Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-16 05:28:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Fix a small issue where DCE_RPC commands were improperly being logged.

Browse source
This commit is contained in:
Seth Hall 2016-11-01 03:13:04 -04:00
parent ff682b8c2c
commit 19a4376a9a
1 changed files with 12 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

24
scripts/base/protocols/dce-rpc/main.bro
View file

@ -160,12 +160,12 @@ event dce_rpc_response(c: connection, fid: count, opnum: count, stub_len: count)
{
# If there is not an endpoint, there isn't much reason to log.
# This can happen if the request isn't seen.
if ( (c$dce_rpc?$endpoint && c$dce_rpc?$operation &&
c$dce_rpc$endpoint !in ignored_operations)
||
(c$dce_rpc?$endpoint && c$dce_rpc?$operation &&
c$dce_rpc$operation !in ignored_operations[c$dce_rpc$endpoint] &&
"*" !in ignored_operations[c$dce_rpc$endpoint]) )
if ( (c$dce_rpc?$endpoint && c$dce_rpc?$operation) &&
( c$dce_rpc$endpoint !in ignored_operations
||
( c$dce_rpc?$endpoint && c$dce_rpc?$operation &&
c$dce_rpc$operation !in ignored_operations[c$dce_rpc$endpoint] &&
"*" !in ignored_operations[c$dce_rpc$endpoint]) ) )
{
Log::write(LOG, c$dce_rpc);
}
@ -196,12 +196,12 @@ event connection_state_remove(c: connection)
}
}
if ( (c$dce_rpc?$endpoint && c$dce_rpc?$operation &&
c$dce_rpc$endpoint !in ignored_operations)
||
(c$dce_rpc?$endpoint && c$dce_rpc?$operation &&
c$dce_rpc$operation !in ignored_operations[c$dce_rpc$endpoint] &&
"*" !in ignored_operations[c$dce_rpc$endpoint]) )
if ( (c$dce_rpc?$endpoint && c$dce_rpc?$operation) &&
( c$dce_rpc$endpoint !in ignored_operations
||
( c$dce_rpc?$endpoint && c$dce_rpc?$operation &&
c$dce_rpc$operation !in ignored_operations[c$dce_rpc$endpoint] &&
"*" !in ignored_operations[c$dce_rpc$endpoint]) ) )
{
Log::write(LOG, c$dce_rpc);
}