mirror of
https://github.com/zeek/zeek.git
synced 2025-10-07 00:58:19 +00:00
35827eeb31
The generation of weird events, by default, are now rate-limited according to these tunable options: - Weird::sampling_whitelist - Weird::sampling_threshold - Weird::sampling_rate - Weird::sampling_duration The new get_reporter_stats() BIF also allows one to query the total number of weirds generated (pre-sampling) which the new policy/misc/weird-stats.bro script uses periodically to populate a weird_stats.log. There's also new reporter BIFs to allow generating weirds from the script-layer such that they go through the same, internal rate-limiting/sampling mechanisms: - Reporter::conn_weird - Reporter::flow_weird - Reporter::net_weird Some of the code was adapted from previous work by Johanna Amann. |
||
|---|---|---|
| .. | ||
| files | ||
| frameworks | ||
| misc | ||
| protocols | ||
| utils | ||
| init-bare.bro | ||
| init-default.bro | ||
| init-frameworks-and-bifs.bro | ||