the random number generator.
This works like the corresponding command line option but is more
convinient when writing tests as it can be set in btest.cfg.
supported types.
Also not reporting a run-time error anymore when logging to a stream
that hasn't been created; just fail silently as this may happen due to
other earlier errors.
# The prefix for the header line if included.
const header_prefix = "# " &redef;
# The string to use for empty string fields.
const empty_field = "" &redef;
# The string to use for an unset optional field.
const unset_field = "-" &redef;
module LogAscii;
export {
# Output everything to stdout rather than into files. This is primarily
# for testing purposes.
const output_to_stdout = F &redef;
# The separator between fields.
const separator = "\t" &redef;
# True to include a header line with column names.
const include_header = T &redef;
}
* Removed terminate-connection.bro
as a dependency on notice-actions-filters.bro
* geo_location type now has full set of defaults.
* Many conn.bro logged variables are now optional
instead of having defaults.
* Many updates to the notice.bro script. Probably
many more to come. Mostly involved with
modernizing it by extracting functionality,
reducing chained dependencies, and modularization.
* Updated used Notice API in ssh.bro to the
modified notice.bro script.
* DPD is no longer required for it to function.
* $remote_location is made optional for easier logging.
* Added functions for generic threshold tracking.
This follows rather closely how rotation currently works in
rotate-logs.bro. logging.bro now defines:
# Default rotation interval; zero disables rotation.
const default_rotation_interval = 0secs &redef;
# Default naming suffix format.
const default_rotation_date_format = "%y-%m-%d_%H.%M.%S" &redef;
# Default postprocessor for writers outputting into files.
const default_rotation_postprocessor = "" &redef;
# Default function to construct the name of the rotated file.
# The default implementation includes
# default_rotation_date_format into the file name.
global default_rotation_path_func: function(info: RotationInfo) : string &redef;
Writer support for rotation is optional, usually it will only make
sense for file-based writers.
TODO: Currently, there's no way to customize rotation on a per file
basis, there are only the global defaults as described above.
Individual customization is coming next.
Many changes have happened:
* FTP and portmapper functionality is no longer
tied to the conn.bro script.
* All of the "hot" functionality has been broken
out into a separate script for future rework.
* Conn.bro now targets the logging framework.
It works with a simple example, but that's as much testing as it has
seen so far.
Remote::Destination has a new attribute "request_logs: bool"
indicating whether we are interested in the peer's log. Default is
false. If true, Bro will send an explicit "I want your logs" message
over to the other side, which will then start sending log records
back.
When such log records are received, they will be recorded exactly in
the same way as on the remote side, i.e., same fields/writer/path. All
filtering is already performed on the remote side.
Log::Filter has two new attributes, "log_local: bool" and
"log_remote: bool" (both true by default). If log_local is false, this
filter will not record anything locally but still process everything
normally otherwise and potentially forward to remote. If log_remote is
false, this filter will never send anything to remote even if a peer
has requested logs. (Note that with the defaults, requesting logs will
mean getting everything.)
Note that with log forwarding, *both* sides must create the
Filter::Stream. If the remote sends log records for a specific stream,
but the local side hasn't created it, the data will be discarded.
Filtes on the other hand shouldn't created locally; and if they are,
they are ignored for records received from remote).
Adds two extra shell scripts, one to handle either the c-shell
or bourne-shell syntax for setting environment variables, that can
be sourced in order to set the BROPATH directly in the current
shell/environment in a way that's compatible with running bro
from the build/ directory.
