Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-05 08:08:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
16824 commits 385 branches 195 tags 258 MiB
Commit graph

676 commits

Author SHA1 Message Date
Bernhard Amann
29f56b4986 continue finetuning of interface + adjust tests. 
streaming + re-reading do not seem to work completely correctly + there are still some strange random crashes.
 2012-03-16 23:43:13 -07:00
Bernhard Amann
e59aed6ce3 for seth - reverse order of event arguments 2012-03-16 08:31:19 -07:00
Bernhard Amann
842f635695 give EventDescripion field back to events 2012-03-16 08:10:28 -07:00
Bernhard Amann
367c4b4a7e make raw reading work. 
apparently there was a crash in the reader plugin, but main bro did not notice but waited for eternity for it do to something.
 2012-03-16 07:53:29 -07:00
Bernhard Amann
57ffe1be77 completely change interface again. 
compiles, not really tested.

basic test works 70% of the time, coredumps in the other 30 - but was not easy to debug on a first glance (most interestingly the crash happens in the logging framework - I wonder how that works).
Other tests are not adjusted to the new interface yet.
 2012-03-15 18:41:51 -07:00
Bernhard Amann
cd78005d09 Merge remote-tracking branch 'origin/master' into topic/bernhard/input-threads 2012-03-07 13:43:48 -08:00
Robin Sommer
9b83591374 Merge remote-tracking branch 'origin/topic/robin/parallel-btest' 
* origin/topic/robin/parallel-btest:
  Updating submodule(s).
  Adding group "comm" to communication tests for parallelizing execution with new btest version.

This is in preparation for the merge with the parallel btest branch.

Conflicts:
	cmake
	testing/btest/istate/pybroccoli.py
	testing/btest/scripts/base/frameworks/control/configuration_update.bro
	testing/btest/scripts/base/frameworks/control/id_value.bro
	testing/btest/scripts/base/frameworks/control/shutdown.bro
	testing/btest/scripts/base/frameworks/metrics/basic-cluster.bro
 2012-02-29 17:17:25 -08:00
Bernhard Amann
d553a3c6f6 fix strange bug when using predicates and events at the same time on a tablefilter. 
Testcase is now more involved.
 2012-02-23 15:30:39 -08:00
Bernhard Amann
93fac7a4be fix one of the bugs seth found in the input framework. 
(bug in PutTable when the table contained only one element and that element should not be wrapped into a record)
 2012-02-22 10:46:35 -08:00
Bernhard Amann
7e5f733826 raw input reader for seth, which can simply read a file into string-events given a line separator. 2012-02-22 09:44:45 -08:00
Bernhard Amann
edd30da082 better testcase & fix a few bugs (that took way too long to find). 2012-02-20 15:30:21 -08:00
Bernhard Amann
4126b458ca Automatic file re-refresh and streaming works. 
* simple testcase for file refresh (check for changes) and streaming reads
* add events for simple put and delete operations
* fix bugs in table filter events (type for first element was wrong)
* and I think a couple of other small bugs
 2012-02-20 13:18:15 -08:00
Bernhard Amann
91943c2655 * rework script interface, add autostart stream flag that starts up a stream automatically when first filter has been added ( probably the most common use case ) 
* change internal reader interface again
* remove some quite embarassing bugs that must have been in the interface for rather long
* add different read methods to script & internal interface (like normal, streaming, etc). Not implemented in ascii reader yet.
 2012-02-16 15:03:20 -08:00
Bernhard Amann
88233efb2c It works. Even including all unit tests. 
But: there are still a few places where I am sure that there are race conditions & memory leaks & I do not really like the current interface & I have to add a few more messages between the front and backend.

But - it works :)
 2012-02-13 22:29:55 -08:00
Bernhard Amann
4e868d282d Merge branch 'topic/bernhard/log-threads' into topic/bernhard/input-threads 2012-02-13 02:37:02 -08:00
Seth Hall
2cd88ee4f6 Merge remote-tracking branch 'origin/topic/bernhard/software' 
* origin/topic/bernhard/software:
  change software framework interface again. At the moment everything should worl.
  start reworking interface of software framework. working apart from detect-webapps.bro, which direcly manipulates a no longer available interface...
  after talking to seth - change host_a field in record back to host.
  forgotten policy files.
  Software framework stores ports for server software.
 2012-02-03 16:17:04 -05:00
Bernhard Amann
eacdffff90 Merge remote-tracking branch 'origin/master' into topic/bernhard/software 
Conflicts:
	scripts/base/frameworks/software/main.bro
	scripts/policy/protocols/ftp/software.bro
 2012-01-20 12:51:58 -08:00
Bernhard Amann
92050af947 Merge remote-tracking branch 'origin/master' into topic/bernhard/input 2012-01-20 12:03:54 -08:00
Jon Siwek
ec6560a6ed Make communication log baseline test more reliable. 2012-01-13 16:06:44 -06:00
Bernhard Amann
5bef49d625 Merge remote-tracking branch 'origin/master' into topic/bernhard/input 
Conflicts:
	src/parse.y
 2012-01-05 01:11:13 -08:00
Seth Hall
f8ec98625d Merge remote-tracking branch 'origin/topic/robin/pp-alarms' 
* origin/topic/robin/pp-alarms:
  The silliest, tiniest little whitespace fixes.
  Update missing in last commit to this branch.
  Adding test for alarm mail.
  Tuning the pretty-printed alarms output.
 2012-01-04 13:41:28 -05:00
Jon Siwek
eeceb14c1a Merge branch 'master' into fastpath 2011-12-20 11:45:50 -06:00
Bernhard Amann
59967d40ac Merge remote-tracking branch 'origin/master' into topic/bernhard/input 
Conflicts:
	src/LogMgr.cc
	src/LogMgr.h
 2011-12-19 12:36:53 -08:00
Jon Siwek
578cd06176 Increase timeout interval of communication-related btests. 
This may help clear up some transient test failures on the NMI testbed.
 2011-12-19 13:12:02 -06:00
Robin Sommer
3220bbce55 Merge remote branch 'origin/topic/jsiwek/log-escaping' 
* origin/topic/jsiwek/log-escaping:
  Add missing ascii writer options to log header.
  Escape the ASCII log's set separator (addresses #712)
  Rewrite ODesc character escaping functionality. (addresses #681)

Closes #712.
 2011-12-19 06:37:54 -08:00
Bernhard Amann
dcc7fe3c38 start reworking interface of software framework. working apart from detect-webapps.bro, which direcly manipulates a no longer available interface... 2011-12-09 16:47:58 -08:00
Bernhard Amann
311cd1b116 after talking to seth - change host_a field in record back to host. 2011-12-08 14:25:46 -08:00
Bernhard Amann
7e3ebc1817 forgotten policy files. 2011-12-07 15:03:36 -08:00
Bernhard Amann
9f32f68a13 make test more robust. 2011-12-06 10:50:36 -08:00
Bernhard Amann
4a690484ec make port annotation work and ascii input reader way more rebust with better error messages. 2011-12-06 10:42:37 -08:00
Bernhard Amann
949ec6897a Merge remote-tracking branch 'origin/master' into topic/bernhard/localnet 2011-12-03 20:15:05 -08:00
Robin Sommer
f59c766858 Portability fix for new patch. 2011-12-02 17:00:08 -08:00
Robin Sommer
1e45910b25 Merge remote-tracking branch 'origin/topic/jsiwek/bro-log-suffix' 
* origin/topic/jsiwek/bro-log-suffix:
  Teach LogWriterAscii to use BRO_LOG_SUFFIX env. var. (addresses #704)

Closes #704.
 2011-12-02 16:52:18 -08:00
Jon Siwek
edc0a451f8 Teach LogWriterAscii to use BRO_LOG_SUFFIX env. var. (addresses #704) 2011-12-01 16:18:56 -06:00
Jon Siwek
0c8b5a712d Add a remote_log_peer event which contains an event_peer record param. 
Addresses #493.
 2011-12-01 14:07:08 -06:00
Robin Sommer
ebd15cf12e Fixing ASCII logger to escape the unset-field place-holder if written 
out literally.
 2011-11-29 17:01:47 -08:00
Bernhard Amann
a68e6b9fa4 allow sets to be read from files, convenience function for reading a file once, 
bug in destructor that could lead to a segfault.
 2011-11-29 15:05:09 -08:00
Bernhard Amann
4975584e01 change Log enum to Input enum. 2011-11-28 13:45:00 -08:00
Bernhard Amann
3c40f00a53 make filters pointers (for inheritance) 2011-11-22 16:09:13 -08:00
Bernhard Amann
3035eb2b21 fix a little bug that prevented several simultaneous filters from working. 2011-11-21 19:30:16 -08:00
Bernhard Amann
53af0544cc re-enable table events 2011-11-21 19:03:35 -08:00
Bernhard Amann
77a517f2b5 camel-casing for types 2011-11-21 15:45:27 -08:00
Bernhard Amann
92b3723b09 add very basic predicate test. 2011-11-21 15:36:03 -08:00
Bernhard Amann
18591b53d4 rename filter to tablefilter in preparation of event filters... 2011-11-21 15:20:52 -08:00
Bernhard Amann
f0e5303330 make want_record field for tablefilter work... 2011-11-21 15:09:00 -08:00
Bernhard Amann
029871e48c first test. 2011-11-20 13:42:02 -08:00
Robin Sommer
dacc019f1f Adding test for alarm mail. 
Can't test all the functionality, so skipping DNS lookup and the
actual mailing via sendmail.
 2011-11-15 08:51:48 -08:00
Seth Hall
320739e183 Updated/fixed MSIE version parsing in the software framework. 2011-10-25 09:30:06 -04:00
Jon Siwek
24f3eb7fc2 Fix test failure due to some platforms joining stderr/stdout differently. 2011-10-17 13:53:10 -05:00
Jon Siwek
556b88e322 Tweaking notice suppression disable and notice policy order tests. 
They should be less sensitive to script-layer changes now.
 2011-10-14 10:47:32 -05:00