Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-10 18:48:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
11634 commits 388 branches 195 tags 269 MiB
Commit graph

11634 commits

This branch
This branch
All branches
Author SHA1 Message Date
Seth Hall
4bddcd2379 Fixed a bug in the vulnerable software script and added a test. 2013-04-25 14:56:14 -04:00
Seth Hall
41967a8d0f Merge remote-tracking branch 'origin/topic/jsiwek/file-analysis' into topic/seth/file-analysis-exe-analyzer 2013-04-25 13:44:18 -04:00
Seth Hall
317252b5ae Another checkpoint 2013-04-25 13:44:12 -04:00
Seth Hall
48cbb31747 Added an automatic state limiter for threshold based SumStats. 2013-04-25 12:51:55 -04:00
Bernhard Amann
f2967f485b add persistence test not using predetermined random seeds. 
This is failing at the moment.
 2013-04-24 16:03:40 -07:00
Bernhard Amann
f69db71f57 Merge remote-tracking branch 'origin/master' into topic/bernhard/hyperloglog 2013-04-24 16:01:05 -07:00
Bernhard Amann
12cbf20ce0 add topk cluster test 2013-04-24 15:30:24 -07:00
Bernhard Amann
dbd53a09a6 Merge remote-tracking branch 'origin/master' into topic/bernhard/topk 2013-04-24 15:02:19 -07:00
Bernhard Amann
c0890f2a0f make size of topk-list configureable when using sumstats 2013-04-24 15:01:06 -07:00
Jon Siwek
d22f30e9a1 Improve a libmagic-related error message. 2013-04-24 12:57:51 -05:00
Seth Hall
d72980828f Merge remote-tracking branch 'origin/topic/jsiwek/file-analysis' into topic/seth/file-analysis-exe-analyzer 
Conflicts:
	src/file_analysis/ActionSet.cc
	src/types.bif
 2013-04-24 13:01:39 -04:00
Seth Hall
4cc9ca4243 Checkpoint 2013-04-24 12:56:20 -04:00
Bernhard Amann
2f48008c42 implement merging for top-k. 
I am not (entirely) sure that this is mathematically correct, but
I am (more and more) getting the feeling that it... might be.

In any case - this was the last step and now it should work
in cluster settings.
 2013-04-24 06:17:51 -07:00
Bernhard Amann
6f863d2259 add serialization for topk 2013-04-23 23:24:02 -07:00
Robin Sommer
e986247ff2 Merge remote-tracking branch 'origin/topic/jsiwek/974' 
Closes #974.

* origin/topic/jsiwek/974:
  Fix schedule statements used outside event handlers (addresses #974).
 2013-04-23 20:38:21 -07:00
Robin Sommer
f6f00924fc Merge remote-tracking branch 'origin/topic/jsiwek/973' 
Closes #973.

* origin/topic/jsiwek/973:
  Fix record coercion for default inner record fields (addresses #973).
 2013-04-23 20:37:08 -07:00
Robin Sommer
71591d706e Small tweaks for bytestring_to_count(). 
Closes #968.
 2013-04-23 20:32:57 -07:00
Yun Zheng Hu
3fff71b37a Add bytestring_to_count function to bro.bif 2013-04-23 20:18:38 -07:00
Bernhard Amann
a426c76122 make the get function const 2013-04-23 18:23:34 -07:00
Bernhard Amann
567fee6439 Merge remote-tracking branch 'origin/topic/seth/metrics-merge' into topic/bernhard/hyperloglog-with-measurement 
Conflicts:
	scripts/base/frameworks/sumstats/plugins/__load__.bro
 2013-04-23 15:27:17 -07:00
Bernhard Amann
de5769a88f topk for sumstats 2013-04-23 15:19:01 -07:00
Scott Runnels
59405af804 Notice::policy hooks and tests. 
Include explanation of various Notice::policy hook actions.

Add two btest scripts.  framework_notice_hook_01.bro shows adding an
action to the n$action set while framework_notice_suppression.bro shows
how to add a custom n$suppress_for value for a notice through a policy
hook.  While both scripts include an @load directive, it is left out in
RST document so as to avoid confusion.
 2013-04-23 17:02:42 -04:00
Bernhard Amann
5da97455f5 Merge remote-tracking branch 'origin/topic/seth/metrics-merge' into topic/bernhard/topk 2013-04-23 12:17:03 -07:00
Bernhard Amann
85dea8973f Merge branch 'topic/seth/metrics-merge' into topic/bernhard/topk 2013-04-23 12:16:55 -07:00
Jon Siwek
f07760ba00 FileAnalysis: add is_orig field to fa_file & Info. 2013-04-23 10:50:43 -05:00
Jon Siwek
7069f679c3 Fix record coercion for default inner record fields (addresses #973). 2013-04-23 09:57:55 -05:00
Seth Hall
08348b2bc2 Update to make Dir::monitor watch inodes instead of file names. 2013-04-22 21:53:00 -04:00
Seth Hall
035b668f73 Updates to use new input framework mechanism to execute command line programs. 2013-04-22 21:52:21 -04:00
Seth Hall
2c689b7f40 Removed some dead code in scan.bro 2013-04-22 15:27:14 -04:00
Seth Hall
91362717da Renamed a plugin hook in sumstats framework. 2013-04-22 15:27:03 -04:00
Seth Hall
9574499382 Move loading variance back to where it should be alphabetically. 2013-04-22 14:15:37 -04:00
Seth Hall
8f987e5066 Fix a bug with path building in FTP. Came up when changing the path utils. 2013-04-22 14:15:20 -04:00
Seth Hall
60605412ab Fix a few tests. 2013-04-22 14:14:50 -04:00
Jon Siwek
fa30d4a313 Fix schedule statements used outside event handlers (addresses #974). 2013-04-22 13:00:44 -05:00
Scott Runnels
2832939026 Include btest-rst-include directives for logging framework examples. 2013-04-22 11:03:20 -04:00
Bernhard Amann
ce7ad003f2 well, a test that works.. 
Note: merging top-k data structures is not yet possible (and is
actually quite awkward/expensive). I will have to think about
how to do that for a bit...
 2013-04-22 02:40:42 -07:00
Bernhard Amann
c21c18ea45 implement topk. 
This is _completely_ untested. It compiles. It will probably do
nothing else (well, besides crashing Bro).
 2013-04-22 01:10:29 -07:00
Robin Sommer
10dc8b9279 Updating tests. 2013-04-19 16:35:24 -07:00
Robin Sommer
eb3218590e Cleaning up analyzer naming. 
Also adding the script-level ID to the -NN output.
 2013-04-19 16:35:18 -07:00
Robin Sommer
da696c4b24 Unifying analyzer names and descriptions. 2013-04-19 15:58:13 -07:00
Robin Sommer
4bc2ba60c9 Rename analyzer/protocols -> analyzer/protocol 2013-04-19 15:50:57 -07:00
Robin Sommer
f7a10d915b Renaming analyzer. 2013-04-19 15:40:15 -07:00
Robin Sommer
d8259b34dd Unifying *.h guards. 2013-04-19 15:38:08 -07:00
Robin Sommer
3959e254e2 Moving protocol-specific BiFs out of bro.bif. 
I hope I found them all ...
 2013-04-19 15:25:18 -07:00
Jon Siwek
cd0a8bfbdb FileAnalysis: inlined doc fixes. 2013-04-19 16:27:32 -05:00
Bernhard Amann
6e532e8960 update cluster test to also use hll 2013-04-19 09:58:57 -07:00
Jon Siwek
c1f37dde5a FileAnalysis: optimizate connection set updating. 
Don't need to be checking/updating that for sequential data input, which
won't be over multiple conns.
 2013-04-19 11:55:48 -05:00
Bernhard Amann
75f709ec6b Merge branch 'topic/bernhard/hyperloglog' into topic/bernhard/hyperloglog-with-measurement 2013-04-19 09:53:35 -07:00
Bernhard Amann
8340af55d1 persistence really works. 
It took me way too long to find this - I got the uint8 serialize/deserialize
wrong :/
 2013-04-19 09:52:45 -07:00
Jon Siwek
98f7907dbb FileAnalysis: optimize file handle construction. 
cat is slightly faster than fmt.
 2013-04-19 11:38:11 -05:00