* origin/topic/awelzel/zeekctl-multiple-loggers:
NEWS: Add entry for ZeekControl and multi-loggers
Bump zeekctl to multi-logger version
logging: Support rotation_postprocessor_command_env
* Mask VLAN ID from tp_vlan_tci field to fix vlan > 4095 reported by Zeek
when PCP and/or DEI bits are set.
* Descriptive error message when interface is down. Instead of
"Invalid argument", Zeek now reports "interface is down".
* Performance improvements for the Redis Log::log_stream_policy example
around PortVal wrapping and caching field offsets for property lookups.
* Debug output is now channeled through PLUGIN_DBG_LOG() and available via
zeek -B plugin-Zeek-JavaScript instead of unconditionally on stderr.
* Reduced CMake output when Node.js isn't found
zeek.on('zeek_init', () => {
console.log('Hello, Zeek!');
});
For interaction with external systems and HTTP APIs, JavaScript and the
Node.js ecosystem beat Zeek script. Make it more easily accessible by
including ZeekJS with Zeek directly.
When a recent enough libnode version is found on the build system, ZeekJS is
added as a builtin plugin. This behavior can be disabled via
``--disable-javascript``. Linux distributions providing such a package are
Ubuntu (22.10) and Debian (testing/bookworm) as libnode-dev.
Fedora provides it as nodejs-devel.
This plugin takes over loading of .js or .cjs files. When no such files
are provided to Zeek, Node and the V8 engine are not initialized and
should not get into the way.
This should be considered experimental.
This fixes a build failure with GCC 13. It's meant as a short-term fix to avoid
the failure in Zeek, but probably should be fixed more correctly upstream in
the Spicy repo.
This should work now. It affects only the toolchain libraries
`libhilti`/`libspicy`. the runtime libraries `libhilti-rt` and
`libspicy-rt` are always built static (but they are small). Zeek
itself doesn't link against the toolchain anymore now anyways, but a
number of the Spicy tools do.
Note, we have an issue with Broker I believe: it looks like it always
overrides BUILD_SHARED_LIBS to `OFF`
Addresses #2675.
As initial examples, this branch ports the Syslog and Finger analyzers
over. We leave the old analyzers in place for now and activate them
iff we compile without any Spicy.
Needs `zeek-spicy-infra` branches in `spicy/`, `spicy-plugin/`,
`CMake/`, and `zeek/zeek-testing-private`.
Note that the analyzer events remain associated with the Spicy plugin
for now: that's where they will show up with `-NN`, and also inside
the Zeekygen documentation.
We switch CMake over to linking the runtime library into the plugin,
vs. at the top-level through object libraries.
