Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-13 12:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

make pacf logging deal with wildcards in flows.

Browse source
This commit is contained in:
Johanna Amann 2015-06-01 18:57:16 -07:00
parent ae18062761
commit 269e80b3e1
1 changed files with 15 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

18
scripts/base/frameworks/pacf/main.bro
View file

@ -241,9 +241,21 @@ function entity_to_info(info: Info, e: Entity)
break;
case FLOW:
info$entity = fmt("%s/%d->%s/%d",
e$flow$src_h, e$flow$src_p,
e$flow$dst_h, e$flow$dst_p);
local ffrom_ip = "*";
local ffrom_port = "*";
local fto_ip = "*";
local fto_port = "*";
if ( e$flow?$src_h )
ffrom_ip = cat(e$flow$src_h);
if ( e$flow?$src_p )
ffrom_port = fmt("%d", e$flow$src_p);
if ( e$flow?$dst_h )
fto_ip = cat(e$flow$dst_h);
if ( e$flow?$dst_p )
fto_port = fmt("%d", e$flow$dst_p);
info$entity = fmt("%s/%s->%s/%s",
ffrom_ip, ffrom_port,
fto_ip, fto_port);
break;
case MAC: