Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-05 16:18:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
11634 commits 386 branches 195 tags 258 MiB
Commit graph

3495 commits

Author SHA1 Message Date
Scott Runnels
cb3e05edd4 Include Notice Policy shortcuts in the Scripting User Manual. 
Include two tests and baselines for the RST output.
 2013-04-28 15:48:44 -04:00
Bernhard Amann
9802e2332d Merge branch 'topic/bernhard/hyperloglog-with-measurement' into topic/bernhard/hyperloglog 2013-04-25 13:46:36 -07:00
Bernhard Amann
32620952d0 Merge remote-tracking branch 'origin/topic/seth/metrics-merge' into topic/bernhard/hyperloglog 2013-04-25 13:45:30 -07:00
Seth Hall
4bddcd2379 Fixed a bug in the vulnerable software script and added a test. 2013-04-25 14:56:14 -04:00
Bernhard Amann
f2967f485b add persistence test not using predetermined random seeds. 
This is failing at the moment.
 2013-04-24 16:03:40 -07:00
Bernhard Amann
f69db71f57 Merge remote-tracking branch 'origin/master' into topic/bernhard/hyperloglog 2013-04-24 16:01:05 -07:00
Bernhard Amann
12cbf20ce0 add topk cluster test 2013-04-24 15:30:24 -07:00
Bernhard Amann
dbd53a09a6 Merge remote-tracking branch 'origin/master' into topic/bernhard/topk 2013-04-24 15:02:19 -07:00
Bernhard Amann
2f48008c42 implement merging for top-k. 
I am not (entirely) sure that this is mathematically correct, but
I am (more and more) getting the feeling that it... might be.

In any case - this was the last step and now it should work
in cluster settings.
 2013-04-24 06:17:51 -07:00
Bernhard Amann
6f863d2259 add serialization for topk 2013-04-23 23:24:02 -07:00
Robin Sommer
e986247ff2 Merge remote-tracking branch 'origin/topic/jsiwek/974' 
Closes #974.

* origin/topic/jsiwek/974:
  Fix schedule statements used outside event handlers (addresses #974).
 2013-04-23 20:38:21 -07:00
Robin Sommer
f6f00924fc Merge remote-tracking branch 'origin/topic/jsiwek/973' 
Closes #973.

* origin/topic/jsiwek/973:
  Fix record coercion for default inner record fields (addresses #973).
 2013-04-23 20:37:08 -07:00
Robin Sommer
71591d706e Small tweaks for bytestring_to_count(). 
Closes #968.
 2013-04-23 20:32:57 -07:00
Yun Zheng Hu
3fff71b37a Add bytestring_to_count function to bro.bif 2013-04-23 20:18:38 -07:00
Bernhard Amann
567fee6439 Merge remote-tracking branch 'origin/topic/seth/metrics-merge' into topic/bernhard/hyperloglog-with-measurement 
Conflicts:
	scripts/base/frameworks/sumstats/plugins/__load__.bro
 2013-04-23 15:27:17 -07:00
Bernhard Amann
de5769a88f topk for sumstats 2013-04-23 15:19:01 -07:00
Scott Runnels
59405af804 Notice::policy hooks and tests. 
Include explanation of various Notice::policy hook actions.

Add two btest scripts.  framework_notice_hook_01.bro shows adding an
action to the n$action set while framework_notice_suppression.bro shows
how to add a custom n$suppress_for value for a notice through a policy
hook.  While both scripts include an @load directive, it is left out in
RST document so as to avoid confusion.
 2013-04-23 17:02:42 -04:00
Bernhard Amann
5da97455f5 Merge remote-tracking branch 'origin/topic/seth/metrics-merge' into topic/bernhard/topk 2013-04-23 12:17:03 -07:00
Bernhard Amann
85dea8973f Merge branch 'topic/seth/metrics-merge' into topic/bernhard/topk 2013-04-23 12:16:55 -07:00
Jon Siwek
f07760ba00 FileAnalysis: add is_orig field to fa_file & Info. 2013-04-23 10:50:43 -05:00
Jon Siwek
7069f679c3 Fix record coercion for default inner record fields (addresses #973). 2013-04-23 09:57:55 -05:00
Seth Hall
60605412ab Fix a few tests. 2013-04-22 14:14:50 -04:00
Jon Siwek
fa30d4a313 Fix schedule statements used outside event handlers (addresses #974). 2013-04-22 13:00:44 -05:00
Bernhard Amann
ce7ad003f2 well, a test that works.. 
Note: merging top-k data structures is not yet possible (and is
actually quite awkward/expensive). I will have to think about
how to do that for a bit...
 2013-04-22 02:40:42 -07:00
Robin Sommer
10dc8b9279 Updating tests. 2013-04-19 16:35:24 -07:00
Bernhard Amann
6e532e8960 update cluster test to also use hll 2013-04-19 09:58:57 -07:00
Bernhard Amann
75f709ec6b Merge branch 'topic/bernhard/hyperloglog' into topic/bernhard/hyperloglog-with-measurement 2013-04-19 09:53:35 -07:00
Bernhard Amann
8340af55d1 persistence really works. 
It took me way too long to find this - I got the uint8 serialize/deserialize
wrong :/
 2013-04-19 09:52:45 -07:00
Robin Sommer
dfc4cb0881 Moving all analyzers over to new structure. 
This is a checkpoint, it works but there's more cleanup to do. TODOs in
src/analyzer/protocols/TODO.
 2013-04-16 20:52:03 -07:00
Bernhard Amann
dc18a6d6e3 Merge remote-tracking branch 'origin/topic/seth/metrics-merge' into topic/bernhard/hyperloglog-with-measurement 
and fix up the hll scripts for it.

Conflicts:
	scripts/base/frameworks/sumstats/plugins/__load__.bro
	testing/btest/scripts/base/frameworks/measurement/basic.bro
 2013-04-16 05:25:10 -07:00
Seth Hall
1cac89e4f8 SumStats test checkpoint. 2013-04-16 00:54:41 -04:00
Seth Hall
437815454d SumStats tests pass. 2013-04-15 15:28:11 -04:00
Seth Hall
fbe967e16a Checkpoint for SumStats rename. 2013-04-15 15:12:28 -04:00
Jon Siwek
037d582b0e FileAnalysis: add custom libmagic database. 
- It's derived from the magic database of libmagic 5.14, but with most
  everything not related to mime types removed.

- The custom database is always used by default for mime detection, but
  the more verbose file type detection will fall back on the default
  libmagic installation's database.  The result is: mime type strings
  are now guaranteed to be consistent across platforms, but the verbose
  file type descriptions are not.

- The custom database gets installed in $prefix/share/bro/magic, and
  should even be extensible if files with new patterns are added inside
  the directory.

- The search path for the mime magic database can be controlled via
  BROMAGIC environment variable.

- Remove mime_desc field from ftp.log.

- Stop using the mime/file type canonifier with unit tests.

- libmagic >= 5.04 is now a requirement.
 2013-04-12 11:58:19 -05:00
Jon Siwek
b8c98b8bf7 FileAnalysis: change terminology s/action/analyzer 2013-04-11 14:53:54 -05:00
Jon Siwek
e81f2ae7b0 FileAnalysis: libmagic tweaks. 
Remove verbose file type detection and automatically strip out charset
from mime type.
 2013-04-11 13:11:46 -05:00
Jon Siwek
e2fbee9054 FileAnalysis: add more params to some events. 2013-04-11 11:24:18 -05:00
Jon Siwek
d9321e2203 FileAnalysis: remove some file events. 
The file_new event now takes over the function of file_type, file_bof,
and file_bof_buffer.
 2013-04-10 14:34:23 -05:00
Jon Siwek
a2d9b47bcd FileAnalysis: finish switching hooks to events. 2013-04-10 11:13:43 -05:00
Bernhard Amann
f10ed9e29a change plugin after feedback of seth 2013-04-10 10:45:45 -04:00
Robin Sommer
52cd02173d Removing event groups. 2013-04-09 16:49:47 -07:00
Jon Siwek
641154f8e8 FileAnalysis: checkpoint in middle of big reorganization. 
- FileAnalysis::Info is now just a record used for logging, the fa_file
  record type is defined in init-bare.bro as the analogue to a
  connection record.

- Starting to transfer policy hook triggers and analyzer results to
  events.
 2013-04-09 15:49:58 -05:00
Bernhard Amann
07d44f3aa0 Merge remote-tracking branch 'origin/topic/seth/metrics-merge' into topic/bernhard/hyperloglog-with-measurement 2013-04-08 10:56:18 +02:00
Bernhard Amann
7eee2f0d17 measurement framework with hll unique 2013-04-08 10:00:34 +02:00
Bernhard Amann
25c0ffc3ab Merge branch 'topic/bernhard/hyperloglog' into topic/bernhard/hyperloglog-with-measurement 2013-04-08 09:45:10 +02:00
Bernhard Amann
7f5e2b1301 and test results. are those stable accross platforms? Or do we have to do some kind of rounding? 2013-04-08 09:44:24 +02:00
Bernhard Amann
53d6f3aae7 rework cardinality interface to use opaque. 
I like it better...
 2013-04-07 23:05:14 +02:00
Robin Sommer
1a30a57816 Porting syslog analyzer as another example. 
The diff to this commit shows what "porting" involves ...

This also adds a small test for syslog.
 2013-04-05 13:13:30 -07:00
Jon Siwek
e73a261262 FileAnalysis: fix file type canonification for file_analysis.log 2013-04-03 09:58:35 -05:00
Seth Hall
e8b60d1ba8 Updated FTP bruteforce detection and a few other small changes. 2013-04-02 00:55:25 -04:00