Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-16 21:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Fix a small issue where DCE_RPC commands were improperly being logged.

Browse source
This commit is contained in:
Seth Hall 2016-11-01 03:13:04 -04:00
parent ff682b8c2c
commit 19a4376a9a
1 changed files with 12 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

24
scripts/base/protocols/dce-rpc/main.bro
View file

@ -160,12 +160,12 @@ event dce_rpc_response(c: connection, fid: count, opnum: count, stub_len: count)
{ {
# If there is not an endpoint, there isn't much reason to log. # If there is not an endpoint, there isn't much reason to log.
# This can happen if the request isn't seen. # This can happen if the request isn't seen.
if ( (c$dce_rpc?$endpoint && c$dce_rpc?$operation && if ( (c$dce_rpc?$endpoint && c$dce_rpc?$operation) &&
c$dce_rpc$endpoint !in ignored_operations) ( c$dce_rpc$endpoint !in ignored_operations
|| ||
(c$dce_rpc?$endpoint && c$dce_rpc?$operation && ( c$dce_rpc?$endpoint && c$dce_rpc?$operation &&
c$dce_rpc$operation !in ignored_operations[c$dce_rpc$endpoint] && c$dce_rpc$operation !in ignored_operations[c$dce_rpc$endpoint] &&
"*" !in ignored_operations[c$dce_rpc$endpoint]) ) "*" !in ignored_operations[c$dce_rpc$endpoint]) ) )
{ {
Log::write(LOG, c$dce_rpc); Log::write(LOG, c$dce_rpc);
} }
@ -196,12 +196,12 @@ event connection_state_remove(c: connection)
} }
} }
if ( (c$dce_rpc?$endpoint && c$dce_rpc?$operation && if ( (c$dce_rpc?$endpoint && c$dce_rpc?$operation) &&
c$dce_rpc$endpoint !in ignored_operations) ( c$dce_rpc$endpoint !in ignored_operations
|| ||
(c$dce_rpc?$endpoint && c$dce_rpc?$operation && ( c$dce_rpc?$endpoint && c$dce_rpc?$operation &&
c$dce_rpc$operation !in ignored_operations[c$dce_rpc$endpoint] && c$dce_rpc$operation !in ignored_operations[c$dce_rpc$endpoint] &&
"*" !in ignored_operations[c$dce_rpc$endpoint]) ) "*" !in ignored_operations[c$dce_rpc$endpoint]) ) )
{ {
Log::write(LOG, c$dce_rpc); Log::write(LOG, c$dce_rpc);
} }