mirror of
https://github.com/zeek/zeek.git
synced 2025-10-13 20:18:20 +00:00
Remove redundant storing of protocol in LDAP logs
This commit is contained in:
Benjamin Bannier
parent
82b3a4048f
commit
301d8722bf
10 changed files with 27 additions and 70 deletions
|
|
@ -369,13 +369,11 @@ connection {
|
|||
* message_id: int, log=T, optional=T
|
||||
* objects: vector of string, log=T, optional=T
|
||||
* opcodes: set[string], log=T, optional=T
|
||||
* proto: string, log=T, optional=T
|
||||
* results: set[string], log=T, optional=T
|
||||
* ts: time, log=T, optional=F
|
||||
* uid: string, log=T, optional=F
|
||||
* version: int, log=T, optional=T
|
||||
}
|
||||
* ldap_proto: string, log=F, optional=T
|
||||
* ldap_searches: table[int] of record LDAP::SearchInfo, log=F, optional=T
|
||||
LDAP::SearchInfo {
|
||||
* attributes: vector of string, log=T, optional=T
|
||||
|
|
@ -386,7 +384,6 @@ connection {
|
|||
* id: record conn_id, log=T, optional=F
|
||||
conn_id { ... }
|
||||
* message_id: int, log=T, optional=T
|
||||
* proto: string, log=T, optional=T
|
||||
* result_count: count, log=T, optional=T
|
||||
* results: set[string], log=T, optional=T
|
||||
* scopes: set[string], log=T, optional=T
|
||||
|
|
|
|||
|
|
@ -5,8 +5,8 @@
|
|||
#unset_field -
|
||||
#path ldap
|
||||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto message_id version opcodes results diagnostic_messages objects arguments
|
||||
#types time string addr port addr port string int int set[string] set[string] vector[string] vector[string] vector[string]
|
||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.0.0.1 25936 10.0.0.2 3268 tcp 1 3 bind simple success - xxxxxxxxxxx@xx.xxx.xxxxx.net REDACTED
|
||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.0.0.1 25936 10.0.0.2 3268 tcp 3 3 bind simple success - CN=xxxxxxxx\x2cOU=Users\x2cOU=Accounts\x2cDC=xx\x2cDC=xxx\x2cDC=xxxxx\x2cDC=net REDACTED
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p message_id version opcodes results diagnostic_messages objects arguments
|
||||
#types time string addr port addr port int int set[string] set[string] vector[string] vector[string] vector[string]
|
||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.0.0.1 25936 10.0.0.2 3268 1 3 bind simple success - xxxxxxxxxxx@xx.xxx.xxxxx.net REDACTED
|
||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.0.0.1 25936 10.0.0.2 3268 3 3 bind simple success - CN=xxxxxxxx\x2cOU=Users\x2cOU=Accounts\x2cDC=xx\x2cDC=xxx\x2cDC=xxxxx\x2cDC=net REDACTED
|
||||
#close XXXX-XX-XX-XX-XX-XX
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
#unset_field -
|
||||
#path ldap_search
|
||||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto message_id scopes derefs base_objects result_count results diagnostic_messages filter attributes
|
||||
#types time string addr port addr port string int set[string] set[string] vector[string] count set[string] vector[string] string vector[string]
|
||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.0.0.1 25936 10.0.0.2 3268 tcp 2 tree always DC=xx\x2cDC=xxx\x2cDC=xxxxx\x2cDC=net 1 success - (&(objectclass=*)(sAMAccountName=xxxxxxxx)) sAMAccountName
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p message_id scopes derefs base_objects result_count results diagnostic_messages filter attributes
|
||||
#types time string addr port addr port int set[string] set[string] vector[string] count set[string] vector[string] string vector[string]
|
||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.0.0.1 25936 10.0.0.2 3268 2 tree always DC=xx\x2cDC=xxx\x2cDC=xxxxx\x2cDC=net 1 success - (&(objectclass=*)(sAMAccountName=xxxxxxxx)) sAMAccountName
|
||||
#close XXXX-XX-XX-XX-XX-XX
|
||||
|
|
|
|||
|
|
@ -5,8 +5,8 @@
|
|||
#unset_field -
|
||||
#path ldap
|
||||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto message_id version opcodes results diagnostic_messages objects arguments
|
||||
#types time string addr port addr port string int int set[string] set[string] vector[string] vector[string] vector[string]
|
||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.0.0.1 25936 10.0.0.2 3268 tcp 1 3 bind simple success - xxxxxxxxxxx@xx.xxx.xxxxx.net REDACTED
|
||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.0.0.1 25936 10.0.0.2 3268 tcp 3 3 bind simple success - CN=xxxxxxxx\x2cOU=Users\x2cOU=Accounts\x2cDC=xx\x2cDC=xxx\x2cDC=xxxxx\x2cDC=net REDACTED
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p message_id version opcodes results diagnostic_messages objects arguments
|
||||
#types time string addr port addr port int int set[string] set[string] vector[string] vector[string] vector[string]
|
||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.0.0.1 25936 10.0.0.2 3268 1 3 bind simple success - xxxxxxxxxxx@xx.xxx.xxxxx.net REDACTED
|
||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.0.0.1 25936 10.0.0.2 3268 3 3 bind simple success - CN=xxxxxxxx\x2cOU=Users\x2cOU=Accounts\x2cDC=xx\x2cDC=xxx\x2cDC=xxxxx\x2cDC=net REDACTED
|
||||
#close XXXX-XX-XX-XX-XX-XX
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
#unset_field -
|
||||
#path ldap_search
|
||||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto message_id scopes derefs base_objects result_count results diagnostic_messages filter attributes
|
||||
#types time string addr port addr port string int set[string] set[string] vector[string] count set[string] vector[string] string vector[string]
|
||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.0.0.1 25936 10.0.0.2 3268 tcp 2 tree always DC=xx\x2cDC=xxx\x2cDC=xxxxx\x2cDC=net 1 success - (&(objectclass=*)(sAMAccountName=xxxxxxxx)) -
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p message_id scopes derefs base_objects result_count results diagnostic_messages filter attributes
|
||||
#types time string addr port addr port int set[string] set[string] vector[string] count set[string] vector[string] string vector[string]
|
||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.0.0.1 25936 10.0.0.2 3268 2 tree always DC=xx\x2cDC=xxx\x2cDC=xxxxx\x2cDC=net 1 success - (&(objectclass=*)(sAMAccountName=xxxxxxxx)) -
|
||||
#close XXXX-XX-XX-XX-XX-XX
|
||||
|
|
|
|||
|
|
@ -5,8 +5,8 @@
|
|||
#unset_field -
|
||||
#path ldap
|
||||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto message_id version opcodes results diagnostic_messages objects arguments
|
||||
#types time string addr port addr port string int int set[string] set[string] vector[string] vector[string] vector[string]
|
||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.0.0.1 25936 10.0.0.2 32681 tcp 1 3 bind simple success - xxxxxxxxxxx@xx.xxx.xxxxx.net REDACTED
|
||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.0.0.1 25936 10.0.0.2 32681 tcp 3 3 bind simple success - CN=xxxxxxxx\x2cOU=Users\x2cOU=Accounts\x2cDC=xx\x2cDC=xxx\x2cDC=xxxxx\x2cDC=net REDACTED
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p message_id version opcodes results diagnostic_messages objects arguments
|
||||
#types time string addr port addr port int int set[string] set[string] vector[string] vector[string] vector[string]
|
||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.0.0.1 25936 10.0.0.2 32681 1 3 bind simple success - xxxxxxxxxxx@xx.xxx.xxxxx.net REDACTED
|
||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.0.0.1 25936 10.0.0.2 32681 3 3 bind simple success - CN=xxxxxxxx\x2cOU=Users\x2cOU=Accounts\x2cDC=xx\x2cDC=xxx\x2cDC=xxxxx\x2cDC=net REDACTED
|
||||
#close XXXX-XX-XX-XX-XX-XX
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
#unset_field -
|
||||
#path ldap_search
|
||||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto message_id scopes derefs base_objects result_count results diagnostic_messages filter attributes
|
||||
#types time string addr port addr port string int set[string] set[string] vector[string] count set[string] vector[string] string vector[string]
|
||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.0.0.1 25936 10.0.0.2 32681 tcp 2 tree always DC=xx\x2cDC=xxx\x2cDC=xxxxx\x2cDC=net 1 success - (&(objectclass=*)(sAMAccountName=xxxxxxxx)) -
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p message_id scopes derefs base_objects result_count results diagnostic_messages filter attributes
|
||||
#types time string addr port addr port int set[string] set[string] vector[string] count set[string] vector[string] string vector[string]
|
||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.0.0.1 25936 10.0.0.2 32681 2 tree always DC=xx\x2cDC=xxx\x2cDC=xxxxx\x2cDC=net 1 success - (&(objectclass=*)(sAMAccountName=xxxxxxxx)) -
|
||||
#close XXXX-XX-XX-XX-XX-XX
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
#unset_field -
|
||||
#path ldap
|
||||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto message_id version opcodes results diagnostic_messages objects arguments
|
||||
#types time string addr port addr port string int int set[string] set[string] vector[string] vector[string] vector[string]
|
||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.31.1.104 3116 172.31.1.101 389 tcp 215 3 bind SASL success - - GSS-SPNEGO
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p message_id version opcodes results diagnostic_messages objects arguments
|
||||
#types time string addr port addr port int int set[string] set[string] vector[string] vector[string] vector[string]
|
||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.31.1.104 3116 172.31.1.101 389 215 3 bind SASL success - - GSS-SPNEGO
|
||||
#close XXXX-XX-XX-XX-XX-XX
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
#unset_field -
|
||||
#path ldap_search
|
||||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto message_id scopes derefs base_objects result_count results diagnostic_messages filter attributes
|
||||
#types time string addr port addr port string int set[string] set[string] vector[string] count set[string] vector[string] string vector[string]
|
||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.31.1.104 3116 172.31.1.101 389 tcp 213 base never - 1 success - (objectclass=*) -
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p message_id scopes derefs base_objects result_count results diagnostic_messages filter attributes
|
||||
#types time string addr port addr port int set[string] set[string] vector[string] count set[string] vector[string] string vector[string]
|
||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.31.1.104 3116 172.31.1.101 389 213 base never - 1 success - (objectclass=*) -
|
||||
#close XXXX-XX-XX-XX-XX-XX
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue