Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-03 23:28:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
4439 commits 384 branches 195 tags 258 MiB
Commit graph

12 commits

Author SHA1 Message Date
Daniel Thayer
5a0e3dda7e Fix typos and formatting in the notice framework docs 2013-10-22 09:16:29 -05:00
Seth Hall
00eeadf2f5 Complete removal of the old table based notice policy mechanism. 2013-03-06 09:44:25 -05:00
Seth Hall
9f8ba408ba Updates for the notices framework. 
- Moved the Notice::notice event and Notice::policy table to both be hooks.

 - Renamed the old Notice::policy to Notice::policy_table and documented it as deprecated.
 2013-02-11 14:36:14 -05:00
Jon Siwek
290c2a0b4d Make const variables actually constant. Addresses #922. 
Both local and global variables declared with "const" could be modified,
but now expressions that would modify them should generate an error
message at parse-time.
 2012-12-13 15:05:29 -06:00
Jon Siwek
53d9832d5a Fix a problem with non-manager cluster nodes applying Notice::policy. 
This could, for example, result in duplicate emails being sent (one from
manager and one from worker) if Notice::emailed_types is redef'd in
local.bro (or any script that gets loaded on all cluster nodes).

The problem was that Notice::policy is used to populate the internal
Notice::ordered_policy vector in a priority 10 bro_init handler (in
scripts/base/frameworks/notice/main.bro) and then that is what is used
when applying policy to notices.  In order for
scripts/base/frameworks/notice/cluster.bro to prevent Notice::policy
from being used on non-manager nodes, it needs to clear it in a
bro_init hander of higher priority than 10.
 2012-10-04 16:45:56 -05:00
Seth Hall
c561a44326 Fixed a problem where cluster workers were still processing notices in some cases. 2012-04-26 10:45:28 -04:00
Jon Siwek
a543ebbea5 Add more notice framework documentation. 2011-12-14 10:05:52 -06:00
Seth Hall
9602e6e2f3 Fixed the "identifier is not exported" error. 2011-10-07 02:51:40 -04:00
Seth Hall
aa9fdf38bb Clean up to cluster framework to make event handling clearer. 
- Fixed a bug where notices were being passed to proxies.
  This was a mistake and should greatly reduce load on
  many clusters.

- Cluster event regex variables renamed to:
  - Notice::manager2worker_events
  - Notice::manager2proxy_events
  - Notice::worker2manager_events
  - Notice::worker2proxy_events
  - Notice::proxy2manager_events
  - Notice::proxy2worker_events

- The default Notice::policy set is cleared for all cluster
  nodes except for managers to cause all default notice
  processing to occur on managers.  This should reduce load
  on workers slightly.
 2011-10-04 11:57:50 -04:00
Robin Sommer
c9b9bab473 Merge remote-tracking branch 'origin/topic/seth/notice-suppression' 
* origin/topic/seth/notice-suppression:
  Updated a notice related baseline and added a necessary @load line.
  Notice suppression clean up and notice/cluster integrtion fixes.
  Updates for notice suppression to use the &create_expire attribute
  Small, mostly cosmetic updates and fixing a test.
  Fix crash on exit (addresses #607).
  Duplicate notice suppression.

Closes #623.
 2011-09-22 19:20:34 -07:00
Seth Hall
664500226e Updated a notice related baseline and added a necessary @load line. 2011-09-20 12:19:22 -04:00
Seth Hall
412cdb16a0 Notice suppression clean up and notice/cluster integrtion fixes. 
- Worker raised notices are printed a single time by the manager now.

- Cluster/notices integration cleaned up.

- New tests for cluster/notice integration.

- Notice suppression fixes and tests.
 2011-09-19 12:05:13 -04:00