mirror of
https://github.com/zeek/zeek.git
synced 2025-10-13 12:08:20 +00:00
697b2748f5
This commit rewrites the way that weirds are logged and fixes a number of issues on the way. Most prominently, flow weirds now actually log information about the flow that they occur in (before this change, they only logged the name of the weird, which is only marginally helpful). Besides restructuring how weird logging works internally, weirds can now also be generated by calling Weird::weird with the info record directly, allowing more fine-granular passing of information. This is e.g. used for DNS weirds, which do not have the connection record available any more when they are generated (before data like the connection ID was just not logged in these instances). Addresses BIT-1578 |
||
|---|---|---|
| .. | ||
| actions | ||
| extend-email | ||
| __load__.bro | ||
| cluster.bro | ||
| main.bro | ||
| non-cluster.bro | ||
| README | ||
| weird.bro | ||
The notice framework enables Bro to "notice" things which are odd or potentially bad, leaving it to the local configuration to define which of them are actionable. This decoupling of detection and reporting allows Bro to be customized to the different needs that sites have.