forked from zeek/zeek-agent-v2
-
Notifications
You must be signed in to change notification settings - Fork 0
/
CHANGES
228 lines (136 loc) · 6.83 KB
/
CHANGES
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
2.3.0-dev.45 | 2022-10-31 18:18:38 +0100
* GH-52: Switch `glob::glob` to use `ghc::filesystem`.
* Reorganize platform-specific code.
* Factor out our CMake compile and link options.
* Move macOS installer app into platform code.
2.3.0-dev.39 | 2022-08-05 10:29:03 +0200
* Add a macOS network extension to the agent.
On macOS, the agent was already running as a system extension. This
adds the appropriate magic to hook into the OS as a "Network
Extension", so that we gain access to network activity. We don't use
this yet for anything, but this gets all the infrastructure pieces in
place.
* Add `stderr` as a log destination.
2.3.0-dev.36 | 2022-08-05 10:27:48 +0200
* Use `p-ranav/glob` library for Windows `files` table.
2.3.0-dev.33 | 2022-07-28 13:56:49 +0200
* Fix ccache on Windows
* Update CI jobs to use `[email protected]`.
2.3.0-dev.31 | 2022-07-19 11:15:45 +0200
* Adding Windows installer packaging.
* Publish Windows installer as part of the release workflow.
* Add keys to ccache configs in CI to avoid collisions.
* Set `ZEEK_AGENT_VERSION_{MAJOR,MINOR_PATCH}` values during CMake.
2.3.0-dev.25 | 2022-07-12 13:16:30 +0200
* Extend macOS support:
- Add installer application and turn the agent into a system
extension. The installer does three things: (1) it asks the
system to install the extension persistently; (2) it interacts
with the user through a small UI, including offering some basic
configuration; and (3) it communicates with the running
extension through XPC for configuration and status checks.
Application and extensions get bundled into a DMG, and signed
and notarized during CI.
- Implement `system` logging on macOS.
- Read preferences from system's `org.zeek.zeek-agent` via
`defaults`.
- Relocate default paths for configuration and state to
`/Library/Application Support/ZeekAgent`, or the user's version
of that if not running as root. (This may not be final yet.)
- Make Endpoint Security available internally (not used yet).
- Add new icons for macOS. (Matti Bispham)
* Switch default log level to `info`.
* Make agent robust against platforms potentially not being able to
determine paths for configuration and state files.
* Fix bug on Linux/macOS determining admin mode.
2.3.0-dev.10 | 2022-07-08 13:37:18 +0200
* Rework Windows build to use `vcpkg` for dependencies.
* Fix a couple of minor issues for Windows.
* Rename our internal format method to avoid ambiguity with
`std::format`.
* Remove duplicated `out_ptr` license info.
2.3.0-dev.5 | 2022-07-07 16:51:52 +0200
* Prettify WebSocket error messages.
* Do not install IXWebSocket headers.
* Update CI configuration to not treat `v.*-dev` tags as releases.
* Revert unintended submodule bumps.
2.2.0 | 2022-07-05 12:04:10 +0200
* Port to Windows. (Binary build to come with next release.)
* GH-25: Add `files_columns` table that extracts selected columns
from on-disk files und sends them over to Zeek as a record. See
the `README` for documentation.
* GH-7: Extend the type system for table columns. We can now
represent addresses, booleans, counts, intervals, ports, records,
sets, times, and vectors end-to-end, so that they arrive as such
at Zeek. We also update our tables to use the new types where
appropriate.
* GH-34: Disable communication with a Zeek instance if it's package
version is too old.
* Add a 2nd 'differences' mode to queries where no initial snapshot
is provided. We now have (1) "snapshot-and-diffs", which sends an
initial snapshot first, followed by diffs; and (2) "diffs", which
sends an empty initial result and then just diffs.
* Add WebSocket transport layer compatible with Zeek 5.0. We now try
both Broker and WebSocket when connecting to Zeek. The former will
work with Zeek 4.0, the latter with Zeek 5.0.
* Add Broker version to agent handshake.
* Support default values for table parameters.
* Make exception available to table's data acquisition methods to signal failure.
* Move numerical version number computation from CMake to runtime.
* Fix deadlock in scheduler.
* Fix potential dereference of unset optional.
* Fix usage message.
* Fix `assert` that could wrongly trigger.
* Fix console getting stuck on queries with errors, and reduce
unintended latency until query executes.
* Fix CI issue on Ubuntu.
* Fix potential deadlock in unit test.
* Fix trace-level debug logging.
* Fix linker issue on Linux.
* Make --test output available on failure in BTest suite.
* Clean up unused state in Zeek communication code.
* Format Zeek scripts with current zeek-format.
* Update SQLite to 3.38.1 to give us built-in JSON support.
* Update stduuid module.
2.0.4 | 2022-03-04 16:55:11 +0100
* Add new log options. In the configuration file we now provide more
control of log messages:
[log]
type=<stdout|system|file>
level=<error|warn|info|debug|trace>
path=<path for type 'file'>
Default remains logging to stdout at level INFO.
* Fine-tune log levels. We elevate some high-level messages to INFO
level that can be useful to users, and we move some noisy debug
messages to TRACE level (which is available only in debug builds).
* Expose Broker's SSL options in configuration file. This also moves
all Zeek options into a `[zeek]` section of the configuration
file.
* Link against standard version of OpenSSL by default. So far we
hardcoded always using the static OpenSSL libraries. Now that's
done only when with configured with ``--enable-static``, otherwise
we use whatever CMake determines being the default.
* Fix column type in `files_lines` table.
* Fix enforcement of maximum idle timeout.
* Add missing include to appease GCC 11.2.1.
* Update toml++.
2.0.3 | 2022-02-22 13:36:47 +0100
* Adapt to package's new default listening port.
* Fix problem with column caching.
2.0.2 | 2022-02-21 16:36:16 +0100
* Push all asynchronous activity to the main thread to avoid most
inter-thread locking.
* Fix configure's `--sanitizer` argument.
* In `.schema` output, break out table parameters separately.
2.0.1 | 2022-02-21 15:26:44 +0100
* Add a test build of the source code tarball to CI.
* Extend query API to allow specifying tables that must/must not be
present. Agents will ignore queries not meeting expectations.
* Extract version information from Zeek's hello message.
* Adapt to changes to options in the Zeek package.
* Fix differential queries returning empty removed rows.
* Fix time filtering for differential queries.
* Fix double table deactivation.
* Guard against an error case in Darwin system logs collector.
2.0.0 | 2022-02-14 16:14:48 +0100
* Initial release.