Merge remote-tracking branch 'origin/topic/awelzel/ssh-analyzer-id-existence'

* origin/topic/awelzel/ssh-analyzer-id-existence: ssh: Test for c$ssh$analyzer_id existence
2025-10-10 10:38:20 +00:00 · 2022-11-16 14:50:58 -07:00 · 2022-11-16 14:50:58 -07:00 · 5b57d5efd5
commit 5b57d5efd5
parent ec3eca0549 187096d4a4
3 changed files with 6 additions and 2 deletions
--- a/4
+++ b/4
@ -1,3 +1,7 @@
+5.2.0-dev.320 | 2022-11-16 14:50:58 -0700
+
+  * ssh: Test for c$ssh$analyzer_id existence (Arne Welzel, Corelight)
+
 5.2.0-dev.317 | 2022-11-15 11:34:47 -0700

  * init-bare: Fix zeek:see after bif renaming (Arne Welzel, Corelight)
--- a/2
+++ b/2
@ -1 +1 @@
-5.2.0-dev.317
+5.2.0-dev.320
--- a/scripts/base/protocols/ssh/main.zeek
+++ b/scripts/base/protocols/ssh/main.zeek
@ -249,7 +249,7 @@ event ssh_auth_attempted(c: connection, authenticated: bool) &priority=5
 	c$ssh$auth_success = authenticated;
 	c$ssh$auth_attempts += 1;

-	if ( authenticated && disable_analyzer_after_detection )
+	if ( authenticated && disable_analyzer_after_detection && c$ssh?$analyzer_id )
 		disable_analyzer(c$id, c$ssh$analyzer_id);
 	}