' 
* origin/topic/script-reference: (50 commits)
  A few updates for the FAQ.
  Fixing some doc warnings.
  Forgot to add protocol identifier support for TLS 1.2
  Finished SSL & syslog autodocs.
  Adding the draft SSL extension type next_protocol_negotiation.
  Fix some documentation errors.
  Tweaks.
  A set of script-reference polishing.
  fixed a couple typos in comments
  Add summary documentation to bif files.
  Add ssl and syslog script documentation
  Add Conn and DNS protocol script documentation. (fixes #731)
  Small updates to the default local.bro.
  Documentation updates for HTTP & IRC scripts.
  SSH&FTP Documentation updates.
  Fixing a warning from the documentation generation.
  This completes framework documentation package 4.
  Minor notice documentation tweaks.
  Fix some malformed Broxygen xref roles.
  Minor doc tweaks to init-bare.bro.
  ...

Conflicts:
	aux/broccoli
	aux/broctl
	src/bro.bif
	src/strings.bif

Includes:

    - Updated baselines for autodoc tests.
    - Now excluding stats.bro from external texts, it's not stable.
 2012-01-10 14:00:44 -08:00
Robin Sommer
b284dd25cf Merge remote-tracking branch 'origin/master' 2012-01-10 10:46:49 -08:00
Robin Sommer
66be86da61 Fixing coverage failures. 
Friendly reminder: please run test-suite before pushing things
upstream for merges ...
 2012-01-10 10:43:28 -08:00
Robin Sommer
82b1ee0720 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Change SFTP/SCP log rotators to use 4-digit year in filenames (fixes #745).
  Adding back the stats.bro file.

Closes #745.
Closes #656.
 2012-01-10 09:49:58 -08:00
Seth Hall
86a1cbca82 A few more tiny documentation updates commited to the wrong branch. :) 2012-01-10 10:49:10 -05:00
Jon Siwek
f921a4d5db Change SFTP/SCP log rotators to use 4-digit year in filenames (fixes #745). 2012-01-10 09:38:17 -06:00
Seth Hall
727e626bb4 Added an option for filtering out urls before they are turned into HTTP::Incorrect_File_Type notices 2012-01-10 10:38:12 -05:00
Seth Hall
048516c605 Adding back the stats.bro file. 
Closes #656
 2012-01-10 09:10:45 -05:00
Seth Hall
4de670a10e Fixing some doc warnings. 2012-01-10 01:30:55 -05:00
Seth Hall
9b6373584c Forgot to add protocol identifier support for TLS 1.2 2012-01-10 01:09:35 -05:00
Seth Hall
911d7d8436 Finished SSL & syslog autodocs. 2012-01-10 00:56:12 -05:00
Seth Hall
a8f9af3531 Merge branch 'topic/script-reference' of ssh://git.bro-ids.org/bro into topic/script-reference 2012-01-10 00:25:54 -05:00
Seth Hall
8ab372ccff Adding the draft SSL extension type next_protocol_negotiation. 2012-01-09 22:53:53 -05:00
Robin Sommer
e5a42e8a85 Merge branch 'topic/script-reference' of ssh://git.bro-ids.org/bro into topic/script-reference 
Conflicts:
	scripts/base/frameworks/notice/actions/pp-alarms.bro
	scripts/base/frameworks/notice/main.bro
	src/bro.bif
	src/const.bif
	src/event.bif
	src/strings.bif
	src/types.bif
 2012-01-09 18:07:43 -08:00
Jon Siwek
aa69fd53fb Merge branch 'topic/script-reference' of git://git.bro-ids.org/bro into topic/script-reference 2012-01-09 15:49:19 -06:00
Jon Siwek
69a0206a82 Merge branch 'master' into topic/script-reference 
Conflicts:
	scripts/base/frameworks/notice/actions/pp-alarms.bro
	scripts/base/frameworks/notice/main.bro
	scripts/base/init-bare.bro
	src/event.bif
 2012-01-09 15:49:14 -06:00
Daniel Thayer
acf5537acf Add ssl and syslog script documentation 2012-01-09 15:26:34 -06:00
Jon Siwek
62d012e04a Add Conn and DNS protocol script documentation. (fixes #731) 2012-01-09 14:23:24 -06:00
Seth Hall
f389fb42c3 Small updates to the default local.bro. 
- Removed the note from local-manager.bro about setting the
  notice policy there.  The notice framework changed and this
  isn't necessary anymore.
 2012-01-09 13:23:14 -05:00
Seth Hall
3be1222532 Documentation updates for HTTP & IRC scripts. 
Closes #733
 2012-01-08 02:22:52 -05:00
Seth Hall
48ed922e06 SSH&FTP Documentation updates. 
Closes #732
 2012-01-08 01:16:40 -05:00
Seth Hall
1afe8b011c Fixing a warning from the documentation generation. 2012-01-06 16:50:20 -05:00
Seth Hall
f603d0121b This completes framework documentation package 4. 
- Closes ticket #709
 2012-01-06 16:36:22 -05:00
Jon Siwek
e7cf347288 Add SFTP log postprocessor that transfers logs to remote hosts. 
Addresses #737
 2012-01-06 14:58:17 -06:00
Robin Sommer
7646ef1aed Merge remote-tracking branch 'origin/master' into topic/script-reference 
Conflicts:
	scripts/base/frameworks/notice/actions/pp-alarms.bro
	scripts/base/frameworks/notice/main.bro
	scripts/base/init-bare.bro
	src/event.bif
 2012-01-06 12:11:49 -08:00
Jon Siwek
645c80f974 Reduce snaplen default from 65535 to old default of 8192. (fixes #720) 
Also replaced the --snaplen/-l command line option with a
scripting-layer option called "snaplen" (which can also be
redefined on the command line, e.g. `bro -i eth0 snaplen=65535`).
 2012-01-04 16:30:15 -06:00
Seth Hall
f8ec98625d Merge remote-tracking branch 'origin/topic/robin/pp-alarms' 
* origin/topic/robin/pp-alarms:
  The silliest, tiniest little whitespace fixes.
  Update missing in last commit to this branch.
  Adding test for alarm mail.
  Tuning the pretty-printed alarms output.
 2012-01-04 13:41:28 -05:00
Seth Hall
adfbed8e56 The silliest, tiniest little whitespace fixes. 2012-01-04 13:37:07 -05:00
Robin Sommer
5e9153d7d6 Merge remote-tracking branch 'origin/topic/bernhard/notice-proto' 
* origin/topic/bernhard/notice-proto:
  log protocol in notices.

Conflicts:
	scripts/base/frameworks/notice/main.bro

Closes #718.
 2012-01-03 14:52:07 -08:00
Jon Siwek
275420dd29 Minor notice documentation tweaks. 2011-12-19 16:28:30 -06:00
Jon Siwek
a4117016e9 Merge branch 'master' into topic/script-reference 
Conflicts:
	aux/broccoli
	aux/broctl
	scripts/base/frameworks/notice/main.bro
	src/event.bif
 2011-12-19 16:17:58 -06:00
Robin Sommer
c81477d9d3 Executive decision: empty fields are now logged as "(empty)" by default. 2011-12-19 08:49:30 -08:00
Robin Sommer
26ff8e1dab Merge remote branch 'origin/topic/seth/notice-email-delay' 
* origin/topic/seth/notice-email-delay:
  The hostname notice email extension works now.
  Fixed more bugs with delayed emails.
  Working around a problem with setting default container types.
  Ugh, still major failure.  I'm just cutting the timeout handling for now.
  Fixed a small bug major problem with email delay timeout catching.
  Initial fixes for the problem of async actions with notice email extensions.

Closes #727.
 2011-12-19 07:10:28 -08:00
Robin Sommer
0a3e160a8d Merge remote branch 'origin/topic/seth/dns-updates' 
* origin/topic/seth/dns-updates:
  Fixed some bugs with capturing data in the base DNS script.
  Some updates to the base DNS script.

Closes #702.
 2011-12-18 15:20:00 -08:00
Robin Sommer
f3c2811e14 Merge remote branch 'origin/topic/seth/ssl-updates-for-2.0' 
* origin/topic/seth/ssl-updates-for-2.0:
  Added is_orig fields to the SSL events and adapted script.

Closes #692.
 2011-12-18 15:15:57 -08:00
Jon Siwek
cc1459ef35 Fix some malformed Broxygen xref roles. 2011-12-16 14:30:36 -06:00
Jon Siwek
366a5de606 Minor doc tweaks to init-bare.bro. 2011-12-16 11:13:20 -06:00
Seth Hall
8399d28c2e The hostname notice email extension works now. 2011-12-16 10:59:30 -05:00
Robin Sommer
8c53446292 Merge remote branch 'origin/fastpath' 
* origin/fastpath:
  Fixed major bug with cluster synchronization (it was broken!)
 2011-12-16 02:37:56 -08:00
Robin Sommer
4e17ef63f0 Merge remote branch 'origin/fastpath' 
* origin/fastpath:
  Fix missing action in notice policy for looking up GeoIP data.
  Better persistent state config warning messages (fixes #433).
  A few updates for SQL injection detection.
  Fixed some DPD signatures for IRC.  Fixes ticket #311.
  Removing Off_Port_Protocol_Found notice.
  SSH::Interesting_Hostname_Login cleanup.  Fixes #664.
  Teach Broxygen to more generally reference attribute values by name.
  Fixed a really dumb bug that was causing the malware hash registry script to break.
  Fix Broxygen confusing scoped id at start of line as function parameter.
  Remove remnant of libmagic optionality
 2011-12-16 02:36:43 -08:00
Seth Hall
0b8b14a0ed Fixed major bug with cluster synchronization (it was broken!) 2011-12-15 15:59:51 -05:00
Seth Hall
b66c73baaa Fixed more bugs with delayed emails. 2011-12-15 15:57:42 -05:00
Seth Hall
667dcb251a Working around a problem with setting default container types. 2011-12-15 12:51:14 -05:00
Seth Hall
cb904cec4f Ugh, still major failure. I'm just cutting the timeout handling for now. 2011-12-15 12:46:15 -05:00
Seth Hall
f1f5719f83 Fixed a small bug major problem with email delay timeout catching. 2011-12-15 12:41:05 -05:00
Seth Hall
2d97e25eeb Initial fixes for the problem of async actions with notice email extensions. 2011-12-15 12:27:41 -05:00
Robin Sommer
55c982fa14 Adding Broxygen comments to init-bare.bro. 
I've left a few TODOs in there for protocol-specific fields that I
couldn't directly figure out in their meaning. Feel free to fill in
where you can.
 2011-12-15 06:38:59 -08:00
Jon Siwek
303993254e Add more DPD and packet filter framework docs. 2011-12-14 16:07:36 -06:00
Jon Siwek
d89658c19b Add more signature framework documentation. 2011-12-14 12:50:54 -06:00
Jon Siwek
a543ebbea5 Add more notice framework documentation. 2011-12-14 10:05:52 -06:00