mirror of
https://github.com/zeek/zeek.git
synced 2025-10-08 17:48:21 +00:00
91 lines
2.9 KiB
Text
91 lines
2.9 KiB
Text
|
|
Release Notes
|
|
=============
|
|
|
|
This document summarizes the most important changes in the current Bro
|
|
release. For a complete list of changes, see the ``CHANGES`` file.
|
|
|
|
|
|
Bro 2.1
|
|
-------
|
|
|
|
- Dependencies:
|
|
|
|
* Bro now requires CMake >= 2.6.3.
|
|
|
|
- Bro now supports IPv6 out of the box; the configure switch
|
|
--enable-brov6 is gone.
|
|
|
|
- DNS name lookups performed by Bro now also query AAAA records. The
|
|
results of the A and AAAA queries for a given hostname are combined
|
|
such that at the scripting layer, the name resolution can yield a
|
|
set with both IPv4 and IPv6 addresses.
|
|
|
|
- The connection compressor was already deprecated in 2.0 and has now
|
|
been removed from the code base.
|
|
|
|
- We removed the "match" statement, which was no longer used by any of
|
|
the default scripts, nor was it likely to be used by anybody anytime
|
|
soon. With that, "match" and "using" are no longer reserved keywords.
|
|
|
|
- The syntax for IPv6 literals changed from "2607:f8b0:4009:802::1012"
|
|
to "[2607:f8b0:4009:802::1012]".
|
|
|
|
TODO: Extend.
|
|
|
|
Bro 2.0
|
|
-------
|
|
|
|
As the version number jump suggests, Bro 2.0 is a major upgrade and
|
|
lots of things have changed. We have assembled a separate upgrade
|
|
guide with the most important changes compared to Bro 1.5 at
|
|
http://www.bro-ids.org/documentation/upgrade.html. You can find
|
|
the offline version of that document in ``doc/upgrade.rst.``.
|
|
|
|
Compared to the earlier 2.0 Beta version, the major changes in the
|
|
final release are:
|
|
|
|
* The default scripts now come with complete reference
|
|
documentation. See
|
|
http://www.bro-ids.org/documentation/index.html.
|
|
|
|
* libz and libmagic are now required dependencies.
|
|
|
|
* Reduced snaplen default from 65535 to old default of 8192. The
|
|
large value was introducing performance problems on many
|
|
systems.
|
|
|
|
* Replaced the --snaplen/-l command line option with a
|
|
scripting-layer option called "snaplen". The new option can also
|
|
be redefined on the command line, e.g. ``bro -i eth0
|
|
snaplen=65535``.
|
|
|
|
* Reintroduced the BRO_LOG_SUFFIX environment variable that the
|
|
ASCII logger now respects to add a suffix to the log files it
|
|
creates.
|
|
|
|
* The ASCII logs now include further header information, and
|
|
fields set to an empty value are now logged as ``(empty)`` by
|
|
default (instead of ``-``, which is already used for fields that
|
|
are not set at all).
|
|
|
|
* Some NOTICES were renamed, and the signatures of some SSL events
|
|
have changed.
|
|
|
|
* bro-cut got some new capabilities:
|
|
|
|
- If no field names are given on the command line, we now pass
|
|
through all fields.
|
|
|
|
- New options -u/-U for time output in UTC.
|
|
|
|
- New option -F to give output field separator.
|
|
|
|
* Broccoli supports more types internally, allowing to send
|
|
complex records.
|
|
|
|
* Many smaller bug fixes, portability improvements, and general
|
|
polishing across all modules.
|
|
|
|
|
|
|