Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-17 22:18:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
3907 commits 389 branches 198 tags 287 MiB
Commit graph

802 commits

Author SHA1 Message Date
Bernhard Amann
56ab9285a4 Merge remote-tracking branch 'origin/master' into topic/bernhard/topk 2013-05-13 21:03:23 -07:00
Bernhard Amann
6392acecd2 fix warnings, update baselines, handle rotation 2013-05-12 20:48:17 -07:00
Bernhard Amann
747ba68030 Merge remote branch 'origin/master' into topic/bernhard/sqlite 2013-05-12 20:47:55 -07:00
Bernhard Amann
70f3f4343a prevent merge-hook of sumstats unique plugin from damaging source data. 2013-05-07 11:16:59 -07:00
Jon Siwek
ec50cad9db Merge branch 'master' into topic/jsiwek/file-analysis 
Conflicts:
	scripts/base/protocols/ftp/main.bro
	src/OpaqueVal.h
	testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
	testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
 2013-05-06 10:21:16 -05:00
Bernhard Amann
663082e2d5 reservoir sampler. untested. 2013-05-05 11:19:53 -07:00
Bernhard Amann
6acbbe0231 Merge remote-tracking branch 'origin/master' into topic/bernhard/topk 2013-05-03 23:04:22 -07:00
Robin Sommer
8992dc6cff Merge remote-tracking branch 'origin/topic/bernhard/metrics-bug' 
* origin/topic/bernhard/metrics-bug:
  add comment for seth to make us not forget about the copy statements
  fix the fix (thanks seth)
  duct-tape fix of values not propagating after intermediate check in cluster environments.
  Fixing coverage.bare-mode-errors test.
 2013-05-02 12:47:36 -07:00
Bernhard Amann
2cfef36116 add comment for seth to make us not forget about the copy statements 2013-05-02 11:42:34 -07:00
Bernhard Amann
fe779575d5 fix the fix (thanks seth) 2013-05-02 11:38:40 -07:00
Bernhard Amann
d984243a77 duct-tape fix of values not propagating after intermediate check in cluster environments. 2013-05-02 11:34:33 -07:00
Robin Sommer
9d483b7e74 Fixing coverage.bare-mode-errors test. 2013-05-01 17:52:16 -07:00
Robin Sommer
9ea5a470e6 Fixing coverage.bare-mode-errors test. 2013-05-01 15:28:45 -07:00
Bernhard Amann
321dfadaab Merge remote-tracking branch 'origin/topic/robin/metrics-merge' into topic/bernhard/topk 2013-04-29 14:08:17 -07:00
Bernhard Amann
b968103c92 Merge remote-tracking branch 'origin/master' into topic/bernhard/sqlite 2013-04-28 22:06:34 -07:00
Bernhard Amann
07ecd31bbd in cluster settings, the resultvals can apparently 
been uninitialized in some special cases
 2013-04-28 21:21:22 -07:00
Robin Sommer
b9249ecf9d Layout tweaks for the sumstats code, and preliminary updates for NEWS. 
The layout changes are mostly whitespace and some comment rewrapping.
No functional changes.
 2013-04-28 15:35:21 -07:00
Bernhard Amann
166fc4765a Merge remote-tracking branch 'origin/topic/seth/metrics-merge' into topic/bernhard/topk 2013-04-25 13:21:18 -07:00
Seth Hall
48cbb31747 Added an automatic state limiter for threshold based SumStats. 2013-04-25 12:51:55 -04:00
Bernhard Amann
c0890f2a0f make size of topk-list configureable when using sumstats 2013-04-24 15:01:06 -07:00
Bernhard Amann
2f48008c42 implement merging for top-k. 
I am not (entirely) sure that this is mathematically correct, but
I am (more and more) getting the feeling that it... might be.

In any case - this was the last step and now it should work
in cluster settings.
 2013-04-24 06:17:51 -07:00
Bernhard Amann
de5769a88f topk for sumstats 2013-04-23 15:19:01 -07:00
Jon Siwek
f07760ba00 FileAnalysis: add is_orig field to fa_file & Info. 2013-04-23 10:50:43 -05:00
Seth Hall
08348b2bc2 Update to make Dir::monitor watch inodes instead of file names. 2013-04-22 21:53:00 -04:00
Seth Hall
035b668f73 Updates to use new input framework mechanism to execute command line programs. 2013-04-22 21:52:21 -04:00
Seth Hall
91362717da Renamed a plugin hook in sumstats framework. 2013-04-22 15:27:03 -04:00
Seth Hall
9574499382 Move loading variance back to where it should be alphabetically. 2013-04-22 14:15:37 -04:00
Seth Hall
8f987e5066 Fix a bug with path building in FTP. Came up when changing the path utils. 2013-04-22 14:15:20 -04:00
Jon Siwek
98f7907dbb FileAnalysis: optimize file handle construction. 
cat is slightly faster than fmt.
 2013-04-19 11:38:11 -05:00
Robin Sommer
aeddca6523 More API documentation. 2013-04-16 14:28:23 -07:00
Seth Hall
1cac89e4f8 SumStats test checkpoint. 2013-04-16 00:54:41 -04:00
Seth Hall
437815454d SumStats tests pass. 2013-04-15 15:28:11 -04:00
Seth Hall
fbe967e16a Checkpoint for SumStats rename. 2013-04-15 15:12:28 -04:00
Jon Siwek
037d582b0e FileAnalysis: add custom libmagic database. 
- It's derived from the magic database of libmagic 5.14, but with most
  everything not related to mime types removed.

- The custom database is always used by default for mime detection, but
  the more verbose file type detection will fall back on the default
  libmagic installation's database.  The result is: mime type strings
  are now guaranteed to be consistent across platforms, but the verbose
  file type descriptions are not.

- The custom database gets installed in $prefix/share/bro/magic, and
  should even be extensible if files with new patterns are added inside
  the directory.

- The search path for the mime magic database can be controlled via
  BROMAGIC environment variable.

- Remove mime_desc field from ftp.log.

- Stop using the mime/file type canonifier with unit tests.

- libmagic >= 5.04 is now a requirement.
 2013-04-12 11:58:19 -05:00
Seth Hall
8165d6077d Fix another occasional reporter error. 2013-04-12 11:20:45 -04:00
Seth Hall
e93fd69cf2 Small updates to hopefully correct reporter errors leading to lost memory. 2013-04-12 09:28:38 -04:00
Jon Siwek
b8c98b8bf7 FileAnalysis: change terminology s/action/analyzer 2013-04-11 14:53:54 -05:00
Jon Siwek
e81f2ae7b0 FileAnalysis: libmagic tweaks. 
Remove verbose file type detection and automatically strip out charset
from mime type.
 2013-04-11 13:11:46 -05:00
Jon Siwek
2fba37e277 FileAnalysis: add bif for setting timeout interval 2013-04-11 12:08:46 -05:00
Jon Siwek
e2fbee9054 FileAnalysis: add more params to some events. 2013-04-11 11:24:18 -05:00
Seth Hall
a615601269 Trying to fix a state maintenance issue. 2013-04-11 09:42:46 -04:00
Jon Siwek
2747e839fb FileAnalysis: insert explicit event queue flush points. 
And added an event called "event_queue_flush_point" to mark where that
occured in the event stream.  The FAF now uses an explicit event queue
flush instead of buffering input in order to wait for a file handle to
be returned from script-layer.
 2013-04-10 16:48:10 -05:00
Jon Siwek
d9321e2203 FileAnalysis: remove some file events. 
The file_new event now takes over the function of file_type, file_bof,
and file_bof_buffer.
 2013-04-10 14:34:23 -05:00
Jon Siwek
a2d9b47bcd FileAnalysis: finish switching hooks to events. 2013-04-10 11:13:43 -05:00
Jon Siwek
641154f8e8 FileAnalysis: checkpoint in middle of big reorganization. 
- FileAnalysis::Info is now just a record used for logging, the fa_file
  record type is defined in init-bare.bro as the analogue to a
  connection record.

- Starting to transfer policy hook triggers and analyzer results to
  events.
 2013-04-09 15:49:58 -05:00
Bernhard Amann
2cc1f82425 Merge remote-tracking branch 'origin/master' into topic/bernhard/thread-cleanup 2013-04-07 20:43:47 +02:00
Robin Sommer
1a30a57816 Porting syslog analyzer as another example. 
The diff to this commit shows what "porting" involves ...

This also adds a small test for syslog.
 2013-04-05 13:13:30 -07:00
Robin Sommer
bccaea6883 Adding options Analyzer::disable_all to disable all analyzers at 
startup.

One can then selectively enable the ones one wants inside a bro_init()
handler.
 2013-04-04 15:24:15 -07:00
Robin Sommer
bfda42b9e9 Removing legacy binpac analyzer for DNS and HTTP. 2013-04-03 13:40:45 -07:00
Jon Siwek
393d35dc60 Revert "FileAnalysis: optimize get_file_handle event queueing." 
This reverts commit fc267d010d.

There were some diffs caused by this in external test suites I'm
unsure about, I'm going to go over optimizations more closely in
a different branch.
 2013-04-03 09:49:39 -05:00