Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Add proto to analyzer.log

Browse source 
The analyzer.log file was missing the protocol field to distinguish
tcp/udp connections.
This commit is contained in:
Johanna Amann 2025-08-06 10:44:45 +01:00
parent 7dea987432
commit 82266b1e78
13 changed files with 35 additions and 32 deletions
Download patch file Download diff file Expand all files Collapse all files

5
scripts/base/frameworks/analyzer/logging.zeek
View file

@ -23,8 +23,10 @@ export {
uid: string &log &optional;
## File UID if available.
fuid: string &log &optional;
## Connection identifier if available
## Connection identifier if available.
id: conn_id &log &optional;
## Transport protocol for the violation, if available.
proto: transport_proto &log &optional;
## Failure or violation reason, if available.
failure_reason: string &log;
## Data causing failure or violation if available. Truncated
@ -62,6 +64,7 @@ function log_analyzer_failure(ts: time, atype: AllAnalyzers::Tag, info: Analyzer
{
rec$id = info$c$id;
rec$uid = info$c$uid;
rec$proto = get_port_transport_proto(info$c$id$orig_p);
}
if ( info?$f )