Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-08 09:38:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
9059 commits 385 branches 195 tags 262 MiB
Commit graph

9059 commits

This branch
This branch
All branches
Author SHA1 Message Date
Johanna Amann
3ef14000f3 Make elasticsearch orphaned instead of deprecated. 
Addresses BIT-1617
 2016-09-26 10:33:13 -07:00
Johanna Amann
48f505f706 Fix a debugger bug where it would not support statements like print(3). 
This is a manual merge of a branch of Vlad Grigorescu.

BIT-1703 #merged
 2016-09-26 10:17:12 -07:00
Johanna Amann
068c49a3d3 Normalize http host in seen script. 
This changes the behavior to be just like in the base scripts.

Addresses BIT-1695
 2016-09-22 16:52:59 -07:00
Johanna Amann
038dfa6273 Actually check if the number of fields in a write are equal to the 
number of fields required.

Addresses BIT-1683

I do not think this quite fixes the underlying issue of BIT-1683 - it
should not be possible to get to this state in normal operations.

Also fixes a small memory leak for disabled writers.
 2016-09-22 16:43:37 -07:00
Jan Grashoefer
8c024ca094 Handle removing non-existent intel items. 
The intel framework raises a reporter info on removing non-existent
intel items. An according test case has been added.

Fixes #1679.
 2016-09-21 00:37:38 +02:00
Justin Azoff
c74218568a Ensure that the notice uid field is filled in. 2016-09-19 22:11:31 -04:00
Robin Sommer
0bc4a5ea52 Updating submodule(s). 
[nomail]
 2016-09-19 17:18:38 -07:00
Robin Sommer
51b1c6470e Merge branch 'master' of git.bro.org:bro 2016-09-19 17:15:12 -07:00
Robin Sommer
2bf4c2072c Merging topic/vladg/bit-1681. 
(Note this a "manual" merge: I've copied just the two relevant *pac
files over, as there were a bunch of independent commits in the branch
history that I didn't want to pull in.)

BIT-1681 #merged
 2016-09-19 17:04:44 -07:00
Jan Grashoefer
cb53a930a2 Separated file and default info added to matches. 2016-09-20 02:04:15 +02:00
Johanna Amann
46aafdc87b Merge branch 'patch-4' of https://github.com/moshekaplan/bro 
* 'patch-4' of https://github.com/moshekaplan/bro:
  Clarified string documentation
 2016-09-19 15:28:39 -07:00
Johanna Amann
b00e9ba338 Merge branch 'patch-6' of https://github.com/moshekaplan/bro 
* 'patch-6' of https://github.com/moshekaplan/bro:
  Update init-bare.bro
 2016-09-19 15:23:12 -07:00
Moshe Kaplan
f8587e643a Update init-bare.bro 2016-09-15 12:28:17 -04:00
Moshe Kaplan
ca46edbb42 Clarified string documentation 2016-09-14 15:15:56 -04:00
Johanna Amann
57da2d091b Merge remote-tracking branch 'origin/topic/dnthayer/ticket1690' 
* origin/topic/dnthayer/ticket1690:
  Added another missing fclose in scan.l
  Added a missing fclose in scan.l

BIT-1690 #merged
 2016-09-06 07:37:31 -07:00
Daniel Thayer
520ed43eae Added another missing fclose in scan.l 
If someone uses an "@unload" directive in a bro script, then Bro
was neglecting to close the file.
 2016-08-31 16:30:10 -05:00
Daniel Thayer
b3a7d07e66 Added a missing fclose in scan.l 
On OS X, Bro was failing to startup without first using the "ulimit -n"
command to increase the allowed number of open files (OS X has a much
lower default limit than Linux or FreeBSD).
 2016-08-31 14:07:44 -05:00
Seth Hall
2cfe2c292d Fix an event from the file extraction analyzer. 
The "file_extraction_limit" event was passing a Files::AnalyzerArgs
record as an "any" type.  This is not right at the least and may
have been causing a crash for a user at worst.
 2016-08-28 21:30:42 -04:00
Seth Hall
8015e35747 Fix a crash when a user disables DCE_RPC and enabled SMB. 
I wasn't accounting for analyzers being disabled and not actually
instantiating when requested.  This includes a test which
verifies there is no crash or problem when a user disables DCE_RPC.
 2016-08-28 21:28:57 -04:00
Johanna Amann
ec0ffc5452 Update submodule 
[nomail]
 2016-08-22 15:41:46 -07:00
Johanna Amann
1f2dc28bf7 Update submodule 
[nomail]
 2016-08-19 07:58:46 -07:00
Johanna Amann
2e5e811a9c Merge branch 'patch-2' of https://github.com/moshekaplan/bro 
* 'patch-2' of https://github.com/moshekaplan/bro:
  Update events.bif

This slightly clarifies the explanation of the mime_entity_data event.
 2016-08-19 07:52:35 -07:00
Johanna Amann
46b67b92ee Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Update NEWS
 2016-08-19 07:38:33 -07:00
Johanna Amann
077a5cbda8 Remove old ack_above_hole event from scripts. 
Fixes BIT-1673
 2016-08-19 07:26:34 -07:00
Daniel Thayer
e8bfa49f69 Update NEWS 
Corrected some typos, fixed some reST formatting, and added some more
useful info.
 2016-08-19 00:46:49 -05:00
Moshe Kaplan
c5b82cb9b4 Update events.bif 2016-08-18 12:43:20 -04:00
Johanna Amann
058e378ced Update local-compat test for 2.5 2016-08-17 10:38:18 -07:00
Johanna Amann
fbddd0b554 Updating CHANGES and VERSION. 2016-08-17 09:28:34 -07:00
Johanna Amann
4238f67900 Update submodules 
[nomail]
 2016-08-17 09:25:49 -07:00
Johanna Amann
04fa937129 And update one last test baseline 2016-08-17 09:19:44 -07:00
Johanna Amann
55f99c0da9 Fix sphinx build errors 2016-08-17 09:16:16 -07:00
Justin Azoff
f9b3f739e4 Move lookup_addr when statement 
Move the when statement to a function so that the connection record is
not in scope. Cloning a connection record is an expensive operation and
this avoids it and this avoids it.
 2016-08-17 10:41:41 -04:00
Seth Hall
eebd896f63 Change failure in utf16_bytestring_to_utf8_val to be a conn weird. 
Whenever we saw errors in UTF16->UTF8 conversion before, we would
get a reporter message with no connection information.  Now we
get a weird attached to a connection so that debugging these
problems will hopefully be a bit easier in the future.
 2016-08-17 00:57:49 -04:00
Johanna Amann
cf548e9302 Fix test failure caused by uninitialized memory. 2016-08-16 17:05:18 -07:00
Johanna Amann
fd54892da3 SMB: fix rounding error due to value truncation when converting timestamps. 2016-08-16 16:02:44 -07:00
Johanna Amann
ff114709db Merge remote-tracking branch 'origin/topic/jazoff/bit-1649' 
* origin/topic/jazoff/bit-1649:
  Track outstanding_global_views updates by uid
  Also track recent_global_view_keys on manager

BIT-1649 #merged
 2016-08-16 12:11:09 -07:00
Johanna Amann
5d8da0b182 Address coverity errors. 2016-08-16 11:16:50 -07:00
Johanna Amann
e3e3fdfb9d Merge remote-tracking branch 'origin/bro-config' 
* origin/bro-config:
  Add 'bro-config' script.

BIT-1669 #merged
 2016-08-15 17:05:25 -07:00
Johanna Amann
ed3447acaa Fix one more format error found by gcc 5.3.1 2016-08-15 16:54:22 -07:00
Johanna Amann
0d706bcccd add certificate to external list for debian 8. 
The OpenSSL on debian 8 refuses to validate one connection; everyone
else can. The easiest fix is to add the CA certificate to the root list.
Once debian has a newer version of OpenSSL, we should be able to remove
it again.
 2016-08-15 16:47:44 -07:00
Johanna Amann
a467f593de KRB: fix field value missing error for msg$client_name. 
Reported by giesiger on IRC.
 2016-08-15 16:05:10 -07:00
Johanna Amann
bfdce4d419 Add argument checking to a few more printf-style calls. 2016-08-15 15:34:27 -07:00
Johanna Amann
697b68ab01 One more small serialization format fix to make gcc 4.9 happy. 2016-08-15 15:20:14 -07:00
Jon Siwek
c29cd54618 Add 'bro-config' script. 2016-08-15 14:45:29 -05:00
Seth Hall
5c0d8c649a Tiny SMB cleanup. 
Pipe handling is done by derived fields and there was a left
over check in the event generating event.
 2016-08-15 11:15:51 -04:00
Seth Hall
c06dca3565 Fixes for NTLM. 
- Attempted fix for some NTLM handling fixes that were leading
   to DPD errors.
 - Added some status codes to the list of auth failure status codes.
 2016-08-14 01:31:07 -04:00
Johanna Amann
a2c8f8a9b6 More format specifier cleanup 2016-08-12 15:54:39 -07:00
Johanna Amann
c464cf78dd Fix a number of format errors when using debug macros. 2016-08-12 15:42:02 -07:00
Johanna Amann
1889f409e9 Change timings of intel expire-item test. 
Seems to be stable on slow systems with this.
 2016-08-12 13:10:04 -07:00
Johanna Amann
33c85895b8 Make netcontrol cluster test stable. 
It now consistently works for me.
 2016-08-12 11:39:34 -07:00