Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Updated the SQL injection detection script to make it include samples in notice emails.

Browse source
This commit is contained in:
Seth Hall 2012-11-20 01:02:23 -05:00
parent 47f5d256d8
commit 20fdd36a44
2 changed files with 25 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

7
scripts/base/frameworks/metrics/main.bro
View file

@ -68,6 +68,9 @@ export {
## Value supplied when a metric is finished. It contains all
## of the measurements collected for the metric.
type ResultVal: record {
## The time when this result was first started.
begin: time &log;
## The number of measurements received.
num: count &log &default=0;
@ -439,7 +442,7 @@ function add_data(id: string, index: Index, data: DataPoint)
local metric_tbl = store[id, filter$name];
if ( index !in metric_tbl )
metric_tbl[index] = [];
metric_tbl[index] = [$begin=network_time()];
local result = metric_tbl[index];
@ -450,7 +453,7 @@ function add_data(id: string, index: Index, data: DataPoint)
++result$num;
if ( filter?$samples && data?$str )
if ( filter?$samples && filter$samples > 0 && data?$str )
{
if ( ! result?$sample_queue )
result$sample_queue = Queue::init([$max_len=filter$samples]);