silk-common-3.18.0-2.fc24.i686
[1.1 MiB] |
Changelog
by Lawrence Rogers (2018-12-13):
* Release 3.18.0-1/2
rwsetcat
When --ip-format includes zero-padded and CIDR prefixes are being printed, also apply zero-padding to the prefix.
Fix a bug when using --ip-format=decimal,zero-padded that caused an extra leading 0 to appear for IPv6 addresses.
rwbagcat
When --key-format includes zero-padded and CIDR prefixes are being printed, also apply zero-padding to the prefix.
Fix a bug when using --key-format=decimal,zero-padded that caused an extra leading 0 to appear for IPv6 addresses.
rwpmapcat, rwpmaplookup
When --ip-format includes zero-padded and CIDR prefixes are being printed, also apply zero-padding to the prefix.
Fix a bug when using --ip-format=decimal,zero-padded that caused an extra leading 0 to appear for IPv6 addresses.
Fix a bug when using --ip-format=unmap-v6 where the prefix for IPs in the ::ffff:0:0/96 netblock was not adjusted to IPv4.
rwcut, rwrecgenerator, rwstats, rwuniq
Fix a bug when using --ip-format=decimal,zero-padded that caused an extra leading 0 to appear for IPv6 addresses.
rwsender, rwreceiver
Change optional TLS support to require GnuTLS-2.12.0 or later.
Add a --tls-priority switch to set the priority (preference order) of ciphers, key exchange, etc.
Add a --tls-security switch to set the security level of GnuTLS which determines cryptographic key sizes and security parameters.
Add a --tls-crl switch to set a certificate revocation list.
Add a --tls-debug-level to set the debugging level of GnuTLS.
Not setting RWSENDER_TLS_PASSWORD/RWRECEIVER_TLS_PASSWORD is now treated as a NULL password, not an empty password.
Exit with an error when any of the switches --tls-ca, --tls-cert, --tls-key, or --tls-pkcs12 are specified multiple times.
Use GnuTLS's socket reading/writing functions instead of our own.
rwflowpack
Fix a bug that could cause rwflowpack to crash when multiple probes were processing IPFIX files.
|
silk-common-3.17.2-6.fc24.i686
[1.1 MiB] |
Changelog
by Lawrence Rogers (2018-12-04):
* Release 3.17.2-5/6
Rebuilt for libfixbuf-2.2.0.
|
silk-common-3.17.2-4.fc24.i686
[1.1 MiB] |
Changelog
by Lawrence Rogers (2018-07-19):
* Release 3.17.2-3/4
Rebuilt for libfixbuf-2.1.0.
|
silk-common-3.17.2-2.fc24.i686
[1.1 MiB] |
Changelog
by Lawrence Rogers (2018-06-28):
* Release 3.17.2-1/2
rwgeoip2ccmap
Add a --fields switch that gives the user control over which country-code value(s) are used when reading a GeoIP2 file.
rwuniq
Use a 64-bit integer for storing a bin's record count.
rwstats
Use a 64-bit integer for storing a bin's record count.
rwaddrcount
Use 64-bit integers for storing a bin's packet count and record count.
rwflowpack
In sensor.conf, add a new quirk, nf9-out-is-reverse, to simulate the behavior of libfixbuf-1.7.1; i.e., to treat the NetFlow v9 elements OUT_BYTES and OUT_PKTS as reverse-volume values.
When parsing the sensor.conf file, allow double-quoted strings for the path names of IPset files.
flowcap
In sensor.conf, add a new quirk, nf9-out-is-reverse, to simulate the behavior of libfixbuf-1.7.1; i.e., to treat the NetFlow v9 elements OUT_BYTES and OUT_PKTS as reverse-volume values.
|
silk-common-3.17.1-2.fc24.i686
[1.1 MiB] |
Changelog
by Lawrence Rogers (2018-04-23):
* Release 3.17.1-1/2
3.17.1
Fix a compilation failure on RedHat EL6, CentOS 6, and other systems.
3.17.0
Add support in rwaggbagtool for removing rows when a value is above or below a threashold or when an
IP address is in or is not in an IPset.
Change how rwsetcat displays IPv4 addresses in an IPset containing both IPv4 and IPv6 addresses.
Add support for millisecond timestamps in rwuniq and rwstats.
Add support for the GeoIP2 version of MaxMind's country code comma-separated value files and binary files.
(Binary file support requires libmaxminddb library support.)
|
silk-common-3.16.1-2.fc24.i686
[1.1 MiB] |
Changelog
by Lawrence Rogers (2018-02-15):
* Release 3.16.1-1/2
rwstats
Fix a bug that occurred when using a large amount of memory and could result in corrupted output.
rwuniq
Fix a bug that occurred when using a large amount of memory and could result in corrupted output.
rwbagcat
Fix bugs that occur when using the --network-structure switch with an IPv4-specific argument and bag file contains addresses in the ::ffff:0:0/96 netblock.
rwsetcat
Print an error message when rwsetcat is unable to read an IPset.
rwsender, rwreceiver
Fix an issue when using installations of GnuTLS that do not provide support for thread locking.
rwflowpack, flowcap
Fix a bug where NetFlow v9 records were being ignored because the application was decoding them with the wrong internal template.
Building
Fix issues when determining compilation flags necessary for Python support.
|
silk-common-3.16.0-4.fc24.i686
[1.1 MiB] |
Changelog
by Lawrence Rogers (2017-11-09):
* Release 3.16.0-3/4
Rebuilt with libfixbuf 1.8.0.
|
silk-common-3.16.0-2.fc24.i686
[1.1 MiB] |
Changelog
by Lawrence Rogers (2017-06-29):
* Release 3.16.0-1/2
rwstats
When the primary value is a distinct count, compute the number of distinct items across all bins and print each bin's percentage of the total distinct count.
Fix bugs that may occur when computing distinct counts and not all distinct counts fit into memory.
rwuniq
Fix bugs that may occur when computing distinct counts and not all distinct counts fit into memory.
flowrate plug-in
Change how the flowrate plug-in handles flow records whose duration is zero in order to fix bizarre looking output in rwstats. The plug-in now assumes each of these flow records has a duration of 400 microseconds (0.4 milliseconds).
Add the --flowrate-zero-duration switch which allows the user to set the duration that the plug-in uses for flow records whose given duration is zero.
rwrandomizeip
Read flow records from the standard input if the number of non-switch arguments is zero.
Write the flow records to the standard output if the number of non-switch arguments is zero or one.
rwswapbytes
Read flow records from the standard input if the number of non-switch arguments is zero.
Write the flow records to the standard output if the number of non-switch arguments is zero or one.
rwflowpack, flowcap
Change processing of NetFlow v9 records so that, when SiLK is compiled against libfixbuf 1.8.0, the OUT_BYTES and OUT_PKTS values are used when the IN_BYTES and IN_PKTS values are 0.
flowcap
Print the probe definitions to the log file when the log-level is set to debug.
rwflowpack, rwflowappend, flowcap, rwsender, rwreceiver, rwpollexec
Change how daemons invoke subprocesses in order to avoid creating subprocesses that deadlock and never complete.
Modify start-up scripts to be more in line with the rules in the Linux Standard Base.
Plug-ins
Add manual pages for the cutmatch, conficker-c, and app-mismatch plug-ins.
No longer install the uniq-distproto plug-in since its functionality is available as --values=distinct:protocol.
|
silk-common-3.15.0-2.fc24.i686
[1.1 MiB] |
Changelog
by Lawrence Rogers (2017-03-24):
* Release 3.15.0-1/2
rwaggbag
Create a new tool similar to rwbag: a tool to bin SiLK Flow records using a key and counter that support multiple fields and store the results in a binary Aggregate Bag file.
rwaggbagbuild
Create a new tool to create an Aggregate Bag file from text.
rwaggbagcat
Create a new tool to print the contents of an Aggregate Bag file as text.
rwaggbagtool
Create a new tool to manipulate binary Aggregate Bag files and create a new Aggregate Bag file.
flowkey
Add a new plug-in that uses the same algorithm as YAF to compute a 32-bit flow key hash.
rwpmapcat
Add the --output-path switch to specify the output file.
POTENTIAL INCOMPATIBILITY. Note that the shortest unique prefix for the --output-type switch is now "--output-t".
rwfileinfo
Add the --xargs switch to read input file names from a file.
rwsetcat
Add the --output-path switch to specify the output file.
Do not use the the pager when the output contains only the count of the number of IPs in a singe IPset.
rwsiteinfo
Add the --output-path switch to specify the output file.
rwtuc
Add the --xargs switch to read input file names from a file.
Allow multiple fields in the input to be ignored.
At shutdown, print the number of input lines that were not parsed unless --verbose is given or an error occurs.
Remove the --bad-input-lines file when it is empty (in accordance with the manual page).
Fix a bug that treated white space after the final delimiter as another field.
Fix issues in parsing the title line when --fields is given.
rwbagcat
Add the --site-config-file switch to select the silk.conf file.
Do not invoke the pager when --print-statistics is the only output and a destination argument is given to the switch.
rwip2cc
Do not use the pager when the --output-path switch is given.
rwscanquery
Fix a bug that prevented use of the SQLite database driver on a case-sensitive file system and caused "make check" to fail.
Building
Fix a compilation error in rwsiteinfo on Ubuntu.
Remove support for fixbuf releases prior to libfixbuf-1.7.0.
|
silk-common-3.14.0-2.fc24.i686
[1.1 MiB] |
Changelog
by Lawrence Rogers (2016-11-17):
* Release 3.14.0-1/2
IPset changes
Add a new file format, record-version=5, for IPsets containing IPv6 addresses that should be more
compact than record-version=4. Unless the default file format is changed at configure time, the new
format must be explicitly requested using --record-version switch or via the SILK_IPSET_RECORD_VERSION
environment variable.
Fix a bug when working with IPsets that contain IPv6 addresses and have more than 44,739,242
internal nodes. The bug may cause the tool to crash or to loop endlessly.
Reduce how quickly memory grows when building an IPset that contains IPv6 addresses.
Perform additional integrity checks when reading an IPset file from disk.
rwsetbuild
Fix a bug introduced in SiLK-3.11.0 that may occur when computing the intersection or difference of
an IPv4 IPset with an IPv6 IPset that is in record-version=4 format. Addresses in the ::ffff:0:0/96
netblock of the IPv6 IPset were ignored when the IPset contained clusters of addresses less then
::ffff:0:0.
rwsetcat
Allow computing the count of IP addresses in an IPset without loading the IPset into memory.
rwbag
Fix a bug when creating a bag whose key is attributes that causes the bag to appear to have duplicate keys.
rwfileinfo
Rename the title of the compression field. The title was changed unintentionally in SiLK 3.12.2 and caused iSiLK to fail.
rwstats, rwuniq
Do not limit the maximum hash table size to a 32-bit value on a 64-bit platform.
flowcap, rwflowpack
In the sensor.conf file, add support for a quirk to handle NetFlow v9 records generated by a
SonicWall device where the router up-time is reported in seconds instead of milliseconds.
Building
Add a configure switch, --enable-ipset-compatibility, that allows changing the default IPset
file format written by SiLK. The argument is the version of SiLK with which IPsets are to be
compatible. The IPset file format changes at 3.7.0 and 3.14.0.
|
silk-common-3.13.0-2.fc24.i686
[1.1 MiB] |
Changelog
by Lawrence Rogers (2016-09-29):
* Release 3.13.0-1/2
Change across all tools
Add support for compressing files with "Snappy" compression when the Snappy library and header are found during configuration.
Add support for the SILK_COMPRESSION_METHOD environment variable that provides a default value for the --compression-method switch.
rwcount
Do not limit the maximum array size to a 32-bit value on 64-bit platforms.
rwsettool
Add a --symmetric-difference switch to compute the set of IP addresses that occur in only one of two input IPsets.
rwfileinfo
Disable printing of the record count when the file's compression method is not available.
rwfilter, rwfglob
Fix a file-selection bug where a --start-date specified in epoch seconds that fell on a day boundary would return files
for that entire day instead of for that single hour.
PySiLK
Fix memory leaks.
Fix a bug in the silk.site.repository_iter() where an epoch-based start-date value that fell on a day boundary would
return files for that entire day instead of for that single hour.
rwsender
Change the log messages that are written when scanning the incoming and processing directories.
|
silk-common-3.12.2-2.fc24.i686
[1.1 MiB] |
Changelog
by Lawrence Rogers (2016-06-23):
* Release 3.12.2-1/2
rwgeoip2ccmap
Restore support for binary input that was removed in SiLK 3.12.0.
rwbagcat
Sort the output using the value of each key's counter when the --sort-counters switch is given.
rwbag
Copy the invocation history and the notes from the source files to the output file(s).
rwbagtool
When inverting a bag, set the key-type of the output to the counter-type of the input. Previously it was set to custom.
rwfileinfo
Add a --help-fields switch.
Expand the description of rwfileinfo's output on the manual page.
rwfilter, rwfglob, rwsiteinfo
Fix an unexpected fatal error that would occur when the silk.conf file contained a class that did not contain any types.
Check the validity of the silk.conf file and report such errors.
rwipfix2silk
Write additional log messages when --log-destination is specified.
rwpdu2silk
Write additional log messages when --log-destination is specified.
rwflowpack
Change when record counts are reported in the log file: Report the number of records written to each output file only when the files are flushed.
Fix a bug processing the reverse side a YAF bi-flow that stored the egressInterface in both the input and output fields.
Fix a bug processing a bi-flow record that reversed the vlan interfaces on the forward record.
flowcap
Fix a bug when processing the reverse side a YAF bi-flow that stored the egressInterface in both the input and output fields.
Fix a bug processing a bi-flow record that reversed the vlan interfaces on the forward record.
rwflowappend
Add locking of incremental files to prevent multiple rwflowappend invocations from processing the same file.
|
silk-common-3.12.1-2.fc24.i686
[1.1 MiB] |
Changelog
by Lawrence Rogers (2016-05-05):
* Release 3.12.1-1/2
rwbagcat
Fix a bug where the pager was not invoked when displaying keys as IPs or integers.
rwflowpack, flowcap
Make substantial changes to the handling of IPFIX and NetFlow v9 records to decrease per-record processing time.
|