Commit Graph

6030 Commits (85b00dcfa06f558d7246d13851e4f61013bbba6a)
 

Author SHA1 Message Date
Victor Julien ebb42f831c suppress: add track by_either mode
So far suppress rules would apply to src or dst addresses of a packet.
This meant that if a ip would need to suppressed both as src and as dst,
2 suppress rules would be needed.

This patch introduces track by_either, which means that the ip(s) in the
suppress rule are tested against both the packets source and dest ip's.
If either of them is on the suppress list, the alert is suppressed.
11 years ago
Victor Julien e85a44c383 suppress: support ip-lists
Ticket: 1137

Support supplying a list of IP's to the suppress keyword. Variables from
the address-groups and negation is supported. The same logic (and code) is
used that is also used in parting the IP portions of regular detection
rules.
11 years ago
Jason Ish 26fc5682ad hostbits: ignore leading and trailing white space
Ignore leading and trailing space around the name and
direction tokens.
11 years ago
Jason Ish 7c40c73482 json-stats: reorg threads and totals
Totals are now placed at the top level instead of under a "Total"
object.

Threads are placed under a "threads" object.
11 years ago
Jason Ish 1f2caf78c3 json-stats: log uptime in seconds, instead of a string 11 years ago
Jason Ish 0f1dd0d7ea flowbits: strip leading and trailing spaces in name
Redmine bug 1481. Strip leading and trailing white space. Factor
out parsing from setup while in here.
11 years ago
Zachary Rasmor 0edf28a4f8 Add Feature #1454. Generic eve-log prefix support. 11 years ago
Victor Julien a083513c49 decode: optimize DecodeThreadVars layout
Put common counters on the first cache line. Please the flow output
pointer last as it's use depends on the flow logging being enabled
and even then it's only called very rarely.
11 years ago
Victor Julien fe5a85aea0 decode: add erspan counter 11 years ago
Victor Julien 928957f0a3 decode: add ERSPANv1 decoder
Only allow v1 to be parsed as thats what is tested.

Take vlan_id from the ERSPAN layer.
11 years ago
Victor Julien aa6b24f814 decode: clean up tunnel decode logic
Don't use mix of existing and custom types to indicate the next
layer.
11 years ago
Victor Julien ef7cd043cc detect: various header cleanups 11 years ago
Victor Julien 5483b800c5 detect: remove struct/union tricks from Signature 11 years ago
Victor Julien 8949054212 detect: remove unused match_flags from inspect engines 11 years ago
Victor Julien 9fa2f85cc7 http: improve body pruning
Take inspect window into account.
11 years ago
Victor Julien 0bbc818b2d http: fix body tracking
In HTTP body tracking for response bodies, pruning body chunks was broken
as the body parsing code wouldn't update HtpBody::body_parsed.
11 years ago
Victor Julien 3203555708 http-client-body: create unittest util func 11 years ago
Eric Leblond d837562441 logging: fix modules ordering during logging
With the previous code the order of the logging modules in the
YAML were determining which module was run first. This was not
wished and a consequences was that the EVE fileinfo module was
not correctly displaying the key 'stored' because it was
depending on a flag set alter by the filestore module.

This patch adds a priority file to the TmModule structure. The
higher the priority is set, the sooner the module is run in the
logging process. The RunModeOutput structure has also been
updated to contain the name of the original TmModule. Thus allowing
to define a priority for a RunModeOutput.

Currently only the filestore has a priority set. The rest of them is
set to the default value of zero.
11 years ago
Eric Leblond be07620a60 output-lua: sync variable name with yaml
'script-dir' was used in the code but we had 'scripts-dir' in the
configuration file. This patch fixes it to 'scripts-dir'.
11 years ago
Jason Ish ae23144b67 --set - handle spaces on either side of '='
Discard spaces when provided as part of --set around the '='. For
example, "val=key", "val = key", "val= key" and "val =key" are
all equivalent now.
11 years ago
Jason Ish d9fe95bc8a conf - function declaration style
Use consistent style - function return type and declaration on
same line.
11 years ago
DIALLO David 0a4fd39f9c modbus: fix heap-buffer-overflow in Modbus parser
Modbus parser does not check length to extract/read data (read or write address,
quantity of data, etc.) that should be present.

In case of malformated data (invalid length in header), Modbus parser reads data
over the input data length.

Add check before extracting/reading data from input buffer to avoid head buffer
overflow.
11 years ago
Victor Julien 07efec550d counters: use ptr to name instead of copy
All counters have hardcoded names, so copies are not needed.
11 years ago
Victor Julien 7e66c70507 counters: don't run if no counters have been registered 11 years ago
Victor Julien cb5aa8f8d5 counters: work around unix-socket init issues 11 years ago
Victor Julien e48153c6b0 counters: make threads cleanup all memory 11 years ago
Victor Julien 81548ae3e8 counters: clean up global context 11 years ago
Victor Julien 84b8829cb4 counters: turn flow.memuse into a global counter 11 years ago
Victor Julien 0a262acdfb counters: make DNS counters globals 11 years ago
Victor Julien ac069c579a counters: make tcp.memuse a global counter 11 years ago
Victor Julien cddbb0f606 http: make http.memuse a global counter
http.memcap as well.
11 years ago
Victor Julien f05d0692ef counters: remove references to 'perf' counters 11 years ago
Victor Julien faef92f8da counters: remove last and now unused tm_name reference 11 years ago
Victor Julien 83f27ae2a5 counters: remove old unix socket json logic 11 years ago
Victor Julien 41ead6611a counters: minor internal API cleanups 11 years ago
Victor Julien d2a9ef2680 counters: rename unparsable SCPCAElem to StatsLocalCounter 11 years ago
Victor Julien 4c3ccda72e counters: minor header cleanup 11 years ago
Victor Julien 752f03e7a4 counters: remaining s/SCPerf/Stats/g 11 years ago
Victor Julien 4362d0a6e9 counters: s/SCPerfPrivateContext/StatsPrivateThreadContext/g 11 years ago
Victor Julien 628c3b1bc7 counters: s/SCPerfPublicContext/StatsPublicThreadContext/g 11 years ago
Victor Julien 7e70f136ec counters: various renames and cleanups 11 years ago
Victor Julien 30cce2bd29 counters: s/SCPerfCounterSetUI64/StatsSetUI64/g 11 years ago
Victor Julien 1c0b4ee0ae counters: s/SCPerfCounterIncr/StatsIncr/g 11 years ago
Victor Julien 8992275b0c counters: s/SCPerfCounterAddUI64/StatsAddUI64/g 11 years ago
Victor Julien 60d9eb6790 counters: clean up defines 11 years ago
Victor Julien 1ef786e7cb counters: rename register API calls
Also remove 'type' parameter which was always the same.
11 years ago
Victor Julien 3fab736539 log-stats: make global/threads logging configurable 11 years ago
Victor Julien 2c9a2c8327 stats: support per thread stats in json output
Default is only to output totals. Optionally per thread can be added.

Both can be enabled together.
11 years ago
Victor Julien 175831331c stats json: replace strndup
strndup is a banned function.
11 years ago
Victor Julien 6565c86f96 stats-json: fixes and improvements
Use proper LogFileCtx and MemBuffer handling so we can have multiple
loggers active at the same time.

Change 'date' field to timestamp, and use ISO notation to make it
the same as the other JSON outputs.
11 years ago