Merge remote-tracking branch 'origin/topic/johanna/gh-4694'

* origin/topic/johanna/gh-4694:
  Add tests for the deprecated-dpd-log.zeek policy script
  Move c$service_violation to deprecated-dpd-log.zeek

scripts/base/frameworks/analyzer/dpd.zeek

@@ -25,10 +25,6 @@ export {
 }
 
 redef record connection += {
-	## The set of services (analyzers) for which Zeek has observed a
-	## violation after the same service had previously been confirmed.
-	service_violation: set[string] &default=set() &ordered &deprecated="Remove in v8.1. Consider using failed_analyzers instead";
-
 	## The set of prototol analyzers that were removed due to a protocol
 	## violation after the same analyzer had previously been confirmed.
 	failed_analyzers: set[string] &default=set() &ordered;

scripts/policy/frameworks/analyzer/deprecated-dpd-log.zeek

@@ -29,6 +29,10 @@ export {
 
 redef record connection += {
 	dpd: Info &optional;
+	## The set of services (analyzers) for which Zeek has observed a
+	## violation after the same service had previously been confirmed.
+	service_violation: set[string] &default=set() &ordered &deprecated="Remove in v8.1. Consider using failed_analyzers instead";
+
 };
 
 event zeek_init() &priority=5
@@ -52,6 +56,8 @@ event analyzer_violation_info(atype: AllAnalyzers::Tag, info: AnalyzerViolationI
 	if ( analyzer !in c$service || analyzer in c$service_violation )
 		return;
 
+	add c$service_violation[analyzer];
+
 	local dpd: Info;
 	dpd$ts = network_time();
 	dpd$uid = c$uid;