- Metrics now work on cluster deployments with no caveats. It should be
completely transparent. Intermediate updates to speed some detection
will come later.
* origin/topic/jsiwek/autodoc-fixes:
Update doc sources and touch up a few script comments.
Fixes for script auto-documentation.
Conflicts:
scripts/base/frameworks/logging/main.bro
If possible the list elements now get promoted to the yield type of the
vector. There was also a problem with the value returned by the record
constructor expression's eval being completely unref'd since the vector
element assignment function doesn't ref the element -- so I changed it
to ref values if they just constructed before assigning them to the
vector.
Addresses #485.
Attributes have state to track whether they're in a record and should
apply to a record field, but this state wasn't being set for TypeDecls
that are part of a redef'd record.
Closes#460
When not reporting via events, the final contents of the message buffer
after formatting was being used as a format string to fprintf instead of
writing out the actual string.
It seems these errors aren't Bro's fault, and in any case it's clearly
not an internal error. This should finally solve the problem in #255.
Closes#255.
The function's code is rendered as ASCII and included as a string.
Closes#506.
Note that I'm not sure if the formatting is as desired: should the LFs
and tabs be rendered as \xXX or removed?.
- New ACTION_ADD_GEODATA to add geodata to notices in an extension
field named remote_location.
- Loading extend-email/hostnames by default now that it only
does anything when the ACTION_EMAIL action is applied (finally).
- While updating, I did some further work on the branch.
- New function in the base/utils/files for extracting filenames
from content-dispositions.
- New script for entity excerpt extraction if you aren't interested
in full extraction. The data goes a log field too.
- Some renaming and reorganization of types.
- Updated tests to work with new code.
* origin/topic/jsiwek/smtp-refactor:
Make the doc.coverage test happy.
SMTP script refactor. (addresses #509)
Conflicts:
doc/scripts/DocSourcesList.cmake
policy/protocols/smtp/__load__.bro
policy/protocols/smtp/base/__load__.bro
- Metrics API is much more similar to the Logging framework's API now.
- Filters define all output and metrics collection now.
- Initial attempt at thresholding and generating notices.
* test-all.bro renamed to test-all-policy.bro because it lists
only the optional scripts now.
* A new test that checks that the default config loads everything
in base/*/
* A new test that runs bare mode but loads all optional policy
scripts (which fails horribly right now ...)
* A new loaded_scripts test for the bare mode.
- Fixing the parts of the `make restdoc` and `make doc` process that were
broken by the last Bro script re-organization
- Generated documentation for Bro scripts derived from BiFs now use the
original BiF source file as the "original source file" link
- Renaming of the internal POLICYDEST definition and other misc places that
refer to "policy" scripts; that terminology doesn't make total sense now
- Added a documentation blacklist reminder test that will fail if there's
scripts that are blacklisted from being documentated because they're still
in progress
- Some minor Bro script changes to fix small @load dependency errors
Addresses #543
* topic/robin/rotation-pp:
Adding a default_path_func that makes the default naming scheme script-level controlled.
Reworking logging's postprocessor logic.
Conflicts:
scripts/base/frameworks/logging/main.bro
testing/btest/policy/frameworks/logging/rotate-custom.bro
The communication subsystem is now disabled until a new BiF,
enable_communication(), is called. The base scripts do this
automatically when either a Communication::Node is defined, or Bro is
asked to listen for incoming connections.
- bro.init was renamed to base/init-bare.bro and base/all.bro
was renamed to init-default.bro.
- To run in "bare mode" with only the init-bare.bro and no other
scripts from base/, use either -b or --bare-mode.
- The environment variable to run in "bare mode" has been removed.
