Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-13 12:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

analyzer: Add analyzer.log for logging violations/confirmations

Browse source 
By default this only logs all the violations, regardless of the
confirmation state (for which there's still dpd.log). It includes
packet, protocol and file analyzers.

This uses options, change handlers and event groups for toggling
the functionality at runtime.

Closes #2031
This commit is contained in:
Arne Welzel 2022-12-15 17:27:10 +01:00
parent e12baf08a7
commit 17d0ade26a
15 changed files with 372 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

11
testing/btest/scripts/base/frameworks/analyzer/logging.zeek Normal file
View file

@ -0,0 +1,11 @@
# @TEST-EXEC: zeek -b -r ${TRACES}/wikipedia.trace %INPUT
# @TEST-EXEC: mv analyzer.log analyzer.log-no-confirmations
# @TEST-EXEC: btest-diff analyzer.log-no-confirmations
# @TEST-EXEC: zeek -b -r ${TRACES}/wikipedia.trace %INPUT Analyzer::Logging::include_confirmations=T
# @TEST-EXEC: mv analyzer.log analyzer.log-include-confirmations
# @TEST-EXEC: btest-diff analyzer.log-include-confirmations
@load base/protocols/conn
@load base/protocols/dns
@load base/protocols/http