Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-09 18:18:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
13262 commits 387 branches 195 tags 267 MiB
Commit graph

13262 commits

This branch
This branch
All branches
Author SHA1 Message Date
Seth Hall
e0df278de6 Merge remote-tracking branch 'origin/topic/jsiwek/faf-experimental' into topic/seth/file-analysis-exe-analyzer 
Conflicts:
	src/file_analysis.bif
 2013-04-10 22:59:11 -04:00
Seth Hall
8beb75d985 Checkpoint. 2013-04-10 22:57:54 -04:00
Jon Siwek
2747e839fb FileAnalysis: insert explicit event queue flush points. 
And added an event called "event_queue_flush_point" to mark where that
occured in the event stream.  The FAF now uses an explicit event queue
flush instead of buffering input in order to wait for a file handle to
be returned from script-layer.
 2013-04-10 16:48:10 -05:00
Bernhard Amann
3820651eaf Merge branch 'topic/bernhard/hyperloglog' into topic/bernhard/hyperloglog-with-measurement 2013-04-10 16:06:08 -04:00
Bernhard Amann
5291bb29f2 and also serialize the other things we need 2013-04-10 16:05:24 -04:00
Jon Siwek
d9321e2203 FileAnalysis: remove some file events. 
The file_new event now takes over the function of file_type, file_bof,
and file_bof_buffer.
 2013-04-10 14:34:23 -05:00
Bernhard Amann
3644dcdd22 Merge branch 'topic/bernhard/hyperloglog' into topic/bernhard/hyperloglog-with-measurement 2013-04-10 13:48:00 -04:00
Bernhard Amann
240d667e30 ok, this bug was hard to find. 
hyperloglog.h was missing guards and randomly deleting memory at
addresses equal to variable contents.

I am not entirely sure why that did not crash before...
 2013-04-10 13:45:21 -04:00
Bernhard Amann
b5522fc4b7 Merge branch 'topic/bernhard/hyperloglog' into topic/bernhard/hyperloglog-with-measurement 2013-04-10 13:16:03 -04:00
Bernhard Amann
a37ffab0ea serialization compiles. 
Not entirely sure if it works too...
 2013-04-10 13:15:31 -04:00
Jon Siwek
a2d9b47bcd FileAnalysis: finish switching hooks to events. 2013-04-10 11:13:43 -05:00
Bernhard Amann
f10ed9e29a change plugin after feedback of seth 2013-04-10 10:45:45 -04:00
Robin Sommer
eb94c6becd Fixing ref counting bug. 2013-04-09 17:38:01 -07:00
Robin Sommer
2002787c6e A set of interface changes in preparation for merging into BinPAC++ 
branch.
 2013-04-09 17:16:27 -07:00
Robin Sommer
52cd02173d Removing event groups. 2013-04-09 16:49:47 -07:00
Jon Siwek
641154f8e8 FileAnalysis: checkpoint in middle of big reorganization. 
- FileAnalysis::Info is now just a record used for logging, the fa_file
  record type is defined in init-bare.bro as the analogue to a
  connection record.

- Starting to transfer policy hook triggers and analyzer results to
  events.
 2013-04-09 15:49:58 -05:00
Bernhard Amann
07d44f3aa0 Merge remote-tracking branch 'origin/topic/seth/metrics-merge' into topic/bernhard/hyperloglog-with-measurement 2013-04-08 10:56:18 +02:00
Bernhard Amann
09b5d23deb Merge branch 'topic/bernhard/hyperloglog' into topic/bernhard/hyperloglog-with-measurement 2013-04-08 10:55:15 +02:00
Bernhard Amann
bcd610fd50 Forgot a file. Again. Like always. Basically. 2013-04-08 10:55:00 +02:00
Bernhard Amann
ac0e211c6c do away with old file. 2013-04-08 10:01:55 +02:00
Bernhard Amann
7eee2f0d17 measurement framework with hll unique 2013-04-08 10:00:34 +02:00
Bernhard Amann
25c0ffc3ab Merge branch 'topic/bernhard/hyperloglog' into topic/bernhard/hyperloglog-with-measurement 2013-04-08 09:45:10 +02:00
Bernhard Amann
7f5e2b1301 and test results. are those stable accross platforms? Or do we have to do some kind of rounding? 2013-04-08 09:44:24 +02:00
Bernhard Amann
53d6f3aae7 rework cardinality interface to use opaque. 
I like it better...
 2013-04-07 23:05:14 +02:00
Bernhard Amann
c08d285497 Merge remote-tracking branch 'origin/topic/robin/thread-cleanup' into topic/bernhard/thread-cleanup 2013-04-07 20:45:05 +02:00
Bernhard Amann
2cc1f82425 Merge remote-tracking branch 'origin/master' into topic/bernhard/thread-cleanup 2013-04-07 20:43:47 +02:00
Robin Sommer
1a30a57816 Porting syslog analyzer as another example. 
The diff to this commit shows what "porting" involves ...

This also adds a small test for syslog.
 2013-04-05 13:13:30 -07:00
Robin Sommer
d5865c67cb Removing some debugging output. 2013-04-05 12:40:09 -07:00
Robin Sommer
86551cd429 Fixing test. 2013-04-05 12:38:21 -07:00
Robin Sommer
2bbce6b15f Documenting Analyzer API, plus some cleanup. 2013-04-04 18:38:12 -07:00
Robin Sommer
20be34526f Updating submodule. 2013-04-04 16:56:17 -07:00
Robin Sommer
897be0e147 Giving analyzer/ its own CMakeLists.txt. 
Also moving src/analyzer.bif to src/analyzer/analyzer.bif, along with
the infrastructure to build/incude bif code at other locations.

We should generally move to having per-directory CMakeLists.txt. I'll
convert the others over later.
 2013-04-04 16:53:21 -07:00
Robin Sommer
bccaea6883 Adding options Analyzer::disable_all to disable all analyzers at 
startup.

One can then selectively enable the ones one wants inside a bro_init()
handler.
 2013-04-04 15:24:15 -07:00
Robin Sommer
b122b39874 Removing all Analyzer::Available() methods. 2013-04-04 15:15:33 -07:00
Robin Sommer
40ca718e90 Removing the --use-binpac switch. 2013-04-03 13:40:49 -07:00
Robin Sommer
bfda42b9e9 Removing legacy binpac analyzer for DNS and HTTP. 2013-04-03 13:40:45 -07:00
Seth Hall
42a05e9570 Merge remote-tracking branch 'origin/topic/jsiwek/file-analysis' into topic/seth/file-analysis-exe-analyzer 2013-04-03 14:05:13 -04:00
Jon Siwek
e73a261262 FileAnalysis: fix file type canonification for file_analysis.log 2013-04-03 09:58:35 -05:00
Seth Hall
a624dd61c0 Merge remote-tracking branch 'origin/topic/jsiwek/file-analysis' into topic/seth/file-analysis-exe-analyzer 
Conflicts:
	src/file_analysis/ActionSet.cc
 2013-04-03 10:56:38 -04:00
Jon Siwek
393d35dc60 Revert "FileAnalysis: optimize get_file_handle event queueing." 
This reverts commit fc267d010d.

There were some diffs caused by this in external test suites I'm
unsure about, I'm going to go over optimizations more closely in
a different branch.
 2013-04-03 09:49:39 -05:00
Seth Hall
d19b8b0266 Checkpoint for discussion. 2013-04-03 00:51:33 -04:00
Jon Siwek
fc267d010d FileAnalysis: optimize get_file_handle event queueing. 
When a file handle is needed and the last event in the queue is also
a get_file_handle event with the same arguments, instead of queueing
a new event, just remember to cache/re-use the resulting handle from
the previous event.  This depends on get_file_handle handlers not
changing global state that is also used to derive the file handle
string.
 2013-04-02 16:21:51 -05:00
Seth Hall
f2ac938603 Merge remote-tracking branch 'origin/topic/robin/thread-cleanup' into topic/seth/exec-module 2013-04-02 15:12:38 -04:00
Jon Siwek
390358b70c FileAnalysis: Fix compile error. 2013-04-02 09:54:06 -05:00
Seth Hall
d86748969a Merge remote-tracking branch 'origin/topic/bernhard/input-update' into topic/seth/exec-module 2013-04-02 09:24:19 -04:00
Bernhard Amann
fd51db1c89 purely aesthetical - make whitespacing fit bro coding style. 
Second step will be to change the bifs a bit...
 2013-04-02 11:24:03 +02:00
Seth Hall
94f39fee2a Updating DocSourcesList 2013-04-02 01:04:40 -04:00
Seth Hall
e8b60d1ba8 Updated FTP bruteforce detection and a few other small changes. 2013-04-02 00:55:25 -04:00
Seth Hall
423bf3b3bf Test updates and cleanup. 2013-04-02 00:30:14 -04:00
Seth Hall
0e3c84e863 Fixed the measurement "sample" plugin. 2013-04-02 00:19:06 -04:00