zeek-dev March 2016

zeek-dev@lists.zeek.org

198 discussions

by Merge Tracker

Open Merge Requests =================== ID Component Reporter Assignee Updated For Version Priority Summary ------------ ----------- -------------- ------------ ---------- ------------- ---------- ------------------------------------------------------ BIT-1557 [1] Broccoli Daniel Thayer - 2016-03-21 2.5 Low broccoli code examples don't compile BIT-1547 [2] BroControl Justin Azoff Justin Azoff 2016-03-08 2.5 Normal broctl sets the same state variables over and over BIT-1528 [3] Bro Justin Azoff - 2016-03-24 2.5 Normal SNMP and SIP scans show up in known services. BIT-1507 [4] Bro Jan Grashoefer Seth Hall 2016-01-25 - Low Intel framework does not match mail addresses properly BIT-1498 [5] BroControl scampbell - 2016-03-11 2.5 Trivial add '-q' to ssh execution in ssh_runner.py Open GitHub Pull Requests ========================= Issue Component User Updated Title -------- ----------- --------------- ---------- ----------------------------------------------------------------------- #61 [6] bro aeppert [7] 2016-03-22 Add uid to smb_ntlm_authenticate [8] #60 [9] bro aeppert [10] 2016-03-22 Add uid to AuthInfo [11] #52 [12] bro J-Gras [13] 2016-01-18 Fixed matching mail address intel [14] #22 [15] bro-plugins nickwallen [16] 2016-03-23 BIT-1559 Bro-Plugins Send each log stream to different kafka topic [17] #18 [18] bro-plugins jshlbrd [19] 2016-03-03 SSDP analyzer [20] [1] BIT-1557 https://bro-tracker.atlassian.net/browse/BIT-1557 [2] BIT-1547 https://bro-tracker.atlassian.net/browse/BIT-1547 [3] BIT-1528 https://bro-tracker.atlassian.net/browse/BIT-1528 [4] BIT-1507 https://bro-tracker.atlassian.net/browse/BIT-1507 [5] BIT-1498 https://bro-tracker.atlassian.net/browse/BIT-1498 [6] Pull Request #61 https://github.com/bro/bro/pull/61 [7] aeppert https://github.com/aeppert [8] Merge Pull Request #61 with git pull --no-ff --no-commit https://github.com/aeppert/bro.git patch-6 [9] Pull Request #60 https://github.com/bro/bro/pull/60 [10] aeppert https://github.com/aeppert [11] Merge Pull Request #60 with git pull --no-ff --no-commit https://github.com/aeppert/bro.git patch-5 [12] Pull Request #52 https://github.com/bro/bro/pull/52 [13] J-Gras https://github.com/J-Gras [14] Merge Pull Request #52 with git pull --no-ff --no-commit https://github.com/J-Gras/bro.git topic/jgras/bit-1507 [15] Pull Request #22 https://github.com/bro/bro-plugins/pull/22 [16] nickwallen https://github.com/nickwallen [17] Merge Pull Request #22 with git pull --no-ff --no-commit https://github.com/nickwallen/bro-plugins.git support-many-kafka-topics [18] Pull Request #18 https://github.com/bro/bro-plugins/pull/18 [19] jshlbrd https://github.com/jshlbrd [20] Merge Pull Request #18 with git pull --no-ff --no-commit https://github.com/jshlbrd/bro-plugins-1.git topic/jshlbrd/ssdp

6 years, 1 month

[Bro-Dev] [JIRA] (BIT-1446) Remove the dummy Broker framework

by Johanna Amann (JIRA)

[ https://bro-tracker.atlassian.net/browse/BIT-1446?page=com.atlassian.jira.p… ] Johanna Amann commented on BIT-1446: ------------------------------------ In the same line - currently there is an @if around the openflow and netcontrol frameworks that disables them when broker is not enabled. Once broker is required, this should be removed. > Remove the dummy Broker framework > --------------------------------- > > Key: BIT-1446 > URL: https://bro-tracker.atlassian.net/browse/BIT-1446 > Project: Bro Issue Tracker > Issue Type: Problem > Components: Bro > Affects Versions: 2.4 > Environment: For unit testing with Broker disabled, there's currently a dummy script-level framework to fill in. > Unfortunately that dummy framework is the one that ends up getting documented, overriding the the actual one. > Now that Broker is mandatory, we should just remove the dummy. > Reporter: Robin Sommer > Fix For: 2.5 > > -- This message was sent by Atlassian JIRA (v7.2.0-OD-04-029#72002)

6 years, 1 month

[Bro-Dev] [JIRA] (BIT-1528) SNMP and SIP scans show up in known services.

by Vlad Grigorescu (JIRA)

[ https://bro-tracker.atlassian.net/browse/BIT-1528?page=com.atlassian.jira.p… ] Vlad Grigorescu commented on BIT-1528: -------------------------------------- Completed in topic/vladg/bit-1528. > SNMP and SIP scans show up in known services. > --------------------------------------------- > > Key: BIT-1528 > URL: https://bro-tracker.atlassian.net/browse/BIT-1528 > Project: Bro Issue Tracker > Issue Type: Problem > Components: Bro > Affects Versions: 2.4 > Reporter: Justin Azoff > Assignee: Vlad Grigorescu > Fix For: 2.5 > > > It appears that single packet SIP and SNMP scans cause the destination host to end up in known_services as running a SIP or SNMP service, even though they are not running that service and did not respond to the packet. -- This message was sent by Atlassian JIRA (v7.2.0-OD-04-029#72002)

6 years, 1 month

[Bro-Dev] [JIRA] (BIT-1528) SNMP and SIP scans show up in known services.

by Vlad Grigorescu (JIRA)

[ https://bro-tracker.atlassian.net/browse/BIT-1528?page=com.atlassian.jira.p… ] Vlad Grigorescu updated BIT-1528: --------------------------------- Status: Merge Request (was: Open) Assignee: (was: Vlad Grigorescu) > SNMP and SIP scans show up in known services. > --------------------------------------------- > > Key: BIT-1528 > URL: https://bro-tracker.atlassian.net/browse/BIT-1528 > Project: Bro Issue Tracker > Issue Type: Problem > Components: Bro > Affects Versions: 2.4 > Reporter: Justin Azoff > Fix For: 2.5 > > > It appears that single packet SIP and SNMP scans cause the destination host to end up in known_services as running a SIP or SNMP service, even though they are not running that service and did not respond to the packet. -- This message was sent by Atlassian JIRA (v7.2.0-OD-04-029#72002)

6 years, 1 month

[Bro-Dev] Broker bug: routing loops

by Mathias Fischer

I found a bug in the bro-part of broker in bro/src/EventHandler.cc and bro/src/Event.h. I came across this when integrating my multi-hop capable broker into bro in a deep-cluster setup. The bug causes routing loops in between two directly peered bros when both have subscribed to exactly the same prefix. The current broker-integration branch is also affected by this. This remained unnoticed until now, because peered bros in a cluster-setup always use distinct subscription prefixes.However, that might not be the case with future (deep cluster) deployments anymore. I created a new branch of the broker-integration branch (topic/mfischer/broker-fix) that fixes this bug. I also added another test for it: bro/testing/btest/broker/remote_same_prefix.bro. If there are no objections, I (or Daniel?) will merge it into the broker-integration branch. Mathias

6 years, 1 month

[Bro-Dev] [Auto] Merge Status

by Merge Tracker

Open Merge Requests =================== ID Component Reporter Assignee Updated For Version Priority Summary ------------ ----------- -------------- ------------ ---------- ------------- ---------- ------------------------------------------------------ BIT-1557 [1] Broccoli Daniel Thayer - 2016-03-21 2.5 Low broccoli code examples don't compile BIT-1547 [2] BroControl Justin Azoff Justin Azoff 2016-03-08 2.5 Normal broctl sets the same state variables over and over BIT-1507 [3] Bro Jan Grashoefer Seth Hall 2016-01-25 - Low Intel framework does not match mail addresses properly BIT-1498 [4] BroControl scampbell - 2016-03-11 2.5 Trivial add '-q' to ssh execution in ssh_runner.py Open GitHub Pull Requests ========================= Issue Component User Updated Title -------- ----------- --------------- ---------- ----------------------------------------------------------------------- #61 [5] bro aeppert [6] 2016-03-22 Add uid to smb_ntlm_authenticate [7] #60 [8] bro aeppert [9] 2016-03-22 Add uid to AuthInfo [10] #52 [11] bro J-Gras [12] 2016-01-18 Fixed matching mail address intel [13] #22 [14] bro-plugins nickwallen [15] 2016-03-23 BIT-1559 Bro-Plugins Send each log stream to different kafka topic [16] #18 [17] bro-plugins jshlbrd [18] 2016-03-03 SSDP analyzer [19] [1] BIT-1557 https://bro-tracker.atlassian.net/browse/BIT-1557 [2] BIT-1547 https://bro-tracker.atlassian.net/browse/BIT-1547 [3] BIT-1507 https://bro-tracker.atlassian.net/browse/BIT-1507 [4] BIT-1498 https://bro-tracker.atlassian.net/browse/BIT-1498 [5] Pull Request #61 https://github.com/bro/bro/pull/61 [6] aeppert https://github.com/aeppert [7] Merge Pull Request #61 with git pull --no-ff --no-commit https://github.com/aeppert/bro.git patch-6 [8] Pull Request #60 https://github.com/bro/bro/pull/60 [9] aeppert https://github.com/aeppert [10] Merge Pull Request #60 with git pull --no-ff --no-commit https://github.com/aeppert/bro.git patch-5 [11] Pull Request #52 https://github.com/bro/bro/pull/52 [12] J-Gras https://github.com/J-Gras [13] Merge Pull Request #52 with git pull --no-ff --no-commit https://github.com/J-Gras/bro.git topic/jgras/bit-1507 [14] Pull Request #22 https://github.com/bro/bro-plugins/pull/22 [15] nickwallen https://github.com/nickwallen [16] Merge Pull Request #22 with git pull --no-ff --no-commit https://github.com/nickwallen/bro-plugins.git support-many-kafka-topics [17] Pull Request #18 https://github.com/bro/bro-plugins/pull/18 [18] jshlbrd https://github.com/jshlbrd [19] Merge Pull Request #18 with git pull --no-ff --no-commit https://github.com/jshlbrd/bro-plugins-1.git topic/jshlbrd/ssdp

6 years, 1 month

[Bro-Dev] [JIRA] (BIT-1560) BroControl unhappy when host dies during shutdown

by Johanna Amann (JIRA)

[ https://bro-tracker.atlassian.net/browse/BIT-1560?page=com.atlassian.jira.p… ] Johanna Amann commented on BIT-1560: ------------------------------------ For completeness sake - apparently not all nodes are shut down in this scenario - brocontrol stopped shutting down nodes before trying to shut down the manager and proxies. broctl version is: BroControl Version 1.4-77 bro version is: bro version 2.4-284 > BroControl unhappy when host dies during shutdown > ------------------------------------------------- > > Key: BIT-1560 > URL: https://bro-tracker.atlassian.net/browse/BIT-1560 > Project: Bro Issue Tracker > Issue Type: Problem > Components: BroControl > Affects Versions: git/master > Reporter: Johanna Amann > Fix For: 2.5 > > > BroControl currently seems to get rather unhappy if a node crashes while Bro is being shut down. The output is something along these lines (it retries quite a few times and takes a while): > {code} > Error: failed to send stop signal to worker-19-1 > Error: failed to send stop signal to worker-19-2 > Error: cannot connect to worker-19-1 > Error: cannot connect to worker-19-2 > ssh: connect to host 10.0.1.69 port 22: Connection refused > ssh: connect to host 10.0.1.83 port 22: Host is down > Error: cannot connect to worker-19-1 > Error: cannot connect to worker-19-2 > ssh: connect to host 10.0.1.83 port 22: Host is down > ssh: connect to host 10.0.1.83 port 22: Host is down > Error: cannot connect to worker-19-1 > Error: cannot connect to worker-19-2 > ssh: connect to host 10.0.1.83 port 22: Host is down > ssh: connect to host 10.0.1.83 port 22: Host is down > Error: cannot connect to worker-19-1 > Error: cannot connect to worker-19-2 > ssh: connect to host 10.0.1.83 port 22: Host is down > ssh: connect to host 10.0.1.83 port 22: Host is down > Error: cannot connect to worker-19-1 > Error: cannot connect to worker-19-2 > ssh: connect to host 10.0.1.83 port 22: Host is down > ssh: connect to host 10.0.1.83 port 22: Host is down > Error: cannot connect to worker-19-1 > Error: cannot connect to worker-19-2 > ssh: connect to host 10.0.1.83 port 22: Host is down > ssh: connect to host 10.0.1.83 port 22: Host is down > ... > ssh: connect to host 10.0.1.83 port 22: Host is down > Error: cannot connect to worker-19-1 > Error: cannot connect to worker-19-2 > Error: 'str' object has no attribute 'type' > [BroControl] > > {code} -- This message was sent by Atlassian JIRA (v7.2.0-OD-04-029#72002)

6 years, 1 month

[Bro-Dev] [JIRA] (BIT-1560) BroControl unhappy when host dies during shutdown

by Johanna Amann (JIRA)

Johanna Amann created BIT-1560: ---------------------------------- Summary: BroControl unhappy when host dies during shutdown Key: BIT-1560 URL: https://bro-tracker.atlassian.net/browse/BIT-1560 Project: Bro Issue Tracker Issue Type: Problem Components: BroControl Affects Versions: git/master Reporter: Johanna Amann Fix For: 2.5 BroControl currently seems to get rather unhappy if a node crashes while Bro is being shut down. The output is something along these lines (it retries quite a few times and takes a while): {code} Error: failed to send stop signal to worker-19-1 Error: failed to send stop signal to worker-19-2 Error: cannot connect to worker-19-1 Error: cannot connect to worker-19-2 ssh: connect to host 10.0.1.69 port 22: Connection refused ssh: connect to host 10.0.1.83 port 22: Host is down Error: cannot connect to worker-19-1 Error: cannot connect to worker-19-2 ssh: connect to host 10.0.1.83 port 22: Host is down ssh: connect to host 10.0.1.83 port 22: Host is down Error: cannot connect to worker-19-1 Error: cannot connect to worker-19-2 ssh: connect to host 10.0.1.83 port 22: Host is down ssh: connect to host 10.0.1.83 port 22: Host is down Error: cannot connect to worker-19-1 Error: cannot connect to worker-19-2 ssh: connect to host 10.0.1.83 port 22: Host is down ssh: connect to host 10.0.1.83 port 22: Host is down Error: cannot connect to worker-19-1 Error: cannot connect to worker-19-2 ssh: connect to host 10.0.1.83 port 22: Host is down ssh: connect to host 10.0.1.83 port 22: Host is down Error: cannot connect to worker-19-1 Error: cannot connect to worker-19-2 ssh: connect to host 10.0.1.83 port 22: Host is down ssh: connect to host 10.0.1.83 port 22: Host is down ... ssh: connect to host 10.0.1.83 port 22: Host is down Error: cannot connect to worker-19-1 Error: cannot connect to worker-19-2 Error: 'str' object has no attribute 'type' [BroControl] > {code} -- This message was sent by Atlassian JIRA (v7.2.0-OD-04-029#72002)

6 years, 1 month

[Bro-Dev] [JIRA] (BIT-1559) Bro-Plugins - Send Each Log Stream to Different Kafka Topic

by Nick Allen (JIRA)

Nick Allen created BIT-1559: ------------------------------- Summary: Bro-Plugins - Send Each Log Stream to Different Kafka Topic Key: BIT-1559 URL: https://bro-tracker.atlassian.net/browse/BIT-1559 Project: Bro Issue Tracker Issue Type: Improvement Components: Bro Reporter: Nick Allen The current Kafka log writer sends all log streams (Conn, Http, Dns) to the same Kafka topic. Allow the user to configure a separate topic for each log stream. -- This message was sent by Atlassian JIRA (v7.2.0-OD-04-029#72002)

6 years, 1 month

[Bro-Dev] [Auto] Merge Status

by Merge Tracker

Open Merge Requests =================== ID Component Reporter Assignee Updated For Version Priority Summary ------------ ----------- -------------- ------------ ---------- ------------- ---------- ------------------------------------------------------ BIT-1557 [1] Broccoli Daniel Thayer - 2016-03-21 2.5 Low broccoli code examples don't compile BIT-1547 [2] BroControl Justin Azoff Justin Azoff 2016-03-08 2.5 Normal broctl sets the same state variables over and over BIT-1507 [3] Bro Jan Grashoefer Seth Hall 2016-01-25 - Low Intel framework does not match mail addresses properly BIT-1498 [4] BroControl scampbell - 2016-03-11 2.5 Trivial add '-q' to ssh execution in ssh_runner.py Open GitHub Pull Requests ========================= Issue Component User Updated Title -------- ----------- ------------ ---------- ---------------------------------------------- #62 [5] bro aeppert [6] 2016-03-22 Add a means of disabling the SMB files log [7] #61 [8] bro aeppert [9] 2016-03-22 Add uid to smb_ntlm_authenticate [10] #60 [11] bro aeppert [12] 2016-03-22 Add uid to AuthInfo [13] #52 [14] bro J-Gras [15] 2016-01-18 Fixed matching mail address intel [16] #18 [17] bro-plugins jshlbrd [18] 2016-03-03 SSDP analyzer [19] [1] BIT-1557 https://bro-tracker.atlassian.net/browse/BIT-1557 [2] BIT-1547 https://bro-tracker.atlassian.net/browse/BIT-1547 [3] BIT-1507 https://bro-tracker.atlassian.net/browse/BIT-1507 [4] BIT-1498 https://bro-tracker.atlassian.net/browse/BIT-1498 [5] Pull Request #62 https://github.com/bro/bro/pull/62 [6] aeppert https://github.com/aeppert [7] Merge Pull Request #62 with git pull --no-ff --no-commit https://github.com/aeppert/bro.git patch-7 [8] Pull Request #61 https://github.com/bro/bro/pull/61 [9] aeppert https://github.com/aeppert [10] Merge Pull Request #61 with git pull --no-ff --no-commit https://github.com/aeppert/bro.git patch-6 [11] Pull Request #60 https://github.com/bro/bro/pull/60 [12] aeppert https://github.com/aeppert [13] Merge Pull Request #60 with git pull --no-ff --no-commit https://github.com/aeppert/bro.git patch-5 [14] Pull Request #52 https://github.com/bro/bro/pull/52 [15] J-Gras https://github.com/J-Gras [16] Merge Pull Request #52 with git pull --no-ff --no-commit https://github.com/J-Gras/bro.git topic/jgras/bit-1507 [17] Pull Request #18 https://github.com/bro/bro-plugins/pull/18 [18] jshlbrd https://github.com/jshlbrd [19] Merge Pull Request #18 with git pull --no-ff --no-commit https://github.com/jshlbrd/bro-plugins-1.git topic/jshlbrd/ssdp

6 years, 1 month

← Newer
1
2
3
4
5
6
7
...
20
Older →

Jump to page:

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

zeek-dev March 2016