mirror of
https://github.com/zeek/zeek.git
synced 2025-10-08 09:38:19 +00:00
64bc53e621
- Updates to cluster framework to finish the separation between broctl and bro - Extension technique for extending notice emails with extra content. - Deleting the connection record from notices after calling apply_policy. It may have been causing some load and memory issues from copying lots of data to other cluster members. This is a test to see if we are right about the memory trouble. - Abstracted some of the notice actions into separate scripts. - - Lots of small cleanup and fixes.
33 lines
No EOL
949 B
Text
33 lines
No EOL
949 B
Text
##! This script gives the capability to selectively enable and disable event
|
|
##! groups at runtime. No events will be raised for all members of a disabled
|
|
##! event group.
|
|
|
|
@load frameworks/control
|
|
|
|
module AnalysisGroups;
|
|
|
|
export {
|
|
## By default, all event groups are enabled.
|
|
## We disable all groups in this table.
|
|
const disabled: set[string] &redef;
|
|
}
|
|
|
|
# Set to remember all groups which were disabled by the last update.
|
|
global currently_disabled: set[string];
|
|
|
|
# This is the event that the control framework uses when it needs to indicate
|
|
# that an update control action happened.
|
|
event Control::configuration_update()
|
|
{
|
|
# Reenable those which are not to be disabled anymore.
|
|
for ( g in currently_disabled )
|
|
if ( g !in disabled )
|
|
enable_event_group(g);
|
|
|
|
# Disable those which are not already disabled.
|
|
for ( g in disabled )
|
|
if ( g !in currently_disabled )
|
|
disable_event_group(g);
|
|
|
|
currently_disabled = copy(disabled);
|
|
} |