Jon Siwek 35827eeb31 Add rate-limiting sampling mechanism for weird events ... The generation of weird events, by default, are now rate-limited according to these tunable options: - Weird::sampling_whitelist - Weird::sampling_threshold - Weird::sampling_rate - Weird::sampling_duration The new get_reporter_stats() BIF also allows one to query the total number of weirds generated (pre-sampling) which the new policy/misc/weird-stats.bro script uses periodically to populate a weird_stats.log. There's also new reporter BIFs to allow generating weirds from the script-layer such that they go through the same, internal rate-limiting/sampling mechanisms: - Reporter::conn_weird - Reporter::flow_weird - Reporter::net_weird Some of the code was adapted from previous work by Johanna Amann.		2018-07-26 19:57:36 -05:00
..
attributes.rst	Clarifications to the script reference docs	2015-09-07 03:35:23 -05:00
directives.rst	Update script language reference documentation	2015-05-30 01:35:55 -05:00
file-analyzers.rst	Integrate new Broxygen functionality into Sphinx.	2013-11-21 14:34:32 -06:00
index.rst	Merge remote-tracking branch 'origin/topic/jdopheid/BIT-1242'	2014-10-07 14:35:19 -07:00
log-files.rst	Add rate-limiting sampling mechanism for weird events	2018-07-26 19:57:36 -05:00
notices.rst	A couple documentation fixes.	2013-11-21 15:59:07 -06:00
operators.rst	Merge remote-tracking branch 'origin/topic/dnthayer/ticket1947'	2018-06-27 20:27:34 -05:00
packages.rst	Integrate new Broxygen functionality into Sphinx.	2013-11-21 14:34:32 -06:00
proto-analyzers.rst	Integrate new Broxygen functionality into Sphinx.	2013-11-21 14:34:32 -06:00
scripts.rst	Integrate new Broxygen functionality into Sphinx.	2013-11-21 14:34:32 -06:00
statements.rst	Add documentation for some new Bro features	2018-06-26 14:38:24 -05:00
types.rst	Merge remote-tracking branch 'origin/topic/vern/case-insensitive-patterns'	2018-07-16 16:04:38 -05:00