-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
scripts/analyzer: Introduce requested_analyzers #2507
Conversation
@sethhall @sowmyaramapatruni - I took a first stab around the required/requested analyzer topic. IIUC, the main driver to have this in Zeek base is for external scripts that use this sort of mechanism to not rely/require a custom implementation and continue to work easily with a vanilla open-source distribution whenever released to the public. Some points that come up:
Could you maybe outline why using |
@sowmyaramapatruni / @sethhall - did you have a chance to take a look? |
Hey Arne, Sorry for the delayed response. Thankyou for writing this. I have couple of questions.
|
For disabling analyzer there already exists a set Could certainly see calling it
Yes.
It should, but happy to hear also Seth's thoughts. |
3d29339
to
d877cd2
Compare
Chatted with @sethhall out of band. He suggested to remove the I'm moving this out of draft/rfc state to be merged (or better names suggested :-) ) |
d877cd2
to
e8e79d1
Compare
In certain deployment scenarios, all analyzers are disabled by default. However, conditionally/optionally loaded scripts may rely on analyzers functioning and declare a request for them. Add a global set set to the Analyzer module where external scripts can record their requirement/request for a certain analyzer. Analyzers found in this set are enabled at zeek_init() time.
e8e79d1
to
4e75d54
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks Arne!
In certain deployment scenarios, all or some analyzers are disabled by default. However, conditionally/optionally loaded scripts may require them.
This change adds a set in the Analyzer module where where external scripts can record the requirement/request for a certain analyzer to subsequently act on these.