Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge remote-tracking branch 'origin/topic/seth/signatures-uid'

Browse source 
* origin/topic/seth/signatures-uid:
  Add a uid field to the signatures.log (contributed by Anthony Verez)
This commit is contained in:
Seth Hall 2014-04-03 10:51:31 -04:00
commit 2f57c26d5b
3 changed files with 24 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

5
CHANGES
View file

@ -1,4 +1,9 @@
2.2-317 | 2014-04-03 10:51:31 -0400
* Add a uid field to the signatures.log. Addresses BIT-1171
(Anthony Verez)
2.2-315 | 2014-04-01 16:50:01 -0700 2.2-315 | 2014-04-01 16:50:01 -0700
* Change logging's "#types" description of sets to "set". Addresses * Change logging's "#types" description of sets to "set". Addresses

2
VERSION
View file

@ -1 +1 @@
2.2-315 2.2-317

4
scripts/base/frameworks/signatures/main.bro
View file

@ -70,6 +70,9 @@ export {
## The network time at which a signature matching type of event ## The network time at which a signature matching type of event
## to be logged has occurred. ## to be logged has occurred.
ts: time &log; ts: time &log;
## A unique identifier of the connection which triggered the
## signature match event
uid: string &log &optional;
## The host which triggered the signature match event. ## The host which triggered the signature match event.
src_addr: addr &log &optional; src_addr: addr &log &optional;
## The host port on which the signature-matching activity ## The host port on which the signature-matching activity
@ -192,6 +195,7 @@ event signature_match(state: signature_state, msg: string, data: string)
{ {
local info: Info = [$ts=network_time(), local info: Info = [$ts=network_time(),
$note=Sensitive_Signature, $note=Sensitive_Signature,
$uid=state$conn$uid,
$src_addr=src_addr, $src_addr=src_addr,
$src_port=src_port, $src_port=src_port,
$dst_addr=dst_addr, $dst_addr=dst_addr,