mirror of
https://github.com/zeek/zeek.git
synced 2025-10-06 16:48:19 +00:00
b22ca5d0a3
Notable changes: - libmagic is no longer used at all. All MIME type detection is done through new Bro signatures, and there's no longer a means to get verbose file type descriptions (e.g. "PNG image data, 1435 x 170"). The majority of the default file magic signatures are derived from the default magic database of libmagic ~5.17. - File magic signatures consist of two new constructs in the signature rule parsing grammar: "file-magic" gives a regular expression to match against, and "file-mime" gives the MIME type string of content that matches the magic and an optional strength value for the match. - Modified signature/rule syntax for identifiers: they can no longer start with a '-', which made for ambiguous syntax when doing negative strength values in "file-mime". Also brought syntax for Bro script identifiers in line with reality (they can't start with numbers or include '-' at all). - A new Built-In Function, "file_magic", can be used to get all file magic matches and their corresponding strength against a given chunk of data - The second parameter of the "identify_data" Built-In Function can no longer be used to get verbose file type descriptions, though it can still be used to get the strongest matching file magic signature. - The "file_transferred" event's "descr" parameter no longer contains verbose file type descriptions. - The BROMAGIC environment variable no longer changes any behavior in Bro as magic databases are no longer used/installed. - Reverted back to minimum requirement of CMake 2.6.3 from 2.8.0 (it's back to being the same requirement as the Bro v2.2 release). The bump was to accomodate building libmagic as an external project, which is no longer needed. Addresses BIT-1143. |
||
|---|---|---|
| .. | ||
| _static | ||
| _templates | ||
| broids | ||
| cluster | ||
| components | ||
| ext | ||
| frameworks | ||
| httpmonitor | ||
| images | ||
| install | ||
| intro | ||
| logs | ||
| mimestats | ||
| quickstart | ||
| script-reference | ||
| scripting | ||
| .gitignore | ||
| broxygen.conf.in | ||
| CMakeLists.txt | ||
| conf.py.in | ||
| index.rst | ||
| LICENSE | ||
| README | ||
Documentation ============= This directory contains Bro documentation in reStructuredText format (see http://docutils.sourceforge.net/rst.html). It is the root of a Sphinx source tree and can be modified to add more common/general documentation, style sheets, JavaScript, etc. The Sphinx config file is produced from ``conf.py.in``, and can be edited to change various Sphinx options. There is also a custom Sphinx domain implemented in ``source/ext/bro.py`` which adds some reST directives and roles that aid in generating useful index entries and cross-references. Other extensions can be added in a similar fashion. The ``make doc`` target in the top-level Makefile can be used to locally render the reST files into HTML. That target depends on: * Python interpreter >= 2.5 * `Sphinx <http://sphinx.pocoo.org/>`_ >= 1.0.1 After completion, HTML documentation is symlinked in ``build/html``. There's also a ``make docclean`` target which deletes any files created during the documentation build process. Notes for Writing Documentation ------------------------------- * If you want to refer to a document that's part of the distribution, it currently needs to be copied or otherwise symlinked somewhere in to this Sphinx source tree. Then, it can be referenced in a toc tree or with the :doc: role. Use the :download: role to refer to static files that will not undergo sphinx rendering. * If you want to refer to a page on the Bro web site, use an HTTP URL. Guidelines ---------- TODO.