Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Add options to filter at the stream level as well as globally

Browse source
This commit is contained in:
Tim Wojtulewicz 2025-08-05 14:50:15 -07:00
parent 339d46ae26
commit 0ec2161b04
30 changed files with 420 additions and 129 deletions
Download patch file Download diff file Expand all files Collapse all files

20
scripts/base/frameworks/logging/main.zeek
View file

@ -422,6 +422,26 @@ export {
## .. :zeek:see:`Log::default_max_delay_queue_size`
## .. :zeek:see:`Log::set_max_delay_queue_size`
max_delay_queue_size: count &default=default_max_delay_queue_size;
## Maximum string size for field in a log record from this stream.
##
## .. :zeek:see:`Log::default_max_field_string_bytes`
max_field_string_bytes: count &default=Log::default_max_field_string_bytes;
## Maximum total string size in a log record from this stream.
##
## .. :zeek:see:`Log::default_max_total_string_bytes`
max_total_string_bytes: count &default=Log::default_max_total_string_bytes;
## Maximum container elements for field in a log record from this stream.
##
## .. :zeek:see:`Log::default_max_field_container_elements`
max_field_container_elements: count &default=Log::default_max_field_container_elements;
## Maximum total container elements in a log record from this stream.
##
## .. :zeek:see:`Log::default_max_total_container_elements`
max_total_container_elements: count &default=Log::default_max_total_container_elements;
};
## Sentinel value for indicating that a filter was not found when looked up.

8
scripts/base/init-bare.zeek
View file

@ -3747,12 +3747,12 @@ export {
## The maximum number of bytes that a single string field can contain when
## logging. If a string reaches this limit, the log output for the field will be
## truncated. Setting this to zero disables the limiting.
const max_field_string_bytes = 4096 &redef;
const default_max_field_string_bytes = 4096 &redef;
## The maximum number of elements a single container field can contain when
## logging. If a container reaches this limit, the log output for the field will
## be truncated. Setting this to zero disables the limiting.
const max_field_container_elements = 100 &redef;
const default_max_field_container_elements = 100 &redef;
## The maximum total bytes a record may log for string fields. This is the sum of
## all bytes in string fields logged for the record. If this limit is reached, all
@ -3760,14 +3760,14 @@ export {
## string fields will be logged as empty containers. If the limit is reached while
## processing a container holding string fields, the container will be truncated
## in the log output. Setting this to zero disables the limiting.
const max_total_string_bytes = 256000 &redef;
const default_max_total_string_bytes = 256000 &redef;
## The maximum total number of container elements a record may log. This is the
## sum of all container elements logged for the record. If this limit is reached,
## all further containers will be logged as empty containers. If the limit is
## reached while processing a container, the container will be truncated in the
## output. Setting this to zero disables the limiting.
const max_total_container_elements = 500 &redef;
const default_max_total_container_elements = 500 &redef;
}
module POP3;