Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-10 10:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
2499 commits 390 branches 195 tags 268 MiB
Commit graph

450 commits

Author SHA1 Message Date
Robin Sommer
3ac4ff6b42 Updates for log format changes. 2011-12-19 09:09:32 -08:00
Robin Sommer
a9f0b10e2e Updating baselines for recent commits. 2011-12-19 07:44:29 -08:00
Robin Sommer
01e4588737 Merge remote branch 'origin/topic/jsiwek/record-coerce-default' 
* origin/topic/jsiwek/record-coerce-default:
  Fix &default fields in records not being initialized in coerced assignments.

Closes #722.
 2011-12-19 06:54:32 -08:00
Robin Sommer
5ee605f244 Merge remote branch 'origin/topic/bernhard/log-set-description' 
* origin/topic/bernhard/log-set-description:
  update baseline
  make LogWriter output the type of data stored inside a set or vector.
 2011-12-19 06:39:02 -08:00
Robin Sommer
3220bbce55 Merge remote branch 'origin/topic/jsiwek/log-escaping' 
* origin/topic/jsiwek/log-escaping:
  Add missing ascii writer options to log header.
  Escape the ASCII log's set separator (addresses #712)
  Rewrite ODesc character escaping functionality. (addresses #681)

Closes #712.
 2011-12-19 06:37:54 -08:00
Robin Sommer
0a3e160a8d Merge remote branch 'origin/topic/seth/dns-updates' 
* origin/topic/seth/dns-updates:
  Fixed some bugs with capturing data in the base DNS script.
  Some updates to the base DNS script.

Closes #702.
 2011-12-18 15:20:00 -08:00
Robin Sommer
719557a05b Merge remote branch 'origin/fastpath' 
* origin/fastpath:
  Enable warnings for malformed Broxygen xref roles.
  Broxygen fix for function parameter recognition; better than 80b2451.
  Allow Broxygen markup "##<" for more general use.
 2011-12-18 15:10:49 -08:00
Jon Siwek
3b91df8cf5 Allow Broxygen markup "##<" for more general use. 2011-12-16 11:21:49 -06:00
Robin Sommer
4e17ef63f0 Merge remote branch 'origin/fastpath' 
* origin/fastpath:
  Fix missing action in notice policy for looking up GeoIP data.
  Better persistent state config warning messages (fixes #433).
  A few updates for SQL injection detection.
  Fixed some DPD signatures for IRC.  Fixes ticket #311.
  Removing Off_Port_Protocol_Found notice.
  SSH::Interesting_Hostname_Login cleanup.  Fixes #664.
  Teach Broxygen to more generally reference attribute values by name.
  Fixed a really dumb bug that was causing the malware hash registry script to break.
  Fix Broxygen confusing scoped id at start of line as function parameter.
  Remove remnant of libmagic optionality
 2011-12-16 02:36:43 -08:00
Jon Siwek
f302f2f3f2 Fix &default fields in records not being initialized in coerced assignments. 
Addresses #722
 2011-12-15 12:16:42 -06:00
Jon Siwek
80b24513e7 Fix Broxygen confusing scoped id at start of line as function parameter. 2011-12-07 17:08:38 -06:00
Bernhard Amann
35fa52ea48 update baseline 2011-12-07 13:10:35 -08:00
Bernhard Amann
9f32f68a13 make test more robust. 2011-12-06 10:50:36 -08:00
Bernhard Amann
4a690484ec make port annotation work and ascii input reader way more rebust with better error messages. 2011-12-06 10:42:37 -08:00
Bernhard Amann
949ec6897a Merge remote-tracking branch 'origin/master' into topic/bernhard/localnet 2011-12-03 20:15:05 -08:00
Robin Sommer
f59c766858 Portability fix for new patch. 2011-12-02 17:00:08 -08:00
Robin Sommer
03b7ebfb5b Merge remote-tracking branch 'origin/topic/jsiwek/fix-dns-double-free' 
* origin/topic/jsiwek/fix-dns-double-free:
  Fix double-free of DNS_Mgr_Request object (addresses #661)

Closes #661.
 2011-12-01 16:40:07 -08:00
Robin Sommer
df3ae4b30d Merge remote-tracking branch 'origin/topic/jsiwek/remote-log-peer' 
* origin/topic/jsiwek/remote-log-peer:
  Add a remote_log_peer event which contains an event_peer record param.

Closes #493.
 2011-12-01 16:02:11 -08:00
Jon Siwek
0c8b5a712d Add a remote_log_peer event which contains an event_peer record param. 
Addresses #493.
 2011-12-01 14:07:08 -06:00
Jon Siwek
2913a990c4 Merge branch 'master' into fastpath 2011-12-01 09:12:42 -06:00
Jon Siwek
9be652f8ff Rearrange packet filter and dpd documentation. 2011-11-30 10:13:20 -06:00
Seth Hall
bb47289bfa Some updates to the base DNS script. 
- Answers and TTLs are now vectors.

- The warning that was being generated (dns_reply_seen_after_done)
  from transaction ID reuse is fixed.

- Updated the single failing btest baseline.
 2011-11-30 10:19:41 -05:00
Robin Sommer
ebd15cf12e Fixing ASCII logger to escape the unset-field place-holder if written 
out literally.
 2011-11-29 17:01:47 -08:00
Bernhard Amann
3c40f00a53 make filters pointers (for inheritance) 2011-11-22 16:09:13 -08:00
Bernhard Amann
3035eb2b21 fix a little bug that prevented several simultaneous filters from working. 2011-11-21 19:30:16 -08:00
Bernhard Amann
53af0544cc re-enable table events 2011-11-21 19:03:35 -08:00
Bernhard Amann
92b3723b09 add very basic predicate test. 2011-11-21 15:36:03 -08:00
Bernhard Amann
bfe90199bd Merge remote-tracking branch 'origin/master' into topic/bernhard/input 2011-11-21 15:21:20 -08:00
Bernhard Amann
f0e5303330 make want_record field for tablefilter work... 2011-11-21 15:09:00 -08:00
Bernhard Amann
029871e48c first test. 2011-11-20 13:42:02 -08:00
Jon Siwek
305621672f Teach Broxygen the .. bro:see:: directive 2011-11-19 07:19:57 -06:00
Robin Sommer
0b8428d1bb Merge branch 'master' into topic/robin/pp-alarms 2011-11-17 15:26:15 -08:00
Jon Siwek
5227eb73c8 Teach Broxygen :bro:see: role for referencing any identifier in Bro domain. 2011-11-17 16:55:51 -06:00
Robin Sommer
8de3614afa Merge remote-tracking branch 'origin/topic/jsiwek/custom-b64-alphabet' 
* origin/topic/jsiwek/custom-b64-alphabet:
  Add decode_base64_custom BiF to allow alternate base64 alphabets.

Simplified the code a little bit.

Closes #670.
 2011-11-15 17:03:23 -08:00
Robin Sommer
dacc019f1f Adding test for alarm mail. 
Can't test all the functionality, so skipping DNS lookup and the
actual mailing via sendmail.
 2011-11-15 08:51:48 -08:00
Seth Hall
d14349a6f8 Merge remote-tracking branch 'origin/master' into fastpath 2011-11-14 16:06:44 -05:00
Seth Hall
b12d2c768e Tiny bugfix for http file extraction along with test. 2011-11-14 15:24:15 -05:00
Jon Siwek
5865bf3850 Add decode_base64_custom BiF to allow alternate base64 alphabets. 
Addresses #670
 2011-11-11 13:48:11 -06:00
Robin Sommer
9aef0c0f5a Fixing packet filter test. 
Adapting the IPv6 one as well, though I believe that's already
broken anyway ...
 2011-11-03 17:42:06 -07:00
Robin Sommer
5b79d2b15f Baseline updates. 
Also a small tweak to the genDocSourcesList.sh as I was seein
non-consistent output order.
 2011-10-26 15:27:03 -07:00
Seth Hall
098134d2fa Updated unit test baselines. 
- Some (all?) of the DNS servers aren't being detected
  anymore because the test tracefile isn't long enough.
  Logging servers is delayed a 5 minutes in case a better
  result comes in.
 2011-10-26 09:36:04 -04:00
Seth Hall
3d6d75b647 Updating test baselines for recent changes. 2011-10-25 14:51:32 -04:00
Seth Hall
320739e183 Updated/fixed MSIE version parsing in the software framework. 2011-10-25 09:30:06 -04:00
Robin Sommer
c8dfdb4492 Merge remote-tracking branch 'origin/topic/robin/interpreter-exceptions' 
* origin/topic/robin/interpreter-exceptions:
  Adding test for new error handling.
  Experimental code to better handle interpreter errors.

This seems to work fine and it catches some potentially nasty crashes
so I'm merging it in even though it's not the final word on error
handling yet. #646 tracks the work scheduled for later.
 2011-10-21 10:35:32 -07:00
Jon Siwek
24f3eb7fc2 Fix test failure due to some platforms joining stderr/stdout differently. 2011-10-17 13:53:10 -05:00
Jon Siwek
556b88e322 Tweaking notice suppression disable and notice policy order tests. 
They should be less sensitive to script-layer changes now.
 2011-10-14 10:47:32 -05:00
Robin Sommer
c81d428256 Adding test for new error handling. 2011-10-09 20:41:55 -07:00
Seth Hall
6d67f7830d Added to the likely_server_ports set for protocols with analyzers. 
- Updated some tests since Bro is getting the direction
  correct now.

- Updated BPF filter test since I added a few ports to IRC
  as well.
 2011-10-07 13:44:28 -04:00
Robin Sommer
1ae94aae33 Baseline updates for conn compressor change. 2011-10-07 08:39:44 -07:00
Robin Sommer
9af6c183d2 Updating baselines for recent commits. 2011-10-06 19:04:26 -07:00