#935: Enhance logging framework with a delay mechanism
----------------------+------------------------
Reporter: matthias | Owner: seth
Type: Task | Status: new
Priority: Normal | Milestone: Bro2.2
Component: Bro | Version: git/master
Keywords: |
----------------------+------------------------
The logging framework currently does not support a delay mechanism until a
desired asynchronous operations finishes. While there exist complicated
ad-hoc workarounds in the case of sending email notices and the notary
code, it would be nice to shield this complexity from the user.
To implement this feature, we could consider a special delay *filter*
which buffers records until they are acked. A user may want to customize
the buffering behavior by either specifying that record order matters or
that each acked record can be logged immediately. This would then
determine the buffering/flushing policy.
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/935>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
#928: Incorporate ICSI certificate notary into SSL logging
-------------------------------+------------------------
Reporter: matthias | Owner:
Type: Test Case Missing | Status: new
Priority: Normal | Milestone: Bro2.2
Component: Bro | Version: git/master
Keywords: |
-------------------------------+------------------------
This commit (i) adds support for delayed logging for SSL records, and (ii)
provides a new script notary.bro that interacts with the ICSI certificate
notary.
The delayed logging implementation takes the idea of delaying notices one
step further: it logs records in the order as they would normally occur by
buffering them until a specified maximum timeout (by default 15 seconds).
A user can delay a record by adding an opaque identifier, and is
responsible to remove the same identifier later to "undelay" the record,
allowing it to be flushed.
The notary script comes as a client application to this new interface. For
each leaf certificate in a chain sent by a server, the script computes the
SHA1 hash and queries the notary. As soon as the reply arrives, the script
enhances the SSL log record with the details from the notary response and
undelays the record. The notary script also caches DNS replies for an hour
after creation.
Due to the changing state of the notary, it is difficult to write a test
case for this script. Thus I'll just file it as a merge request, and would
appreciate if folks (in particular Seth :-) could have a look at it.
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/928>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
#937: topic/seth/sendpackets: A test program for sending packets through
Broccoli.
---------------------------+------------------------
Reporter: seth | Owner: robin
Type: Merge Request | Status: new
Priority: Normal | Milestone: Bro2.2
Component: Broccoli | Version: git/master
Keywords: |
---------------------------+------------------------
This was pulled from the timemachine repository. It fits better here.
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/937>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
#938: robin
----------------------+------------------------
Reporter: robin | Owner: seth
Type: Problem | Status: assigned
Priority: Normal | Milestone: Bro2.2
Component: Bro | Version: git/master
Resolution: | Keywords: robin
----------------------+------------------------
Changes (by robin):
* status: new => assigned
* reporter: seth => robin
* cc: robin (added)
* owner: => seth
* keywords: => robin
* type: Merge Request => Problem
Comment:
Did you run the tests? I see a number of them failing in all three sets
(btest and the two external)
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/938#comment:1>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
#478: Move BinPAC docs over to new server
----------------------------+--------------------
Reporter: robin | Owner: seth
Type: Problem | Status: new
Priority: Normal | Milestone: Bro1.6
Component: Website / Wiki | Version:
Keywords: |
----------------------------+--------------------
There's some BinPAC documentation in the old Wiki that we should move
over.
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/478>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker