Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-13 12:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

More smb_files.log improvements.

Browse source 
- Actually get the path into the smb_files.log now.
 - When a share root is having the "create" message used on it,
   instead of giving a null file name, now give a special
   indicator of "<share_root>".
 - Update test baselines.
This commit is contained in:
Seth Hall 2016-03-09 04:49:48 -05:00
parent ba144252cb
commit 9c6402bd91
3 changed files with 20 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

10
testing/btest/Baseline/scripts.base.protocols.smb.smb2/smb_files.log
View file

@ -3,12 +3,12 @@
#empty_field (empty)
#unset_field -
#path smb_files
#open 2016-03-07-20-31-34
#open 2016-03-09-09-45-59
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fuid action path name size times.modified times.accessed times.created times.changed
#types time string addr port addr port string enum string string count time time time time
1323202695.377459 CXWv6p3arKYeMETxOg 10.0.0.11 49208 10.0.0.12 445 - SMB::FILE_OPEN - (empty) 8192 1323202604.512058 1323202604.512058 1322343963.945297 1323202604.512058
1323202695.377459 CXWv6p3arKYeMETxOg 10.0.0.11 49208 10.0.0.12 445 - SMB::FILE_OPEN - <share_root> 8192 1323202604.512058 1323202604.512058 1322343963.945297 1323202604.512058
1323202695.432192 CXWv6p3arKYeMETxOg 10.0.0.11 49208 10.0.0.12 445 - SMB::FILE_OPEN - WP_SMBPlugin.pdf 0 1323202695.427034 1323202695.427034 1323202695.427034 1323202695.427034
1323202695.432192 CXWv6p3arKYeMETxOg 10.0.0.11 49208 10.0.0.12 445 FUU9mc3Ub5uZdcqg1d SMB::FILE_CLOSE \\\\10.0.0.12\\smb2 WP_SMBPlugin.pdf 0 1323202695.427034 1323202695.427034 1323202695.427034 1323202695.427034
1323202695.599914 CXWv6p3arKYeMETxOg 10.0.0.11 49208 10.0.0.12 445 - SMB::FILE_OPEN - (empty) 8192 1323202695.427034 1323202695.427034 1322343963.945297 1323202695.427034
1323202695.599914 CXWv6p3arKYeMETxOg 10.0.0.11 49208 10.0.0.12 445 - SMB::FILE_CLOSE \\\\10.0.0.12\\smb2 (empty) 8192 1323202695.427034 1323202695.427034 1322343963.945297 1323202695.427034
#close 2016-03-07-20-31-34
1323202695.599914 CXWv6p3arKYeMETxOg 10.0.0.11 49208 10.0.0.12 445 - SMB::FILE_OPEN - <share_root> 8192 1323202695.427034 1323202695.427034 1322343963.945297 1323202695.427034
1323202695.599914 CXWv6p3arKYeMETxOg 10.0.0.11 49208 10.0.0.12 445 - SMB::FILE_CLOSE \\\\10.0.0.12\\smb2 <share_root> 8192 1323202695.427034 1323202695.427034 1322343963.945297 1323202695.427034
#close 2016-03-09-09-45-59