Allow to track service violations in conn.log.

This introduces ian options, DPD::track_removed_services_in_connection. It adds failed services to the services column, prefixed with a "-". Alternatively, this commit also adds policy/protocols/conn/failed-services.zeek, which provides the same information in a new column in conn.log.
2025-10-02 06:38:20 +00:00 · 2025-01-30 16:32:32 +00:00 · 2025-01-30 16:32:32 +00:00 · 2f712c3c24
commit 2f712c3c24
parent ac7bbe6949
8 changed files with 67 additions and 6 deletions
--- a/scripts/base/protocols/conn/main.zeek
+++ b/scripts/base/protocols/conn/main.zeek
@ -31,6 +31,9 @@ export {
 		## the connection. Can list more than one protocol separated with
 		## colons. Protocols listed are in the order in which they are
 		## confirmed.
+		## This field can also contain a list of protocol analyzers that
+		## raise violations prefixed with a "-" if the option
+		## :zeek:see:`DPD::track_removed_services_in_connection` is set.
 		service:      string          &log &optional;
 		## How long the connection lasted.
 		##