Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-16 21:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Working unified2 analyzer.

Browse source 
- No output by default yet.  Most of the activity is centered
   around generating the Unified2::alert event which ties together
   an IDSEvent and a packet.
This commit is contained in:
Seth Hall 2013-08-12 14:57:12 -04:00
parent 48a190276a
commit 091c8f3ebc
11 changed files with 282 additions and 69 deletions
Download patch file Download diff file Expand all files Collapse all files

5
scripts/base/utils/paths.bro
View file

@ -9,13 +9,12 @@ const absolute_path_pat = /(\/|[A-Za-z]:[\\\/]).*/;
## Returns: the first absolute path found in input string, else an empty string
function extract_path(input: string): string
{
const dir_pattern = /(\/|[A-Za-z]:[\\\/])([^\"\ ]|(\\\ ))*/;
local dir_pattern = /([^\\\/]+)$/;
local parts = split_all(input, dir_pattern);
if ( |parts| < 3 )
return "";
return parts[2];
return parts[1];
}
## Compresses a given path by removing '..'s and the parent directory it