Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-04 15:48:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
2499 commits 385 branches 195 tags 258 MiB
Commit graph

2499 commits

This branch
This branch
All branches
Author SHA1 Message Date
Seth Hall
76a0b9ad3c Fixed some DPD signatures for IRC. Fixes ticket #311. 
- The larger issue from ticket 313 still stands.
 2011-12-10 22:33:49 -05:00
Seth Hall
6478b4acaf Removing Off_Port_Protocol_Found notice. 
- Other very small cleanup.
 2011-12-10 00:18:10 -05:00
Seth Hall
b1c891f857 Merge branch 'fastpath' of ssh://git.bro-ids.org/bro into fastpath 2011-12-10 00:13:49 -05:00
Seth Hall
00fb187927 SSH::Interesting_Hostname_Login cleanup. Fixes #664. 2011-12-10 00:13:37 -05:00
Bernhard Amann
dcc7fe3c38 start reworking interface of software framework. working apart from detect-webapps.bro, which direcly manipulates a no longer available interface... 2011-12-09 16:47:58 -08:00
Jon Siwek
8e89d78788 Add more cluster and communication framework documentation. 2011-12-09 17:31:47 -06:00
Seth Hall
ec721dffec Added is_orig fields to the SSL events and adapted script. 
- Added a field named $last_alert to the SSL log.  This doesn't even
  indicate the direction the alert was sent, but we need to start somewhere.

- The x509_certificate function has an is_orig field now instead of
  is_server and it's position in the argument list has moved.

- A bit of reorganization and cleanup in the core analyzer.
 2011-12-09 16:56:12 -05:00
Jon Siwek
2cf7bb5788 Teach Broxygen to more generally reference attribute values by name. 2011-12-09 15:39:31 -06:00
Jon Siwek
1f57827e54 Add more logging framework documentation. 2011-12-09 14:30:21 -06:00
Bernhard Amann
0313039977 log protocol in notices. 2011-12-08 14:44:45 -08:00
Bernhard Amann
311cd1b116 after talking to seth - change host_a field in record back to host. 2011-12-08 14:25:46 -08:00
Bernhard Amann
e0b7dc0451 fix compile warnings 2011-12-08 14:12:59 -08:00
Jon Siwek
6d3b29b0ec Add builtin type documentation, clean up format of attribute docs. 2011-12-08 15:55:38 -06:00
Seth Hall
3391270527 Fixed a really dumb bug that was causing the malware hash registry script to break. 2011-12-08 14:25:52 -05:00
Seth Hall
04e2773d30 Fixed some bugs with capturing data in the base DNS script. 2011-12-08 13:06:45 -05:00
Jon Siwek
80b24513e7 Fix Broxygen confusing scoped id at start of line as function parameter. 2011-12-07 17:08:38 -06:00
Bernhard Amann
7e3ebc1817 forgotten policy files. 2011-12-07 15:03:36 -08:00
Jon Siwek
5126b65493 Add reporter bif/framework documentation. 2011-12-07 16:54:40 -06:00
Jon Siwek
9ac338341e Merge branch 'master' into topic/script-reference 2011-12-07 15:47:29 -06:00
Bernhard Amann
94f53e3eb3 Merge branch 'topic/bernhard/log-send-proto' into topic/bernhard/input 
Conflicts:
	src/LogMgr.cc
	src/LogMgr.h

Also fixup Input framework to work with the changed definitions.
 2011-12-07 13:25:57 -08:00
Bernhard Amann
89a29c3d7d Merge remote-tracking branch 'origin/master' into topic/bernhard/input 2011-12-07 13:13:43 -08:00
Bernhard Amann
35fa52ea48 update baseline 2011-12-07 13:10:35 -08:00
Bernhard Amann
e114bdf627 make LogWriter output the type of data stored inside a set or vector. 
Now the type output is e.g. vector[string] instead of just vector.
 2011-12-07 13:04:46 -08:00
Bernhard Amann
4b3cc95f72 send enum instead of string 2011-12-07 12:43:15 -08:00
Bernhard Amann
a0da991030 memleak fix. 2011-12-07 12:21:42 -08:00
Bernhard Amann
ca17a1cf46 make logging framework send the protocol to the writer. 
for use in future writers, that have a special type for port, which includes the protocol.
 2011-12-07 12:21:38 -08:00
Bernhard Amann
707926aaa4 Software framework stores ports for server software. 2011-12-07 12:12:46 -08:00
Jon Siwek
ab315949d6 Remove remnant of libmagic optionality 2011-12-07 12:53:11 -06:00
Robin Sommer
f1e132cd1a Adding missing script. 2011-12-07 10:28:56 -08:00
Robin Sommer
3c2fa085d4 Adapting diff-all so that it expands globs in both current and 
baseline directory.

This way, it now spots if a Baseline file isn't produced anymore.

Closes #677.
 2011-12-07 10:03:44 -08:00
Robin Sommer
9295beda7f Stepping stone events aren't deprecated but internal. 2011-12-07 08:20:52 -08:00
Robin Sommer
9d5f79a0fa Updating submodule(s). 
[nomail]
 2011-12-06 11:49:49 -08:00
Robin Sommer
8ecbfb6284 Merge remote-tracking branch 'origin/topic/jsiwek/local-node-order' 
* origin/topic/jsiwek/local-node-order:
  Omit loading local-<node>.bro scripts from base cluster framework. The loading of these is better handled by BroControl and it seems odd to load them from a base/ script anyway since they'll contain site/policy specific code.
 2011-12-06 11:44:37 -08:00
Bernhard Amann
eb64eeedcd memleak fix. 2011-12-06 10:56:26 -08:00
Bernhard Amann
9f32f68a13 make test more robust. 2011-12-06 10:50:36 -08:00
Bernhard Amann
4a690484ec make port annotation work and ascii input reader way more rebust with better error messages. 2011-12-06 10:42:37 -08:00
Jon Siwek
ef2f3e7507 Fix some reST formatting issues in bro.bif that Sphinx complains about. 2011-12-06 10:08:44 -06:00
Jon Siwek
749e510fc7 Merge branch 'master' into topic/script-reference 
Conflicts:
	src/event.bif
 2011-12-06 09:37:13 -06:00
Bernhard Amann
aecbbdd966 make logging framework send the protocol to the writer. 
for use in future writers, that have a special type for port, which includes the protocol.
 2011-12-05 16:18:54 -08:00
Bernhard Amann
78b24da7e4 start support for annotation for log field types. 
commit before rolling part of it back...
 2011-12-05 15:02:03 -08:00
Jon Siwek
506a42638a Omit loading local-<node>.bro scripts from base cluster framework. 
The loading of these is better handled by BroControl and it seems
odd to load them from a base/ script anyway since they'll contain
site/policy specific code.

Addresses #663
 2011-12-05 13:02:39 -06:00
Bernhard Amann
949ec6897a Merge remote-tracking branch 'origin/master' into topic/bernhard/localnet 2011-12-03 20:15:05 -08:00
Robin Sommer
b449d5652d Merge remote-tracking branch 'remotes/origin/topic/robin/broccoli-connrec' 
* remotes/origin/topic/robin/broccoli-connrec:
  Adapting attribute serialization when talking to Broccoli.
 2011-12-03 15:57:39 -08:00
Robin Sommer
6943b3c4b1 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Changes to Broxygen master script package index
 2011-12-03 15:56:32 -08:00
Robin Sommer
ab1ac72d4b Updating submodule(s). 
[nomail]
 2011-12-03 14:45:02 -08:00
Matthias Vallentin
af9b072ddf Phew, half way through bro.bif documentation. 2011-12-02 21:28:08 -08:00
Robin Sommer
5a58053ef1 Updating submodule(s). 
[nomail]
 2011-12-02 17:19:47 -08:00
Robin Sommer
89f4e44f6a Updating submodule(s). 
[nomail]
 2011-12-02 17:11:44 -08:00
Robin Sommer
f59c766858 Portability fix for new patch. 2011-12-02 17:00:08 -08:00
Robin Sommer
1e45910b25 Merge remote-tracking branch 'origin/topic/jsiwek/bro-log-suffix' 
* origin/topic/jsiwek/bro-log-suffix:
  Teach LogWriterAscii to use BRO_LOG_SUFFIX env. var. (addresses #704)

Closes #704.
 2011-12-02 16:52:18 -08:00