Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Add NEWS entry for generic packet thresholds

Browse source
This commit is contained in:
Jan Grashoefer 2025-07-08 11:17:52 +02:00
parent e6d8c3b072
commit 50ab72efc2
1 changed files with 11 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

11
NEWS
View file

@ -194,6 +194,17 @@ New Functionality
get_tags_by_category("ANALYZER");
- A new ``conn_generic_packet_threshold_crossed`` event was introduced. The event triggers
for any IP-based session that reaches a given threshold. Multiple packet thresholds can
be defined in ``ConnThreshold::generic_packet_thresholds``. The generic thresholds refer
to the total number of packets on a connection without taking direction into account
(i.e. the event also triggers on one-sided connections).
The event is intended as an alternative to the ``new_connection`` event that allows for
ignoring short-lived connections like DNS or scans. For example, it can be used to set
up traditional connection monitoring without introducing overhead for connections that
would never reach a larger threshold anyway.
Changed Functionality
---------------------