zeek-dev March 2014

zeek-dev@lists.zeek.org

247 discussions

[Bro-Dev] [JIRA] (BIT-1169) topic/jsiwek/parse-only

by Robin Sommer (JIRA)

[ https://bro-tracker.atlassian.net/browse/BIT-1169?page=com.atlassian.jira.p… ] Robin Sommer updated BIT-1169: ------------------------------ Resolution: Merged (was: Fixed) Status: Closed (was: Merge Request) > topic/jsiwek/parse-only > ----------------------- > > Key: BIT-1169 > URL: https://bro-tracker.atlassian.net/browse/BIT-1169 > Project: Bro Issue Tracker > Issue Type: New Feature > Components: Bro > Affects Versions: git/master > Reporter: Jon Siwek > Fix For: 2.3 > > > Adds a {{--parse-only}} option to Bro to exit right after parsing scripts w/ an appropriate exit status. > Justin had a vim plugin for checking syntax by running the edited script through bro. This option helps tools like that not have to do their own cleanups of log files or other things bro may create if it actually gets a chance to run. -- This message was sent by Atlassian JIRA (v6.3-OD-01-067#6307)

7 years, 9 months

[Bro-Dev] [JIRA] (BIT-1159) type checking inconsistencies

by Robin Sommer (JIRA)

[ https://bro-tracker.atlassian.net/browse/BIT-1159?page=com.atlassian.jira.p… ] Robin Sommer updated BIT-1159: ------------------------------ Resolution: Merged (was: Fixed) Status: Closed (was: Merge Request) > type checking inconsistencies > ----------------------------- > > Key: BIT-1159 > URL: https://bro-tracker.atlassian.net/browse/BIT-1159 > Project: Bro Issue Tracker > Issue Type: Problem > Components: Bro > Affects Versions: git/master, 2.2 > Reporter: Justin Azoff > Assignee: Jon Siwek > Priority: Low > Labels: language > Attachments: signature.asc, signature.asc > > > If you try to compare a count to a port directly, you get the following: > {code} > operands must be of the same type (1500/tcp < 2000) > {code} > but if you have a record, and mixup the types like so, it silently fails: > {code} > type PortRange: record { > min: port &default=1/tcp; > max: port &default=65535/tcp; > }; > global pr = PortRange($min=1000,$max=2000); > #CORRECT: global pr = PortRange($min=1000/tcp,$max=2000/tcp); > event bro_init() > { > print (pr$min <= 1500/tcp && 1500/tcp < pr$max) ? "OK" : "NOTOK"; > } > {code} > {code} > $ bro a.bro > NOTOK > {code} -- This message was sent by Atlassian JIRA (v6.3-OD-01-067#6307)

7 years, 9 months

[Bro-Dev] [JIRA] (BIT-1160) Update cluster documentation

by Robin Sommer (JIRA)

[ https://bro-tracker.atlassian.net/browse/BIT-1160?page=com.atlassian.jira.p… ] Robin Sommer updated BIT-1160: ------------------------------ Resolution: Merged (was: Fixed) Status: Closed (was: Merge Request) > Update cluster documentation > ---------------------------- > > Key: BIT-1160 > URL: https://bro-tracker.atlassian.net/browse/BIT-1160 > Project: Bro Issue Tracker > Issue Type: Problem > Components: Bro, BroControl > Affects Versions: git/master > Reporter: Bernhard Amann > Assignee: Daniel Thayer > Labels: documentation > Fix For: 2.3 > > Attachments: signature.asc > > > We should update the Cluster documentation, if possible before releasing 2.3. > I set up a Bro cluster for the first time yesterday - and when you look at the current state at the documentation it is not very useful... > ...for example it contains things like (link to an example for the config) in the text. Furthermore it does not really mention how to actually configure Bro for a cluster, there is no mention of node.cfg, etc. -- This message was sent by Atlassian JIRA (v6.3-OD-01-067#6307)

7 years, 9 months

[Bro-Dev] [JIRA] (BIT-1150) X509 updates

by Robin Sommer (JIRA)

[ https://bro-tracker.atlassian.net/browse/BIT-1150?page=com.atlassian.jira.p… ] Robin Sommer commented on BIT-1150: ----------------------------------- Merged, but leaving open as CHANGES still needs an update. > X509 updates > ------------ > > Key: BIT-1150 > URL: https://bro-tracker.atlassian.net/browse/BIT-1150 > Project: Bro Issue Tracker > Issue Type: Problem > Components: Bro > Reporter: Robin Sommer > Assignee: Robin Sommer > Fix For: 2.3 > > Attachments: signature.asc > > -- This message was sent by Atlassian JIRA (v6.3-OD-01-067#6307)

7 years, 9 months

[Bro-Dev] [JIRA] (BIT-1170) merge topic/bernhard/sumstats-read-expire

by Robin Sommer (JIRA)

[ https://bro-tracker.atlassian.net/browse/BIT-1170?page=com.atlassian.jira.p… ] Robin Sommer updated BIT-1170: ------------------------------ Resolution: Merged (was: Fixed) Status: Closed (was: Merge Request) > merge topic/bernhard/sumstats-read-expire > ----------------------------------------- > > Key: BIT-1170 > URL: https://bro-tracker.atlassian.net/browse/BIT-1170 > Project: Bro Issue Tracker > Issue Type: Problem > Components: Bro > Affects Versions: git/master > Reporter: Bernhard Amann > Fix For: 2.3 > > > topic/bernhard/sumstats-read-expire changes the &create_expire attributes in the sumstats framework to &read_expire. > I talked to Seth about it and Justin tested the modification for about a day - it seems to get rid of some error messages for him. -- This message was sent by Atlassian JIRA (v6.3-OD-01-067#6307)

7 years, 9 months

[Bro-Dev] [JIRA] (BIT-1172) Add uid field to the signatures log stream

by Robin Sommer (JIRA)

[ https://bro-tracker.atlassian.net/browse/BIT-1172?page=com.atlassian.jira.p… ] Robin Sommer updated BIT-1172: ------------------------------ Status: Merge Request (was: Open) > Add uid field to the signatures log stream > ------------------------------------------ > > Key: BIT-1172 > URL: https://bro-tracker.atlassian.net/browse/BIT-1172 > Project: Bro Issue Tracker > Issue Type: Patch > Components: Bro > Affects Versions: git/master > Environment: Tested on Debian wheezy and Security Onion > Reporter: Anthony Verez > Attachments: 0001-add-uid-field-to-the-signatures-log-stream.patch > > > This patchs adds a uid field (conn) to the signatures log stream. > I wanted to have that to analyze connections that triggered a signature match. > Thanks, > Anthony Verez -- This message was sent by Atlassian JIRA (v6.3-OD-01-067#6307)

7 years, 9 months

[Bro-Dev] [JIRA] (BIT-1150) X509 updates

by Robin Sommer (JIRA)

[ https://bro-tracker.atlassian.net/browse/BIT-1150?page=com.atlassian.jira.p… ] Robin Sommer updated BIT-1150: ------------------------------ Status: Reopened (was: Closed) > X509 updates > ------------ > > Key: BIT-1150 > URL: https://bro-tracker.atlassian.net/browse/BIT-1150 > Project: Bro Issue Tracker > Issue Type: Problem > Components: Bro > Reporter: Robin Sommer > Assignee: Robin Sommer > Fix For: 2.3 > > Attachments: signature.asc > > -- This message was sent by Atlassian JIRA (v6.3-OD-01-067#6307)

7 years, 9 months

[Bro-Dev] [JIRA] (BIT-1168) Add Java version to software framework

by Robin Sommer (JIRA)

[ https://bro-tracker.atlassian.net/browse/BIT-1168?page=com.atlassian.jira.p… ] Robin Sommer updated BIT-1168: ------------------------------ Status: Merge Request (was: Open) > Add Java version to software framework > -------------------------------------- > > Key: BIT-1168 > URL: https://bro-tracker.atlassian.net/browse/BIT-1168 > Project: Bro Issue Tracker > Issue Type: Patch > Components: Bro > Affects Versions: 2.2 > Reporter: Brian Little > Priority: Low > Labels: framework, java, software > Attachments: bro-java-software.patch > > > A small patch to add Java into the list of Mozilla user agents searched for (parse_mozilla function). This is useful for the vulnerable software check. -- This message was sent by Atlassian JIRA (v6.3-OD-01-067#6307)

7 years, 9 months

[Bro-Dev] [JIRA] (BIT-1142) SNMP Analysis

by Robin Sommer (JIRA)

[ https://bro-tracker.atlassian.net/browse/BIT-1142?page=com.atlassian.jira.p… ] Robin Sommer commented on BIT-1142: ----------------------------------- I'm fine merging this but I would then still like to have an snmp.log for 2.3 ... > SNMP Analysis > ------------- > > Key: BIT-1142 > URL: https://bro-tracker.atlassian.net/browse/BIT-1142 > Project: Bro Issue Tracker > Issue Type: New Feature > Components: BinPAC, Bro > Affects Versions: git/master > Reporter: Jon Siwek > Assignee: Seth Hall > Fix For: 2.3 > > > /topic/jsiwek/snmp in bro, binpac, and bro-testing-private adds support for parsing SNMP datagrams. It's only absent a snmp.log. > Seth, do you mind taking a look at what might make sense for a default snmp.log? I'm guessing it might look similar in concept to dns.log. A difference is I'm not sure how meaningful raw OID to value mappings will be. > The code is in a merge-able state as it is in the branch/repos I mentioned, and IMO, has value even without a default snmp.log. So if you just want to flip to a merge request and postpone thinking up an snmp.log for later, I think that's fine, too. -- This message was sent by Atlassian JIRA (v6.3-OD-01-067#6307)

7 years, 9 months

[Bro-Dev] [JIRA] (BIT-1150) X509 updates

by Bernhard Amann (JIRA)

[ https://bro-tracker.atlassian.net/browse/BIT-1150?page=com.atlassian.jira.p… ] Bernhard Amann commented on BIT-1150: ------------------------------------- Does this work as a short summary? I think it should be the gist of it... Rework and move X509 certificate processing from the SSL protocol analyzer to a dedicated file analyzer. This will allow us to examine X509 certificates from sources other than SSL in the future. Furthermore, we now parse more fields and extensions from the certificates (e.g. elliptic curve information, subject alternative names, basic constraints). Certificate validation also was improved, should be easier to use and exposes information like the full verified certificate chain. Note - this update changes the output of ssl.log, adds a new x509.log with certificate information. Furthermore all x509 events and handling functions changed. > X509 updates > ------------ > > Key: BIT-1150 > URL: https://bro-tracker.atlassian.net/browse/BIT-1150 > Project: Bro Issue Tracker > Issue Type: Problem > Components: Bro > Reporter: Robin Sommer > Assignee: Robin Sommer > Fix For: 2.3 > > Attachments: signature.asc > > -- This message was sent by Atlassian JIRA (v6.3-OD-01-067#6307)

7 years, 9 months

Jump to page:

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

zeek-dev March 2014