Mirror/zeek - git.uphillsecurity.com: We code.

mirror of https://github.com/zeek/zeek.git synced 2025-10-08 01:28:20 +00:00

Author	SHA1	Message	Date
Robin Sommer	57ee6ecf48	Updating submodule.	2019-07-03 02:53:30 +00:00
Tim Wojtulewicz	ba02b03f7e	Update submodules for JSON work	2019-07-02 13:16:23 -07:00
Tim Wojtulewicz	d732fb4d4b	Update unit tests for JSON logger to match new output	2019-07-02 13:14:52 -07:00
Tim Wojtulewicz	9b76e8faf4	Modify JSON log writer to use the external JSON library	2019-07-02 13:14:52 -07:00
Tim Wojtulewicz	d27c846ec5	Update unit test output to match json.zeek being deprecated and slight format changes to JSON output	2019-07-02 13:14:52 -07:00
Tim Wojtulewicz	33a7927704	Add proper JSON serialization via C++, deprecate json.zeek	2019-07-02 12:52:26 -07:00
Tim Wojtulewicz	385de9b0e7	Add new method for escaping UTF8 strings for JSON output	2019-07-02 12:52:26 -07:00
Tim Wojtulewicz	2cb87c3309	Move do_sub method from zeek.bif to StringVal class method	2019-07-02 12:52:26 -07:00
Tim Wojtulewicz	528bad72de	Move record_fields method from zeek.bif to Val class method	2019-07-02 12:52:25 -07:00
Tim Wojtulewicz	dffefe0683	Add ToStdString method for StringVal	2019-07-02 12:52:25 -07:00
sfinlon	fe46035366	Fix CIF integration and add logging options to intel.log and added comments to code	2019-07-01 23:54:24 -04:00
Zeke Medley	f18464f1f8	remove some leftover debug output	2019-07-01 14:26:02 -07:00
Zeke Medley	6e84a5eb8e	Merge branch 'master' of https://github.com/zeek/zeek into topic/zeke/closures	2019-07-01 13:43:48 -07:00
Zeke Medley	409f27955b	Call parent constructor from LambdaExpr.	2019-07-01 13:36:28 -07:00
Jon Siwek	23a1815e29	Updating submodule(s). [nomail]	2019-07-01 12:17:53 -07:00
Tim Wojtulewicz	20c320d62b	Add clang-tidy rule to CMake including a base configuration	2019-07-01 12:09:55 -07:00
Jon Siwek	962988e0b4	Updating submodule(s). [nomail]	2019-07-01 10:40:48 -07:00
Johanna Amann	3cdda7647f	Merge remote-tracking branch 'origin/topic/jsiwek/gh-443-fix-timestamp-0-logs' * origin/topic/jsiwek/gh-443-fix-timestamp-0-logs: GH-443: fix uses of timestamp 0 in cluster diagnostic logs	2019-07-01 01:29:41 -07:00
Johanna Amann	1ebd3adf20	Merge remote-tracking branch 'origin/topic/jsiwek/gh-243-wrap-up-deprecation-removal' * origin/topic/jsiwek/gh-243-wrap-up-deprecation-removal: Improve deprecation warning messages Remove deprecated DNS events Remove BackDoor analyzer Remove InterConn analyzer Remove deprecated/unused irc_servers option Remove deprecated print_hook event Remove dead code: dump_used_event_handlers Remove unused software_version_found events Remove deprecated open_log_file and log_file_name functions Remove deprecated/unused "packet" type Un-deprecate anonymizer BIFs Un-deprecate file rotation functions	2019-07-01 01:14:29 -07:00
Johanna Amann	8d5b7007ec	Merge remote-tracking branch 'origin/topic/jsiwek/gh-380-bypass-caf-spinlock-problems' * origin/topic/jsiwek/gh-380-bypass-caf-spinlock-problems: Switch default CAF scheduler policy to work sharing	2019-07-01 00:53:07 -07:00
Johanna Amann	85cd38a3e1	Update 3rdparty submodule. This updates sqlite to 3.28.0. Fixes GH-448 [nomail]	2019-07-01 00:47:08 -07:00
Jon Siwek	5b64c35185	Switch default CAF scheduler policy to work sharing It may generally be better for our default use-case, as workers may save a few percent cpu utilization as this policy does not have to use any polling like the stealing policy does. This also helps avoid a potential issue with the implementation of spinlocks used in the work-stealing policy in current CAF versions, where there's some conditions where lock contention causes a thread to spin for long periods without relinquishing the cpu to others.	2019-06-28 16:34:33 -07:00
Zeke Medley	f47390f66a	Merge branch 'master' of https://github.com/zeek/zeek into topic/zeke/closures	2019-06-28 16:22:18 -07:00
Seth Hall	9795782ecb	Merge pull request #324 from zeek/topic/jsiwek/gh-320 Improve RFB (VNC) protocol parsing	2019-06-28 17:27:16 -04:00
Jon Siwek	b6c4aa7d2e	Merge branch 'master' of https://github.com/spacepatcher/zeek * 'master' of https://github.com/spacepatcher/zeek: Add Windows Minidump file signature	2019-06-28 12:11:17 -07:00
Jon Siwek	bc77b65b0a	Merge remote-tracking branch 'origin/topic/johanna/gh-214-notice-on-workers' * origin/topic/johanna/gh-214-notice-on-workers: Change notices to be processed on worker. Fixes GH-214	2019-06-28 11:51:04 -07:00
Seth Hall	e3b080c741	Fixed a small issue due to the name changes	2019-06-28 14:49:57 -04:00
Zeke Medley	cadc1ab403	Merge branch 'master' of https://github.com/zeek/zeek into topic/zeke/closures	2019-06-28 09:46:15 -07:00
Alexander Bolshakov	1759205930	Add Windows Minidump file signature This signature is relevant for process dumps on Windows that could be extracted by various tools. The unencrypted transmission of the dump of a critical system process (for example, lsass.exe) via network would be detected by this rule.	2019-06-28 14:43:38 +03:00
Jon Siwek	430f9a92c6	GH-443: fix uses of timestamp 0 in cluster diagnostic logs For broker.log and cluster.log: there was a race condition. A worker's first IOSource that it processes is potentially Broker if there were no packets available yet and thread scheduling happens to work out such that network connections (inside CAF threads) become established before we enter the main I/O loop. Such peering establishments would generate logs with timestamp 0 as there was not yet any code path taken that would update network_time. For reporter.log: any non-worker (packet-processing) node would just unnecessarily use a timestamp of 0 for their reporter messages.	2019-06-27 23:00:42 -07:00
Jon Siwek	7b56925b77	Updating submodule(s). [nomail]	2019-06-27 18:54:29 -07:00
Jon Siwek	7d2d63551d	Improve deprecation warning messages	2019-06-27 18:36:27 -07:00
Jon Siwek	0edc7c6cbb	Remove deprecated DNS events - dns_full_request - non_dns_request	2019-06-27 18:30:48 -07:00
Jon Siwek	7dc3fca754	Remove BackDoor analyzer	2019-06-27 18:25:43 -07:00
Jon Siwek	a940cf3fb5	Remove InterConn analyzer	2019-06-27 18:05:32 -07:00
Jon Siwek	a520433636	Remove deprecated/unused irc_servers option	2019-06-27 17:48:01 -07:00
Jon Siwek	e9fefa6501	Remove deprecated print_hook event	2019-06-27 17:43:20 -07:00
Jon Siwek	5343924eb9	Remove dead code: dump_used_event_handlers	2019-06-27 17:43:20 -07:00
Jon Siwek	2655a65331	Remove unused software_version_found events - software_version_found - software_unparsed_version_found - software_parse_error	2019-06-27 17:43:20 -07:00
Jon Siwek	bfd037989b	Remove deprecated open_log_file and log_file_name functions	2019-06-27 17:43:20 -07:00
Jon Siwek	b635cc240b	Remove deprecated/unused "packet" type	2019-06-27 17:43:20 -07:00
Jon Siwek	88ffe06004	Un-deprecate anonymizer BIFs	2019-06-27 17:43:20 -07:00
Jon Siwek	ea43c154cf	Un-deprecate file rotation functions - rotate_file - rotate_file_by_name - calc_next_rotate These still have use-cases even though no longer used for our logging functionality. E.g. rotate_file_by_name may be used to rotate pcap dump files. Also the log_rotate_base_time option was marked deprecated, but still used in the new logging framework.	2019-06-27 16:13:22 -07:00
Zeke Medley	fef8aeb123	Merge branch 'master' of https://github.com/zeek/zeek into topic/zeke/closures	2019-06-27 14:39:08 -07:00
Zeke Medley	28253b24f9	Table defaults capture closures.	2019-06-27 14:38:38 -07:00
Jon Siwek	dafc44e8b9	Merge remote-tracking branch 'origin/topic/johanna/gh-375-remove-brofile-cache' * origin/topic/johanna/gh-375-remove-brofile-cache: Remove the BroFile cache Fixes GH-375	2019-06-27 12:09:31 -07:00
Jon Siwek	4a6977ba5b	Merge remote-tracking branch 'origin/topic/johanna/stringval-from-stdstring' * origin/topic/johanna/stringval-from-stdstring: Fix creating a StringVal from std::string.	2019-06-27 10:13:31 -07:00
Robin Sommer	b9538045d5	Updating submodule.	2019-06-27 16:58:00 +00:00
Johanna Amann	5052dc03fc	Remove the BroFile cache GH-375	2019-06-26 16:32:18 -07:00
Zeke Medley	d7a73c270d	Merge branch 'master' of https://github.com/zeek/zeek into topic/zeke/closures	2019-06-26 15:15:19 -07:00

... 56 57 58 59 60 ...

11634 commits