mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
Add column to packet_filter.log for failure reason
This commit is contained in:
Tim Wojtulewicz
parent
82adecb2ad
commit
5e4db6d0c4
8 changed files with 50 additions and 33 deletions
|
|
@ -48,6 +48,9 @@ export {
|
||||||
|
|
||||||
## Indicate if the filter was applied successfully.
|
## Indicate if the filter was applied successfully.
|
||||||
success: bool &log &default=T;
|
success: bool &log &default=T;
|
||||||
|
|
||||||
|
## A string reason why the filter failed to be created/installed.
|
||||||
|
failure_reason: string &log &optional;
|
||||||
};
|
};
|
||||||
|
|
||||||
## The BPF filter that is used by default to define what traffic should
|
## The BPF filter that is used by default to define what traffic should
|
||||||
|
|
@ -317,6 +320,8 @@ function install(): bool
|
||||||
{
|
{
|
||||||
# Installing the filter failed for some reason.
|
# Installing the filter failed for some reason.
|
||||||
info$success = F;
|
info$success = F;
|
||||||
|
info$failure_reason = Pcap::get_filter_state_string(DefaultPcapFilter);
|
||||||
|
|
||||||
NOTICE([$note=Install_Failure,
|
NOTICE([$note=Install_Failure,
|
||||||
$msg=fmt("Installing packet filter failed"),
|
$msg=fmt("Installing packet filter failed"),
|
||||||
$sub=current_filter]);
|
$sub=current_filter]);
|
||||||
|
|
|
||||||
|
|
@ -112,6 +112,18 @@ function error%(%): string
|
||||||
return zeek::make_intrusive<zeek::StringVal>("no error");
|
return zeek::make_intrusive<zeek::StringVal>("no error");
|
||||||
%}
|
%}
|
||||||
|
|
||||||
|
function get_filter_state_string%(id: PcapFilterID%): string
|
||||||
|
%{
|
||||||
|
zeek::iosource::PktSrc* ps = zeek::iosource_mgr->GetPktSrc();
|
||||||
|
if ( ps )
|
||||||
|
{
|
||||||
|
if ( auto filter = ps->GetBPFFilter(id->AsInt()) )
|
||||||
|
return zeek::make_intrusive<zeek::StringVal>(filter->GetStateMessage());
|
||||||
|
}
|
||||||
|
|
||||||
|
return zeek::make_intrusive<zeek::StringVal>("<unknown>");
|
||||||
|
%}
|
||||||
|
|
||||||
function findalldevs%(%): Pcap::Interfaces
|
function findalldevs%(%): Pcap::Interfaces
|
||||||
%{
|
%{
|
||||||
pcap_if_t* alldevs;
|
pcap_if_t* alldevs;
|
||||||
|
|
|
||||||
|
|
@ -5,7 +5,7 @@
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path packet_filter
|
#path packet_filter
|
||||||
#open XXXX-XX-XX-XX-XX-XX
|
#open XXXX-XX-XX-XX-XX-XX
|
||||||
#fields ts node filter init success
|
#fields ts node filter init success failure_reason
|
||||||
#types time string string bool bool
|
#types time string string bool bool string
|
||||||
XXXXXXXXXX.XXXXXX zeek port 50000 T T
|
XXXXXXXXXX.XXXXXX zeek port 50000 T T -
|
||||||
#close XXXX-XX-XX-XX-XX-XX
|
#close XXXX-XX-XX-XX-XX-XX
|
||||||
|
|
|
||||||
|
|
@ -5,9 +5,9 @@
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path packet_filter
|
#path packet_filter
|
||||||
#open XXXX-XX-XX-XX-XX-XX
|
#open XXXX-XX-XX-XX-XX-XX
|
||||||
#fields ts node filter init success
|
#fields ts node filter init success failure_reason
|
||||||
#types time string string bool bool
|
#types time string string bool bool string
|
||||||
XXXXXXXXXX.XXXXXX zeek ip or not ip T T
|
XXXXXXXXXX.XXXXXX zeek ip or not ip T T -
|
||||||
#close XXXX-XX-XX-XX-XX-XX
|
#close XXXX-XX-XX-XX-XX-XX
|
||||||
#separator \x09
|
#separator \x09
|
||||||
#set_separator ,
|
#set_separator ,
|
||||||
|
|
@ -15,9 +15,9 @@ XXXXXXXXXX.XXXXXX zeek ip or not ip T T
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path packet_filter
|
#path packet_filter
|
||||||
#open XXXX-XX-XX-XX-XX-XX
|
#open XXXX-XX-XX-XX-XX-XX
|
||||||
#fields ts node filter init success
|
#fields ts node filter init success failure_reason
|
||||||
#types time string string bool bool
|
#types time string string bool bool string
|
||||||
XXXXXXXXXX.XXXXXX zeek port 42 T T
|
XXXXXXXXXX.XXXXXX zeek port 42 T T -
|
||||||
#close XXXX-XX-XX-XX-XX-XX
|
#close XXXX-XX-XX-XX-XX-XX
|
||||||
#separator \x09
|
#separator \x09
|
||||||
#set_separator ,
|
#set_separator ,
|
||||||
|
|
@ -25,7 +25,7 @@ XXXXXXXXXX.XXXXXX zeek port 42 T T
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path packet_filter
|
#path packet_filter
|
||||||
#open XXXX-XX-XX-XX-XX-XX
|
#open XXXX-XX-XX-XX-XX-XX
|
||||||
#fields ts node filter init success
|
#fields ts node filter init success failure_reason
|
||||||
#types time string string bool bool
|
#types time string string bool bool string
|
||||||
XXXXXXXXXX.XXXXXX zeek (vlan) and (ip or not ip) T T
|
XXXXXXXXXX.XXXXXX zeek (vlan) and (ip or not ip) T T -
|
||||||
#close XXXX-XX-XX-XX-XX-XX
|
#close XXXX-XX-XX-XX-XX-XX
|
||||||
|
|
|
||||||
|
|
@ -282,7 +282,7 @@
|
||||||
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird, policy=Weird::log_policy])) -> <no result>
|
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird, policy=Weird::log_policy])) -> <no result>
|
||||||
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509, policy=X509::log_policy])) -> <no result>
|
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509, policy=X509::log_policy])) -> <no result>
|
||||||
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql, policy=MySQL::log_policy])) -> <no result>
|
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql, policy=MySQL::log_policy])) -> <no result>
|
||||||
0.000000 MetaHookPost CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T])) -> <no result>
|
0.000000 MetaHookPost CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T, failure_reason=<uninitialized>])) -> <no result>
|
||||||
0.000000 MetaHookPost CallFunction(Log::add_default_filter, <frame>, (Broker::LOG)) -> <no result>
|
0.000000 MetaHookPost CallFunction(Log::add_default_filter, <frame>, (Broker::LOG)) -> <no result>
|
||||||
0.000000 MetaHookPost CallFunction(Log::add_default_filter, <frame>, (Cluster::LOG)) -> <no result>
|
0.000000 MetaHookPost CallFunction(Log::add_default_filter, <frame>, (Cluster::LOG)) -> <no result>
|
||||||
0.000000 MetaHookPost CallFunction(Log::add_default_filter, <frame>, (Config::LOG)) -> <no result>
|
0.000000 MetaHookPost CallFunction(Log::add_default_filter, <frame>, (Config::LOG)) -> <no result>
|
||||||
|
|
@ -469,8 +469,8 @@
|
||||||
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509, policy=X509::log_policy])) -> <no result>
|
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509, policy=X509::log_policy])) -> <no result>
|
||||||
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql, policy=MySQL::log_policy])) -> <no result>
|
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql, policy=MySQL::log_policy])) -> <no result>
|
||||||
0.000000 MetaHookPost CallFunction(Log::get_filter, <frame>, (SSL::LOG, default)) -> <no result>
|
0.000000 MetaHookPost CallFunction(Log::get_filter, <frame>, (SSL::LOG, default)) -> <no result>
|
||||||
0.000000 MetaHookPost CallFunction(Log::log_stream_policy, <null>, ([ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T], PacketFilter::LOG)) -> <no result>
|
0.000000 MetaHookPost CallFunction(Log::log_stream_policy, <null>, ([ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T, failure_reason=<uninitialized>], PacketFilter::LOG)) -> <no result>
|
||||||
0.000000 MetaHookPost CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T])) -> <no result>
|
0.000000 MetaHookPost CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T, failure_reason=<uninitialized>])) -> <no result>
|
||||||
0.000000 MetaHookPost CallFunction(NetControl::check_plugins, <frame>, ()) -> <no result>
|
0.000000 MetaHookPost CallFunction(NetControl::check_plugins, <frame>, ()) -> <no result>
|
||||||
0.000000 MetaHookPost CallFunction(NetControl::init, <null>, ()) -> <no result>
|
0.000000 MetaHookPost CallFunction(NetControl::init, <null>, ()) -> <no result>
|
||||||
0.000000 MetaHookPost CallFunction(Notice::want_pp, <frame>, ()) -> <no result>
|
0.000000 MetaHookPost CallFunction(Notice::want_pp, <frame>, ()) -> <no result>
|
||||||
|
|
@ -668,7 +668,7 @@
|
||||||
0.000000 MetaHookPost CallFunction(PacketFilter::build, <frame>, ()) -> <no result>
|
0.000000 MetaHookPost CallFunction(PacketFilter::build, <frame>, ()) -> <no result>
|
||||||
0.000000 MetaHookPost CallFunction(PacketFilter::combine_filters, <frame>, (ip or not ip, and, )) -> <no result>
|
0.000000 MetaHookPost CallFunction(PacketFilter::combine_filters, <frame>, (ip or not ip, and, )) -> <no result>
|
||||||
0.000000 MetaHookPost CallFunction(PacketFilter::install, <frame>, ()) -> <no result>
|
0.000000 MetaHookPost CallFunction(PacketFilter::install, <frame>, ()) -> <no result>
|
||||||
0.000000 MetaHookPost CallFunction(PacketFilter::log_policy, <null>, ([ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T], PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, path=packet_filter, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
|
0.000000 MetaHookPost CallFunction(PacketFilter::log_policy, <null>, ([ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T, failure_reason=<uninitialized>], PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, path=packet_filter, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
|
||||||
0.000000 MetaHookPost CallFunction(Pcap::install_pcap_filter, <frame>, (PacketFilter::DefaultPcapFilter)) -> <no result>
|
0.000000 MetaHookPost CallFunction(Pcap::install_pcap_filter, <frame>, (PacketFilter::DefaultPcapFilter)) -> <no result>
|
||||||
0.000000 MetaHookPost CallFunction(Pcap::precompile_pcap_filter, <frame>, (PacketFilter::DefaultPcapFilter, ip or not ip)) -> <no result>
|
0.000000 MetaHookPost CallFunction(Pcap::precompile_pcap_filter, <frame>, (PacketFilter::DefaultPcapFilter, ip or not ip)) -> <no result>
|
||||||
0.000000 MetaHookPost CallFunction(Site::update_local_nets_table, <frame>, (Site::local_nets, {})) -> <no result>
|
0.000000 MetaHookPost CallFunction(Site::update_local_nets_table, <frame>, (Site::local_nets, {})) -> <no result>
|
||||||
|
|
@ -1509,8 +1509,8 @@
|
||||||
0.000000 MetaHookPost LoadFileExtended(1, ./programming, <...>/programming.sig) -> (-1, <no content>)
|
0.000000 MetaHookPost LoadFileExtended(1, ./programming, <...>/programming.sig) -> (-1, <no content>)
|
||||||
0.000000 MetaHookPost LoadFileExtended(1, ./video, <...>/video.sig) -> (-1, <no content>)
|
0.000000 MetaHookPost LoadFileExtended(1, ./video, <...>/video.sig) -> (-1, <no content>)
|
||||||
0.000000 MetaHookPost LoadFileExtended(1, s2, ./s2.sig) -> (-1, <no content>)
|
0.000000 MetaHookPost LoadFileExtended(1, s2, ./s2.sig) -> (-1, <no content>)
|
||||||
0.000000 MetaHookPost LogInit(Log::WRITER_ASCII, default, true, true, packet_filter(0.0,0.0,0.0), 5, {ts (time), node (string), filter (string), init (bool), success (bool)}) -> <void>
|
0.000000 MetaHookPost LogInit(Log::WRITER_ASCII, default, true, true, packet_filter(0.0,0.0,0.0), 6, {ts (time), node (string), filter (string), init (bool), success (bool), failure_reason (string)}) -> <void>
|
||||||
0.000000 MetaHookPost LogWrite(Log::WRITER_ASCII, default, packet_filter(0.0,0.0,0.0), 5, {ts (time), node (string), filter (string), init (bool), success (bool)}, <void ptr>) -> true
|
0.000000 MetaHookPost LogWrite(Log::WRITER_ASCII, default, packet_filter(0.0,0.0,0.0), 6, {ts (time), node (string), filter (string), init (bool), success (bool), failure_reason (string)}, <void ptr>) -> true
|
||||||
0.000000 MetaHookPost QueueEvent(NetControl::init()) -> false
|
0.000000 MetaHookPost QueueEvent(NetControl::init()) -> false
|
||||||
0.000000 MetaHookPost QueueEvent(filter_change_tracking()) -> false
|
0.000000 MetaHookPost QueueEvent(filter_change_tracking()) -> false
|
||||||
0.000000 MetaHookPost QueueEvent(zeek_init()) -> false
|
0.000000 MetaHookPost QueueEvent(zeek_init()) -> false
|
||||||
|
|
@ -1797,7 +1797,7 @@
|
||||||
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird, policy=Weird::log_policy]))
|
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird, policy=Weird::log_policy]))
|
||||||
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509, policy=X509::log_policy]))
|
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509, policy=X509::log_policy]))
|
||||||
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql, policy=MySQL::log_policy]))
|
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql, policy=MySQL::log_policy]))
|
||||||
0.000000 MetaHookPre CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T]))
|
0.000000 MetaHookPre CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T, failure_reason=<uninitialized>]))
|
||||||
0.000000 MetaHookPre CallFunction(Log::add_default_filter, <frame>, (Broker::LOG))
|
0.000000 MetaHookPre CallFunction(Log::add_default_filter, <frame>, (Broker::LOG))
|
||||||
0.000000 MetaHookPre CallFunction(Log::add_default_filter, <frame>, (Cluster::LOG))
|
0.000000 MetaHookPre CallFunction(Log::add_default_filter, <frame>, (Cluster::LOG))
|
||||||
0.000000 MetaHookPre CallFunction(Log::add_default_filter, <frame>, (Config::LOG))
|
0.000000 MetaHookPre CallFunction(Log::add_default_filter, <frame>, (Config::LOG))
|
||||||
|
|
@ -1984,8 +1984,8 @@
|
||||||
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509, policy=X509::log_policy]))
|
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509, policy=X509::log_policy]))
|
||||||
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql, policy=MySQL::log_policy]))
|
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql, policy=MySQL::log_policy]))
|
||||||
0.000000 MetaHookPre CallFunction(Log::get_filter, <frame>, (SSL::LOG, default))
|
0.000000 MetaHookPre CallFunction(Log::get_filter, <frame>, (SSL::LOG, default))
|
||||||
0.000000 MetaHookPre CallFunction(Log::log_stream_policy, <null>, ([ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T], PacketFilter::LOG))
|
0.000000 MetaHookPre CallFunction(Log::log_stream_policy, <null>, ([ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T, failure_reason=<uninitialized>], PacketFilter::LOG))
|
||||||
0.000000 MetaHookPre CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T]))
|
0.000000 MetaHookPre CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T, failure_reason=<uninitialized>]))
|
||||||
0.000000 MetaHookPre CallFunction(NetControl::check_plugins, <frame>, ())
|
0.000000 MetaHookPre CallFunction(NetControl::check_plugins, <frame>, ())
|
||||||
0.000000 MetaHookPre CallFunction(NetControl::init, <null>, ())
|
0.000000 MetaHookPre CallFunction(NetControl::init, <null>, ())
|
||||||
0.000000 MetaHookPre CallFunction(Notice::want_pp, <frame>, ())
|
0.000000 MetaHookPre CallFunction(Notice::want_pp, <frame>, ())
|
||||||
|
|
@ -2183,7 +2183,7 @@
|
||||||
0.000000 MetaHookPre CallFunction(PacketFilter::build, <frame>, ())
|
0.000000 MetaHookPre CallFunction(PacketFilter::build, <frame>, ())
|
||||||
0.000000 MetaHookPre CallFunction(PacketFilter::combine_filters, <frame>, (ip or not ip, and, ))
|
0.000000 MetaHookPre CallFunction(PacketFilter::combine_filters, <frame>, (ip or not ip, and, ))
|
||||||
0.000000 MetaHookPre CallFunction(PacketFilter::install, <frame>, ())
|
0.000000 MetaHookPre CallFunction(PacketFilter::install, <frame>, ())
|
||||||
0.000000 MetaHookPre CallFunction(PacketFilter::log_policy, <null>, ([ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T], PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, path=packet_filter, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
|
0.000000 MetaHookPre CallFunction(PacketFilter::log_policy, <null>, ([ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T, failure_reason=<uninitialized>], PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, path=packet_filter, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
|
||||||
0.000000 MetaHookPre CallFunction(Pcap::install_pcap_filter, <frame>, (PacketFilter::DefaultPcapFilter))
|
0.000000 MetaHookPre CallFunction(Pcap::install_pcap_filter, <frame>, (PacketFilter::DefaultPcapFilter))
|
||||||
0.000000 MetaHookPre CallFunction(Pcap::precompile_pcap_filter, <frame>, (PacketFilter::DefaultPcapFilter, ip or not ip))
|
0.000000 MetaHookPre CallFunction(Pcap::precompile_pcap_filter, <frame>, (PacketFilter::DefaultPcapFilter, ip or not ip))
|
||||||
0.000000 MetaHookPre CallFunction(Site::update_local_nets_table, <frame>, (Site::local_nets, {}))
|
0.000000 MetaHookPre CallFunction(Site::update_local_nets_table, <frame>, (Site::local_nets, {}))
|
||||||
|
|
@ -3024,8 +3024,8 @@
|
||||||
0.000000 MetaHookPre LoadFileExtended(1, ./programming, <...>/programming.sig)
|
0.000000 MetaHookPre LoadFileExtended(1, ./programming, <...>/programming.sig)
|
||||||
0.000000 MetaHookPre LoadFileExtended(1, ./video, <...>/video.sig)
|
0.000000 MetaHookPre LoadFileExtended(1, ./video, <...>/video.sig)
|
||||||
0.000000 MetaHookPre LoadFileExtended(1, s2, ./s2.sig)
|
0.000000 MetaHookPre LoadFileExtended(1, s2, ./s2.sig)
|
||||||
0.000000 MetaHookPre LogInit(Log::WRITER_ASCII, default, true, true, packet_filter(0.0,0.0,0.0), 5, {ts (time), node (string), filter (string), init (bool), success (bool)})
|
0.000000 MetaHookPre LogInit(Log::WRITER_ASCII, default, true, true, packet_filter(0.0,0.0,0.0), 6, {ts (time), node (string), filter (string), init (bool), success (bool), failure_reason (string)})
|
||||||
0.000000 MetaHookPre LogWrite(Log::WRITER_ASCII, default, packet_filter(0.0,0.0,0.0), 5, {ts (time), node (string), filter (string), init (bool), success (bool)}, <void ptr>)
|
0.000000 MetaHookPre LogWrite(Log::WRITER_ASCII, default, packet_filter(0.0,0.0,0.0), 6, {ts (time), node (string), filter (string), init (bool), success (bool), failure_reason (string)}, <void ptr>)
|
||||||
0.000000 MetaHookPre QueueEvent(NetControl::init())
|
0.000000 MetaHookPre QueueEvent(NetControl::init())
|
||||||
0.000000 MetaHookPre QueueEvent(filter_change_tracking())
|
0.000000 MetaHookPre QueueEvent(filter_change_tracking())
|
||||||
0.000000 MetaHookPre QueueEvent(zeek_init())
|
0.000000 MetaHookPre QueueEvent(zeek_init())
|
||||||
|
|
@ -3311,7 +3311,7 @@
|
||||||
0.000000 | HookCallFunction Log::__create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird, policy=Weird::log_policy])
|
0.000000 | HookCallFunction Log::__create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird, policy=Weird::log_policy])
|
||||||
0.000000 | HookCallFunction Log::__create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509, policy=X509::log_policy])
|
0.000000 | HookCallFunction Log::__create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509, policy=X509::log_policy])
|
||||||
0.000000 | HookCallFunction Log::__create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql, policy=MySQL::log_policy])
|
0.000000 | HookCallFunction Log::__create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql, policy=MySQL::log_policy])
|
||||||
0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T])
|
0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T, failure_reason=<uninitialized>])
|
||||||
0.000000 | HookCallFunction Log::add_default_filter(Broker::LOG)
|
0.000000 | HookCallFunction Log::add_default_filter(Broker::LOG)
|
||||||
0.000000 | HookCallFunction Log::add_default_filter(Cluster::LOG)
|
0.000000 | HookCallFunction Log::add_default_filter(Cluster::LOG)
|
||||||
0.000000 | HookCallFunction Log::add_default_filter(Config::LOG)
|
0.000000 | HookCallFunction Log::add_default_filter(Config::LOG)
|
||||||
|
|
@ -3498,8 +3498,8 @@
|
||||||
0.000000 | HookCallFunction Log::create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509, policy=X509::log_policy])
|
0.000000 | HookCallFunction Log::create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509, policy=X509::log_policy])
|
||||||
0.000000 | HookCallFunction Log::create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql, policy=MySQL::log_policy])
|
0.000000 | HookCallFunction Log::create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql, policy=MySQL::log_policy])
|
||||||
0.000000 | HookCallFunction Log::get_filter(SSL::LOG, default)
|
0.000000 | HookCallFunction Log::get_filter(SSL::LOG, default)
|
||||||
0.000000 | HookCallFunction Log::log_stream_policy([ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T], PacketFilter::LOG)
|
0.000000 | HookCallFunction Log::log_stream_policy([ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T, failure_reason=<uninitialized>], PacketFilter::LOG)
|
||||||
0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T])
|
0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T, failure_reason=<uninitialized>])
|
||||||
0.000000 | HookCallFunction NetControl::check_plugins()
|
0.000000 | HookCallFunction NetControl::check_plugins()
|
||||||
0.000000 | HookCallFunction NetControl::init()
|
0.000000 | HookCallFunction NetControl::init()
|
||||||
0.000000 | HookCallFunction Notice::want_pp()
|
0.000000 | HookCallFunction Notice::want_pp()
|
||||||
|
|
@ -3697,7 +3697,7 @@
|
||||||
0.000000 | HookCallFunction PacketFilter::build()
|
0.000000 | HookCallFunction PacketFilter::build()
|
||||||
0.000000 | HookCallFunction PacketFilter::combine_filters(ip or not ip, and, )
|
0.000000 | HookCallFunction PacketFilter::combine_filters(ip or not ip, and, )
|
||||||
0.000000 | HookCallFunction PacketFilter::install()
|
0.000000 | HookCallFunction PacketFilter::install()
|
||||||
0.000000 | HookCallFunction PacketFilter::log_policy([ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T], PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, path=packet_filter, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
|
0.000000 | HookCallFunction PacketFilter::log_policy([ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T, failure_reason=<uninitialized>], PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, path=packet_filter, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
|
||||||
0.000000 | HookCallFunction Pcap::install_pcap_filter(PacketFilter::DefaultPcapFilter)
|
0.000000 | HookCallFunction Pcap::install_pcap_filter(PacketFilter::DefaultPcapFilter)
|
||||||
0.000000 | HookCallFunction Pcap::precompile_pcap_filter(PacketFilter::DefaultPcapFilter, ip or not ip)
|
0.000000 | HookCallFunction Pcap::precompile_pcap_filter(PacketFilter::DefaultPcapFilter, ip or not ip)
|
||||||
0.000000 | HookCallFunction Site::update_local_nets_table(Site::local_nets, {})
|
0.000000 | HookCallFunction Site::update_local_nets_table(Site::local_nets, {})
|
||||||
|
|
@ -4538,8 +4538,8 @@
|
||||||
0.000000 | HookLoadFileExtended builtin-plugins/__preload__.zeek <...>/__preload__.zeek
|
0.000000 | HookLoadFileExtended builtin-plugins/__preload__.zeek <...>/__preload__.zeek
|
||||||
0.000000 | HookLoadFileExtended s1.sig ./s1.sig
|
0.000000 | HookLoadFileExtended s1.sig ./s1.sig
|
||||||
0.000000 | HookLoadFileExtended s2 ./s2.sig
|
0.000000 | HookLoadFileExtended s2 ./s2.sig
|
||||||
0.000000 | HookLogInit packet_filter 1/1 {ts (time), node (string), filter (string), init (bool), success (bool)}
|
0.000000 | HookLogInit packet_filter 1/1 {ts (time), node (string), filter (string), init (bool), success (bool), failure_reason (string)}
|
||||||
0.000000 | HookLogWrite packet_filter [ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T]
|
0.000000 | HookLogWrite packet_filter [ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T, failure_reason=<uninitialized>]
|
||||||
0.000000 | HookQueueEvent NetControl::init()
|
0.000000 | HookQueueEvent NetControl::init()
|
||||||
0.000000 | HookQueueEvent filter_change_tracking()
|
0.000000 | HookQueueEvent filter_change_tracking()
|
||||||
0.000000 | HookQueueEvent zeek_init()
|
0.000000 | HookQueueEvent zeek_init()
|
||||||
|
|
|
||||||
|
|
@ -18,6 +18,6 @@ Demo::Foo - A Foo test logging writer (dynamic, version 1.0.0)
|
||||||
[http] XXXXXXXXXX.XXXXXX|ClEkJM2Vm5giqnMf4h|10.0.0.55|53994|60.190.189.214|8124|5|GET|www.osnews.com|/images/icons/17.gif|http://www.osnews.com/|1.1|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|-|0|0|304|Not Modified|-|-||-|-|-|-|-|-|-|-|-
|
[http] XXXXXXXXXX.XXXXXX|ClEkJM2Vm5giqnMf4h|10.0.0.55|53994|60.190.189.214|8124|5|GET|www.osnews.com|/images/icons/17.gif|http://www.osnews.com/|1.1|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|-|0|0|304|Not Modified|-|-||-|-|-|-|-|-|-|-|-
|
||||||
[http] XXXXXXXXXX.XXXXXX|ClEkJM2Vm5giqnMf4h|10.0.0.55|53994|60.190.189.214|8124|6|GET|www.osnews.com|/images/left.gif|http://www.osnews.com/|1.1|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|-|0|0|304|Not Modified|-|-||-|-|-|-|-|-|-|-|-
|
[http] XXXXXXXXXX.XXXXXX|ClEkJM2Vm5giqnMf4h|10.0.0.55|53994|60.190.189.214|8124|6|GET|www.osnews.com|/images/left.gif|http://www.osnews.com/|1.1|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|-|0|0|304|Not Modified|-|-||-|-|-|-|-|-|-|-|-
|
||||||
[http] XXXXXXXXXX.XXXXXX|ClEkJM2Vm5giqnMf4h|10.0.0.55|53994|60.190.189.214|8124|7|GET|www.osnews.com|/images/icons/32.gif|http://www.osnews.com/|1.1|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|-|0|0|304|Not Modified|-|-||-|-|-|-|-|-|-|-|-
|
[http] XXXXXXXXXX.XXXXXX|ClEkJM2Vm5giqnMf4h|10.0.0.55|53994|60.190.189.214|8124|7|GET|www.osnews.com|/images/icons/32.gif|http://www.osnews.com/|1.1|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|-|0|0|304|Not Modified|-|-||-|-|-|-|-|-|-|-|-
|
||||||
[packet_filter] XXXXXXXXXX.XXXXXX|zeek|ip or not ip|T|T
|
[packet_filter] XXXXXXXXXX.XXXXXX|zeek|ip or not ip|T|T|-
|
||||||
[socks] XXXXXXXXXX.XXXXXX|ClEkJM2Vm5giqnMf4h|10.0.0.55|53994|60.190.189.214|8124|5|-|-|succeeded|-|www.osnews.com|80|192.168.0.31|-|2688
|
[socks] XXXXXXXXXX.XXXXXX|ClEkJM2Vm5giqnMf4h|10.0.0.55|53994|60.190.189.214|8124|5|-|-|succeeded|-|www.osnews.com|80|192.168.0.31|-|2688
|
||||||
[tunnel] XXXXXXXXXX.XXXXXX|-|10.0.0.55|0|60.190.189.214|8124|Tunnel::SOCKS|Tunnel::DISCOVER
|
[tunnel] XXXXXXXXXX.XXXXXX|-|10.0.0.55|0|60.190.189.214|8124|Tunnel::SOCKS|Tunnel::DISCOVER
|
||||||
|
|
|
||||||
2
testing/external/commit-hash.zeek-testing
vendored
2
testing/external/commit-hash.zeek-testing
vendored
|
|
@ -1 +1 @@
|
||||||
bf98a971e76b8b2e88bebe8ae386b3473f4f3848
|
ab85877815c27e33796e20ac1868e55a6dc6d605
|
||||||
|
|
|
||||||
|
|
@ -1 +1 @@
|
||||||
e51c49eca62db430af35a1d8548c3ae8e421f0cf
|
3e7c07e9bf3b1116fa809b7fd2f116141bc4a36a
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue