* All "Broxygen" usages have been replaced in
code, documentation, filenames, etc.
* Sphinx roles/directives like ":bro:see" are now ":zeek:see"
* The "--broxygen" command-line option is now "--zeexygen"
Instead of assuming the logger node always has the name "logger", now
broctl will set a boolean which the cluster framework scripts can use
to determine if there is a logger node or not.
Also removed one line from the manager node script, because it has to do
with logging, which the logger.bro script handles.
Changed the cluster framework scripts by adding a new Bro node type
for doing logging (this is intended to reduce the load on the manager).
If a user chooses not to specify a logger node in the cluster
configuration, then the manager will write logs locally as usual.
This allows the path for the default filter to be specified explicitly
when creating a stream and reduces the need to rely on the default path
function to magically supply the path.
The default path function is now only used if, when a filter is added to
a stream, it has neither a path nor a path function already.
Adapted the existing Log::create_stream calls to explicitly specify a
path value.
Addresses BIT-1324
The text from these README files appears on the "Bro Script Packages"
page after building the documentation. The text for these was mostly just
copied from the existing docs.
* origin/topic/jsiwek/ipv6-comm:
Enable Bro to communicate with peers over non-global IPv6 addresses.
Add unit tests for Broccoli SSL and Broccoli IPv6 connectivity.
Remove AI_ADDRCONFIG getaddrinfo hints flag for listening sockets.
Undo communication protocol version bump.
Add support to Bro for connecting with peers over IPv6.
Closes#820.
Conflicts:
src/bro.bif
This usually requires specifying an additional zone identifier
(see RFC 4007). The connect() and listen() BIFs have been
changed to accept this zone identifier as an argument.
The loading of these is better handled by BroControl and it seems
odd to load them from a base/ script anyway since they'll contain
site/policy specific code.
Addresses #663
- Simplified the communication API and made it easier to change
to encrypted connections by not having separate variables to
define encrypted and unencrypted ports.
- Now, to enable listening without configuring nodes just
load the frameworks/communication/listen script.
- If encrypted listening is desired set the following:
redef Communication::listen_encrypted=T;
- Accompanying test updates.
- Fixed a bug where notices were being passed to proxies.
This was a mistake and should greatly reduce load on
many clusters.
- Cluster event regex variables renamed to:
- Notice::manager2worker_events
- Notice::manager2proxy_events
- Notice::worker2manager_events
- Notice::worker2proxy_events
- Notice::proxy2manager_events
- Notice::proxy2worker_events
- The default Notice::policy set is cleared for all cluster
nodes except for managers to cause all default notice
processing to occur on managers. This should reduce load
on workers slightly.
* origin/topic/seth/notice-suppression:
Updated a notice related baseline and added a necessary @load line.
Notice suppression clean up and notice/cluster integrtion fixes.
Updates for notice suppression to use the &create_expire attribute
Small, mostly cosmetic updates and fixing a test.
Fix crash on exit (addresses #607).
Duplicate notice suppression.
Closes#623.
- Worker raised notices are printed a single time by the manager now.
- Cluster/notices integration cleaned up.
- New tests for cluster/notice integration.
- Notice suppression fixes and tests.
- Log path's are generated in the scripting land
now. The default Log stream ID to path string
mapping works like this:
- Notice::LOG -> "notice"
- Notice::POLICY_LOG -> "notice_policy"
- TestModule::LOG -> "test_module"
- Logging streams updated across all of the shipped
scripts to be more user friendly. Instead of
the logging stream ID HTTP::HTTP, we now have
HTTP::LOG, etc.
- The priorities on some bro_init handlers have
been adjusted to make the process of applying
filters or disabling streams easier for users.
- fixing some Metrics::add_data() call signatures
- slight refactors to cluster framework @if and adding a NONE NodeType for
so local_node_type() will return that instead of just emitting an error
when cluster mode isn't enabled
- `make restdoc` target now uses bro's bare-mode
- bro scripts generated from bifs now really only live in the build/src/base/
directory and changed the DocSourcesList.cmake to dynamically figure out
what bifs exist by looking in src/ instead of build/src/
- add some missing @load dependencies
- Metrics now work on cluster deployments with no caveats. It should be
completely transparent. Intermediate updates to speed some detection
will come later.
