Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-07 17:18:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
zeek/scripts/policy/misc
History
Jon Siwek 35827eeb31 Add rate-limiting sampling mechanism for weird events 
The generation of weird events, by default, are now rate-limited
according to these tunable options:

  - Weird::sampling_whitelist
  - Weird::sampling_threshold
  - Weird::sampling_rate
  - Weird::sampling_duration

The new get_reporter_stats() BIF also allows one to query the
total number of weirds generated (pre-sampling) which the new
policy/misc/weird-stats.bro script uses periodically to populate
a weird_stats.log.

There's also new reporter BIFs to allow generating weirds from the
script-layer such that they go through the same, internal
rate-limiting/sampling mechanisms:

  - Reporter::conn_weird
  - Reporter::flow_weird
  - Reporter::net_weird

Some of the code was adapted from previous work by Johanna Amann.
2018-07-26 19:57:36 -05:00
..
detect-traceroute Allow logging filters to inherit default path from stream. 2015-03-19 14:49:55 -05:00
capture-loss.bro More stats improvements 2016-01-07 16:20:24 -05:00
dump-events.bro Merge branch 'topic/robin/event-dumper' 2013-12-04 12:13:07 -08:00
load-balancing.bro Merge topic/actor-system throug a squashed commit. 2018-05-18 22:39:23 +00:00
loaded-scripts.bro Merge remote-tracking branch 'origin/topic/johanna/bit-1691' 2016-09-27 11:39:43 -07:00
profiling.bro Fix typos and formatting in the other policy docs 2013-10-21 02:37:00 -05:00
scan.bro Remove unneeded Broxygen comments in scan.bro. 2013-11-05 10:54:05 -06:00
stats.bro Fix minor typos in documentation of various scripts 2016-11-11 14:08:17 -06:00
trim-trace-file.bro Fix typos and formatting in the other policy docs 2013-10-21 02:37:00 -05:00
weird-stats.bro Add rate-limiting sampling mechanism for weird events 2018-07-26 19:57:36 -05:00