Base64 encoding-errors during authentication in POP3 analyzer,
authentication in FTP analyzer (using GSI) and basic
authentication on HTTP will be logged to Weird.
Updated the install section for FreeBSD and OS X.
Added a section to explain how to quickly test that everything is
setup correctly.
Improved the usage section by removing the misleading record definition
(a link to the reference doc is provided), and explaining that some
fields will be uninitialized.
Corrected the example so that it doesn't try to access uninitialized
fields.
Base64Converter now uses a connection directly, instead of an analyzer
redirecting to the underlying connection for reporting to Weird. The new
built-in functions en-/decode_base64_intern make use of this to send
encoding-errors to Weird instead of Reporter.
According to the documentation, using the empty string as alphabet in
the built-in functions, will use the default alphabet. Therefore the
built-in functions can now use default arguments and
en-/decode_base64_custom is deprecated.
The tests have been updated accordingly.
Switching from using the http_all_headers() event to
http_message_done(). That delays it a bit, but is the less expensive
event.
* 'topic/jgras/flash-detection' of https://github.com/J-Gras/bro:
Updated detection of Flash and AdobeAIR.
This commit introduces a new hook, HookAddToAnalyzerTree, which
allows plugins to add a new analyzer to the analyzer tree during
analyzer tree creation. This hook is necessary to support the
TCPRS plugin.
Additionally, the order in which the scripts were loaded has been
changed to address a problem with undefined variable errors due
to load order issues.
Signed-off-by: James Swaro <james.swaro@gmail.com>
* 'master' of https://github.com/aaronmbr/bro:
Copy-paste issue
Allow for logging of the VLAN data about a connection in conn.log
Save the inner vlan in the Packet object for Q-in-Q setups
