mirror of
https://github.com/zeek/zeek.git
synced 2025-10-11 19:18:19 +00:00
Move IP and IP tunnel code from Sessions into packet analyzers
This commit is contained in:
Tim Wojtulewicz
parent
69da2d7b1d
commit
1cf251d1ca
53 changed files with 1226 additions and 907 deletions
|
|
@ -3,8 +3,8 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#open 2019-08-21-02-16-33
|
||||
#open 2020-09-15-17-17-50
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1333663011.602839 - - - - - unknown_protocol 135 F zeek
|
||||
#close 2019-08-21-02-16-33
|
||||
1333663011.602839 - - - - - no_suitable_analyzer_found - F zeek
|
||||
#close 2020-09-15-17-17-50
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#open 2019-06-07-01-59-22
|
||||
#open 2020-09-10-22-34-02
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1500557630.000000 - b100:7265::6904:2aff 0 3bbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
|
|
@ -15,7 +15,7 @@
|
|||
1500557630.000000 - b100:7265:6374:6929::6904:ff 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557630.000000 - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557630.000000 - b100:6500:72:6369:2a29:0:690a:ff 0 3bbf:ff00:40:0:ffef:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557630.000000 - 255.255.0.0 0 255.255.255.223 0 invalid_inner_IP_version - F zeek
|
||||
1500557630.000000 - - - - - unknown_ip_version - F zeek
|
||||
1500557631.000000 - b100:7265:6300:69:7429:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - 9c00:7265:6374:6929::6927:ff 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:6929::6904:ff 0 3b00:40:ffbf:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
|
|
@ -89,7 +89,6 @@
|
|||
1500557631.000000 - 9c00:7265:6374:6929:600:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - 9c00:7463:2a72:6929:400:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b000:7265:6374:6929::8004:ff 0 3bbf:ff80:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - 255.255.0.0 0 255.255.255.237 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - 0:7265:6374:6929:ff:27:a800:ff 0 100:0:143:4f4e:5445:4e54:535f:524c 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:6929::6904:ff 0 3bbf:f9fe:ffbf:ffff:0:ff28:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - - - - - ip_hdr_len_zero - F zeek
|
||||
|
|
@ -300,7 +299,6 @@
|
|||
1500557632.000000 - b100:7200:400:65:ffff:ffff:ffff:ffff 0 ffff:0:ffff:ff3a:2000:82b:0:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6300:69:7429:0:6904:ff 0 3bbf:ff00:40:0:ffff:fdff:ffff:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - 9c00:7265:6374:6929::6127:fb 0 3bbf:6500:6fd:188:4747:4747:61fd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - 0.0.0.255 0 11.0.255.0 0 invalid_IP_header_size_in_tunnel - F zeek
|
||||
1500557632.000000 - b100:7265:63ce:69:7429:0:690a:ff 0 3bbf:ff00:40:0:7fff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6374:2a29::6904:2aff 0 3bbf:ff00:40:21:27ff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ff4e:5654:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
|
|
@ -462,4 +460,4 @@
|
|||
1500557634.000000 - b100:7265:6374:6929:ff:ffff:ff04:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557634.000000 - b100:7265:0:ff00:69:2980:0:69 0 c4ff:bf00:ff00:3b:40ff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557634.000000 - 9c00:7265:6374:69d1::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
#close 2019-06-07-01-59-22
|
||||
#close 2020-09-10-22-34-02
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path loaded_scripts
|
||||
#open 2020-09-08-08-14-03
|
||||
#open 2020-09-10-23-14-33
|
||||
#fields name
|
||||
#types string
|
||||
scripts/base/init-bare.zeek
|
||||
|
|
@ -48,6 +48,10 @@ scripts/base/init-bare.zeek
|
|||
scripts/base/packet-protocols/vlan/main.zeek
|
||||
scripts/base/packet-protocols/mpls/__load__.zeek
|
||||
scripts/base/packet-protocols/mpls/main.zeek
|
||||
scripts/base/packet-protocols/gre/__load__.zeek
|
||||
scripts/base/packet-protocols/gre/main.zeek
|
||||
scripts/base/packet-protocols/iptunnel/__load__.zeek
|
||||
scripts/base/packet-protocols/iptunnel/main.zeek
|
||||
scripts/base/init-frameworks-and-bifs.zeek
|
||||
scripts/base/frameworks/logging/__load__.zeek
|
||||
scripts/base/frameworks/logging/main.zeek
|
||||
|
|
@ -216,4 +220,4 @@ scripts/base/init-frameworks-and-bifs.zeek
|
|||
build/scripts/base/bif/plugins/Zeek_SQLiteWriter.sqlite.bif.zeek
|
||||
scripts/policy/misc/loaded-scripts.zeek
|
||||
scripts/base/utils/paths.zeek
|
||||
#close 2020-09-08-08-14-03
|
||||
#close 2020-09-10-23-14-33
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path loaded_scripts
|
||||
#open 2020-09-22-17-14-48
|
||||
#open 2020-09-23-19-37-26
|
||||
#fields name
|
||||
#types string
|
||||
scripts/base/init-bare.zeek
|
||||
|
|
@ -48,6 +48,10 @@ scripts/base/init-bare.zeek
|
|||
scripts/base/packet-protocols/vlan/main.zeek
|
||||
scripts/base/packet-protocols/mpls/__load__.zeek
|
||||
scripts/base/packet-protocols/mpls/main.zeek
|
||||
scripts/base/packet-protocols/gre/__load__.zeek
|
||||
scripts/base/packet-protocols/gre/main.zeek
|
||||
scripts/base/packet-protocols/iptunnel/__load__.zeek
|
||||
scripts/base/packet-protocols/iptunnel/main.zeek
|
||||
scripts/base/init-frameworks-and-bifs.zeek
|
||||
scripts/base/frameworks/logging/__load__.zeek
|
||||
scripts/base/frameworks/logging/main.zeek
|
||||
|
|
@ -412,4 +416,4 @@ scripts/base/init-default.zeek
|
|||
scripts/base/misc/find-filtered-trace.zeek
|
||||
scripts/base/misc/version.zeek
|
||||
scripts/policy/misc/loaded-scripts.zeek
|
||||
#close 2020-09-22-17-14-48
|
||||
#close 2020-09-23-19-37-26
|
||||
|
|
|
|||
|
|
@ -283,7 +283,7 @@
|
|||
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird, policy=Weird::log_policy])) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509, policy=X509::log_policy])) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql, policy=MySQL::log_policy])) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1601496515.916419, node=zeek, filter=ip or not ip, init=T, success=T])) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1602789493.024881, node=zeek, filter=ip or not ip, init=T, success=T])) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(Log::add_default_filter, <frame>, (Broker::LOG)) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(Log::add_default_filter, <frame>, (Cluster::LOG)) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(Log::add_default_filter, <frame>, (Config::LOG)) -> <no result>
|
||||
|
|
@ -464,7 +464,7 @@
|
|||
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird, policy=Weird::log_policy])) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509, policy=X509::log_policy])) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql, policy=MySQL::log_policy])) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1601496515.916419, node=zeek, filter=ip or not ip, init=T, success=T])) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1602789493.024881, node=zeek, filter=ip or not ip, init=T, success=T])) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(NetControl::check_plugins, <frame>, ()) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(NetControl::init, <null>, ()) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(Notice::want_pp, <frame>, ()) -> <no result>
|
||||
|
|
@ -555,7 +555,7 @@
|
|||
0.000000 MetaHookPost CallFunction(PacketFilter::build, <frame>, ()) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(PacketFilter::combine_filters, <frame>, (ip or not ip, and, )) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(PacketFilter::install, <frame>, ()) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(PacketFilter::log_policy, <null>, ([ts=1601496515.916419, node=zeek, filter=ip or not ip, init=T, success=T], PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=packet_filter, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(PacketFilter::log_policy, <null>, ([ts=1602789493.024881, node=zeek, filter=ip or not ip, init=T, success=T], PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=packet_filter, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(Pcap::install_pcap_filter, <frame>, (PacketFilter::DefaultPcapFilter)) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(Pcap::precompile_pcap_filter, <frame>, (PacketFilter::DefaultPcapFilter, ip or not ip)) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(SumStats::add_observe_plugin_dependency, <frame>, (SumStats::STD_DEV, SumStats::VARIANCE)) -> <no result>
|
||||
|
|
@ -847,6 +847,7 @@
|
|||
0.000000 MetaHookPost LoadFile(0, base<...>/find-filtered-trace.zeek) -> -1
|
||||
0.000000 MetaHookPost LoadFile(0, base<...>/ftp) -> -1
|
||||
0.000000 MetaHookPost LoadFile(0, base<...>/geoip-distance.zeek) -> -1
|
||||
0.000000 MetaHookPost LoadFile(0, base<...>/gre) -> -1
|
||||
0.000000 MetaHookPost LoadFile(0, base<...>/hash) -> -1
|
||||
0.000000 MetaHookPost LoadFile(0, base<...>/hash_hrw.zeek) -> -1
|
||||
0.000000 MetaHookPost LoadFile(0, base<...>/http) -> -1
|
||||
|
|
@ -859,6 +860,7 @@
|
|||
0.000000 MetaHookPost LoadFile(0, base<...>/input.bif.zeek) -> -1
|
||||
0.000000 MetaHookPost LoadFile(0, base<...>/intel) -> -1
|
||||
0.000000 MetaHookPost LoadFile(0, base<...>/ip) -> -1
|
||||
0.000000 MetaHookPost LoadFile(0, base<...>/iptunnel) -> -1
|
||||
0.000000 MetaHookPost LoadFile(0, base<...>/irc) -> -1
|
||||
0.000000 MetaHookPost LoadFile(0, base<...>/krb) -> -1
|
||||
0.000000 MetaHookPost LoadFile(0, base<...>/linux_sll) -> -1
|
||||
|
|
@ -1229,7 +1231,7 @@
|
|||
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird, policy=Weird::log_policy]))
|
||||
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509, policy=X509::log_policy]))
|
||||
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql, policy=MySQL::log_policy]))
|
||||
0.000000 MetaHookPre CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1601496515.916419, node=zeek, filter=ip or not ip, init=T, success=T]))
|
||||
0.000000 MetaHookPre CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1602789493.024881, node=zeek, filter=ip or not ip, init=T, success=T]))
|
||||
0.000000 MetaHookPre CallFunction(Log::add_default_filter, <frame>, (Broker::LOG))
|
||||
0.000000 MetaHookPre CallFunction(Log::add_default_filter, <frame>, (Cluster::LOG))
|
||||
0.000000 MetaHookPre CallFunction(Log::add_default_filter, <frame>, (Config::LOG))
|
||||
|
|
@ -1410,7 +1412,7 @@
|
|||
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird, policy=Weird::log_policy]))
|
||||
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509, policy=X509::log_policy]))
|
||||
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql, policy=MySQL::log_policy]))
|
||||
0.000000 MetaHookPre CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1601496515.916419, node=zeek, filter=ip or not ip, init=T, success=T]))
|
||||
0.000000 MetaHookPre CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1602789493.024881, node=zeek, filter=ip or not ip, init=T, success=T]))
|
||||
0.000000 MetaHookPre CallFunction(NetControl::check_plugins, <frame>, ())
|
||||
0.000000 MetaHookPre CallFunction(NetControl::init, <null>, ())
|
||||
0.000000 MetaHookPre CallFunction(Notice::want_pp, <frame>, ())
|
||||
|
|
@ -1501,7 +1503,7 @@
|
|||
0.000000 MetaHookPre CallFunction(PacketFilter::build, <frame>, ())
|
||||
0.000000 MetaHookPre CallFunction(PacketFilter::combine_filters, <frame>, (ip or not ip, and, ))
|
||||
0.000000 MetaHookPre CallFunction(PacketFilter::install, <frame>, ())
|
||||
0.000000 MetaHookPre CallFunction(PacketFilter::log_policy, <null>, ([ts=1601496515.916419, node=zeek, filter=ip or not ip, init=T, success=T], PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=packet_filter, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
|
||||
0.000000 MetaHookPre CallFunction(PacketFilter::log_policy, <null>, ([ts=1602789493.024881, node=zeek, filter=ip or not ip, init=T, success=T], PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=packet_filter, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
|
||||
0.000000 MetaHookPre CallFunction(Pcap::install_pcap_filter, <frame>, (PacketFilter::DefaultPcapFilter))
|
||||
0.000000 MetaHookPre CallFunction(Pcap::precompile_pcap_filter, <frame>, (PacketFilter::DefaultPcapFilter, ip or not ip))
|
||||
0.000000 MetaHookPre CallFunction(SumStats::add_observe_plugin_dependency, <frame>, (SumStats::STD_DEV, SumStats::VARIANCE))
|
||||
|
|
@ -1793,6 +1795,7 @@
|
|||
0.000000 MetaHookPre LoadFile(0, base<...>/find-filtered-trace.zeek)
|
||||
0.000000 MetaHookPre LoadFile(0, base<...>/ftp)
|
||||
0.000000 MetaHookPre LoadFile(0, base<...>/geoip-distance.zeek)
|
||||
0.000000 MetaHookPre LoadFile(0, base<...>/gre)
|
||||
0.000000 MetaHookPre LoadFile(0, base<...>/hash)
|
||||
0.000000 MetaHookPre LoadFile(0, base<...>/hash_hrw.zeek)
|
||||
0.000000 MetaHookPre LoadFile(0, base<...>/http)
|
||||
|
|
@ -1805,6 +1808,7 @@
|
|||
0.000000 MetaHookPre LoadFile(0, base<...>/input.bif.zeek)
|
||||
0.000000 MetaHookPre LoadFile(0, base<...>/intel)
|
||||
0.000000 MetaHookPre LoadFile(0, base<...>/ip)
|
||||
0.000000 MetaHookPre LoadFile(0, base<...>/iptunnel)
|
||||
0.000000 MetaHookPre LoadFile(0, base<...>/irc)
|
||||
0.000000 MetaHookPre LoadFile(0, base<...>/krb)
|
||||
0.000000 MetaHookPre LoadFile(0, base<...>/linux_sll)
|
||||
|
|
@ -2174,7 +2178,7 @@
|
|||
0.000000 | HookCallFunction Log::__create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird, policy=Weird::log_policy])
|
||||
0.000000 | HookCallFunction Log::__create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509, policy=X509::log_policy])
|
||||
0.000000 | HookCallFunction Log::__create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql, policy=MySQL::log_policy])
|
||||
0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1601496515.916419, node=zeek, filter=ip or not ip, init=T, success=T])
|
||||
0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1602789493.024881, node=zeek, filter=ip or not ip, init=T, success=T])
|
||||
0.000000 | HookCallFunction Log::add_default_filter(Broker::LOG)
|
||||
0.000000 | HookCallFunction Log::add_default_filter(Cluster::LOG)
|
||||
0.000000 | HookCallFunction Log::add_default_filter(Config::LOG)
|
||||
|
|
@ -2355,7 +2359,7 @@
|
|||
0.000000 | HookCallFunction Log::create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird, policy=Weird::log_policy])
|
||||
0.000000 | HookCallFunction Log::create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509, policy=X509::log_policy])
|
||||
0.000000 | HookCallFunction Log::create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql, policy=MySQL::log_policy])
|
||||
0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1601496515.916419, node=zeek, filter=ip or not ip, init=T, success=T])
|
||||
0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1602789493.024881, node=zeek, filter=ip or not ip, init=T, success=T])
|
||||
0.000000 | HookCallFunction NetControl::check_plugins()
|
||||
0.000000 | HookCallFunction NetControl::init()
|
||||
0.000000 | HookCallFunction Notice::want_pp()
|
||||
|
|
@ -2446,7 +2450,7 @@
|
|||
0.000000 | HookCallFunction PacketFilter::build()
|
||||
0.000000 | HookCallFunction PacketFilter::combine_filters(ip or not ip, and, )
|
||||
0.000000 | HookCallFunction PacketFilter::install()
|
||||
0.000000 | HookCallFunction PacketFilter::log_policy([ts=1601496515.916419, node=zeek, filter=ip or not ip, init=T, success=T], PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=packet_filter, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
|
||||
0.000000 | HookCallFunction PacketFilter::log_policy([ts=1602789493.024881, node=zeek, filter=ip or not ip, init=T, success=T], PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=packet_filter, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
|
||||
0.000000 | HookCallFunction Pcap::install_pcap_filter(PacketFilter::DefaultPcapFilter)
|
||||
0.000000 | HookCallFunction Pcap::precompile_pcap_filter(PacketFilter::DefaultPcapFilter, ip or not ip)
|
||||
0.000000 | HookCallFunction SumStats::add_observe_plugin_dependency(SumStats::STD_DEV, SumStats::VARIANCE)
|
||||
|
|
@ -2750,6 +2754,7 @@
|
|||
0.000000 | HookLoadFile base<...>/find-filtered-trace.zeek
|
||||
0.000000 | HookLoadFile base<...>/ftp
|
||||
0.000000 | HookLoadFile base<...>/geoip-distance.zeek
|
||||
0.000000 | HookLoadFile base<...>/gre
|
||||
0.000000 | HookLoadFile base<...>/hash
|
||||
0.000000 | HookLoadFile base<...>/hash_hrw.zeek
|
||||
0.000000 | HookLoadFile base<...>/http
|
||||
|
|
@ -2762,6 +2767,7 @@
|
|||
0.000000 | HookLoadFile base<...>/input.bif.zeek
|
||||
0.000000 | HookLoadFile base<...>/intel
|
||||
0.000000 | HookLoadFile base<...>/ip
|
||||
0.000000 | HookLoadFile base<...>/iptunnel
|
||||
0.000000 | HookLoadFile base<...>/irc
|
||||
0.000000 | HookLoadFile base<...>/krb
|
||||
0.000000 | HookLoadFile base<...>/linux_sll
|
||||
|
|
@ -2831,7 +2837,7 @@
|
|||
0.000000 | HookLoadFile base<...>/xmpp
|
||||
0.000000 | HookLoadFile base<...>/zeek.bif.zeek
|
||||
0.000000 | HookLogInit packet_filter 1/1 {ts (time), node (string), filter (string), init (bool), success (bool)}
|
||||
0.000000 | HookLogWrite packet_filter [ts=1601496515.916419, node=zeek, filter=ip or not ip, init=T, success=T]
|
||||
0.000000 | HookLogWrite packet_filter [ts=1602789493.024881, node=zeek, filter=ip or not ip, init=T, success=T]
|
||||
0.000000 | HookQueueEvent NetControl::init()
|
||||
0.000000 | HookQueueEvent filter_change_tracking()
|
||||
0.000000 | HookQueueEvent zeek_init()
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue