Justin

> inserting items in the order of their final location in the dictionary. Sounds like the sort of thing that happens when you insert sorted items into a binary tree...

> unless publishing to the worker_topic buffers for each worker individually As I understand it publishing the same message to multiple connected peers copies the message once for each peer.

I believe the memory difference caused by not waiting for the proxies to be available is the following: If no proxies, the manager reads the input table as fast as...

yep.. and if you want a good test to ensure that this works. run it with https://github.com/corelight/zeek-long-connections and see if you get the community id stuff in the conn_long log.

fyi, I just found that setting security_level to AuthNoPriv instead of AuthPriv manifests itself as the "OID not increasing" error.

It looks like your PR covers the first 2 of these. I think for the 3rd I would need a command like cred update-scan-interval --all 10 cred update-scan-interval --user root...

@monrorMe old hosts should eventually just be ignored unless a discover picks them up, but if you want to permanently delete them you can do that now with some sqlite...

Yes! I had been meaning to add this, but I wasn't aware there was a source of leaked keys I could use as an initial test. It should be fairly...

I have an initial support for this in 2617592149453c47fb2f0aa026b4b2fe2aaaf61e You have to add a key using something like this ssh-auditor cred add -- test "$(cat testing/docker/alpine-sshd-test-key/test.key)" The output of various...

@syrius01 Initial ssh key support is implemented now in 0.15. The UX could be better though, right now you need to do this to load a key into the database:...