Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-12 11:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Fixed some tests.

Browse source
This commit is contained in:
Seth Hall 2013-08-12 15:31:31 -04:00
parent 091c8f3ebc
commit 95161a920c
7 changed files with 35 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

11
scripts/base/files/unified2/main.bro
View file

@ -16,10 +16,14 @@ export {
global alert: event(f: fa_file, ev: Unified2::IDSEvent, pkt: Unified2::Packet);
type Info: record {
## The last received IDS event. This is primarily used
## for tying together Unified2 events and packets.
current_event: Unified2::IDSEvent &optional;
};
redef record fa_file += {
## Add a field to store per-file state about Unified2
## files.
unified2: Info &optional;
};
}
@ -48,8 +52,13 @@ event bro_init()
event file_new(f: fa_file)
{
local file_dir = "";
local parts = split_all(f$source, /\/[^\/]*$/);
if ( |parts| == 3 )
file_dir = parts[1];
if ( f$source in watch_file ||
compress_path(extract_path(f$source)) == compress_path(watch_dir) )
compress_path(watch_dir) == file_dir )
{
Files::add_analyzer(f, Files::ANALYZER_UNIFIED2);
f$unified2 = Info();