Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-11 11:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
No description
1207 commits 387 branches 195 tags 271 MiB
Find a file
Seth Hall a7f6e4c582 Adding metrics framework intermediate updates. 
- Since each host in a cluster has it's own view of the metrics
  the only time the manager would get a chance for a global view
  is the break_interval.  This update improves that time.  If a
  worker crosses 10% of the full threshold, it will send it's
  value to the manager which can then ask the rest of the cluster
  for a global view.  The manager then adds all of the values for
  each workers metric indexes together and will do the notice
  if it crosses the threshold so that it isn't dependent on
  waiting for the break interval to hit.  This functionality
  works completely independently of the break_interval too.  Logging
  will happen as normal.

- Small update for SSH bruteforcer detection to match additions in
  the metrics framework API.

- The hope is that this update is mostly invisible from anyone's
  perspective.  The only affect it should have on users is to better
  the detection of metric values crossing thresholds on cluster
  deployments.
2011-08-21 00:32:00 -04:00
aux Fixing ref'counting problem. 2011-08-15 20:56:59 -07:00
cmake Install example config files dynamically. 2011-07-29 17:29:57 -05:00
doc Update doc sources and touch up a few script comments. 2011-08-13 09:45:42 -05:00
pkg Packaging tweaks and rewrite of 'dist' target. 2011-05-20 17:08:59 -05:00
policy.old Merge remote branch 'origin/topic/robin/reporting' 2011-07-01 13:59:21 -07:00
scripts Adding metrics framework intermediate updates. 2011-08-21 00:32:00 -04:00
src Reclassifying more DNS manager errors. 2011-08-15 21:10:30 -07:00
testing Adding metrics framework intermediate updates. 2011-08-21 00:32:00 -04:00
.gitignore New Makefile wrapper in top-level directory. 2010-11-26 15:31:00 -08:00
.gitmodules New submodule location. 2011-03-11 18:33:44 -08:00
bro-path-dev.in Fixes for script auto-documentation. 2011-08-08 19:50:45 -05:00
CHANGES Merge remote-tracking branch 'origin/topic/jsiwek/autodoc-fixes' 2011-08-13 12:09:13 -07:00
CMakeLists.txt Merge remote-tracking branch 'origin/topic/jsiwek/autodoc-fixes' 2011-08-13 12:09:13 -07:00
config.h.in Fix unnecessary config.h preprocessor (re)definitions. 2011-04-11 16:59:07 -05:00
configure Fixes for script auto-documentation. 2011-08-08 19:50:45 -05:00
COPYING Cleanup of the Bro distribution. 2010-11-26 13:45:54 -08:00
INSTALL Test. Closes #499 2011-07-19 21:54:17 -04:00
Makefile Packaging tweaks and rewrite of 'dist' target. 2011-05-20 17:08:59 -05:00
README Cleanup of the Bro distribution. 2010-11-26 13:45:54 -08:00
VERSION Merge remote-tracking branch 'origin/topic/jsiwek/autodoc-fixes' 2011-08-13 12:09:13 -07:00

README 

This is release 1.6 of Bro, a system for detecting network intruders in
real-time using passive network monitoring.

Please see the file INSTALL for installation instructions and
pointers for getting started. For more documentation, see the
documentation on Bro's home page:

    http://www.bro-ids.org/docs

The main parts of Bro's documentation are also available in the doc/
directory of the distribution. (Please note that the documentation
is still a work in progress; there will be more in future releases.)

Numerous other Bro-related publications, including a paper describing the
system, can be found at

    http://www.bro-ids.org/publications.html

Send comments, etc., to the Bro mailing list, bro@bro-ids.org.
However, please note that you must first subscribe to the list in
order to be able to post to it.

- Vern Paxson & Robin Sommer, on behalf of the Bro development team

Lawrence Berkeley National Laboratory
University of California, Berkeley  USA

ICSI Center for Internet Research (ICIR)
International Computer Science Institute
Berkeley, CA  USA
vern@icir.org / robin@icir.org