Merge remote-tracking branch 'origin/topic/seth/signatures-uid'

* origin/topic/seth/signatures-uid: Add a uid field to the signatures.log (contributed by Anthony Verez)
2025-10-02 14:48:21 +00:00 · 2014-04-03 10:51:31 -04:00 · 2014-04-03 10:51:31 -04:00 · 2f57c26d5b
commit 2f57c26d5b
parent 2d170edb1e df1647ee00
3 changed files with 24 additions and 15 deletions
--- a/5
+++ b/5
@ -1,4 +1,9 @@

+2.2-317 | 2014-04-03 10:51:31 -0400
+
+  * Add a uid field to the signatures.log.  Addresses BIT-1171 
+    (Anthony Verez)
+
 2.2-315 | 2014-04-01 16:50:01 -0700

  * Change logging's "#types" description of sets to "set". Addresses
--- a/2
+++ b/2
@ -1 +1 @@
-2.2-315
+2.2-317
--- a/scripts/base/frameworks/signatures/main.bro
+++ b/scripts/base/frameworks/signatures/main.bro
@ -70,6 +70,9 @@ export {
 		## The network time at which a signature matching type of event
 		## to be logged has occurred.
 		ts:         time         &log;
+		## A unique identifier of the connection which triggered the
+		## signature match event
+		uid:        string       &log &optional;
 		## The host which triggered the signature match event.
 		src_addr:   addr         &log &optional;
 		## The host port on which the signature-matching activity
@ -192,6 +195,7 @@ event signature_match(state: signature_state, msg: string, data: string)
 		{
 		local info: Info = [$ts=network_time(),
 		                    $note=Sensitive_Signature,
+		                    $uid=state$conn$uid,
 		                    $src_addr=src_addr,
 		                    $src_port=src_port,
 		                    $dst_addr=dst_addr,
 @ -1 +1 @@
 .2-315
 .2-317