Some small fixes to further reduce SOCKS false positive logs.

2025-10-02 06:38:20 +00:00 · 2012-07-11 16:53:46 -04:00 · 2012-07-11 16:53:46 -04:00 · a44612788e
commit a44612788e
parent e3f6a467a4
2 changed files with 12 additions and 2 deletions
--- a/scripts/base/protocols/socks/main.bro
+++ b/scripts/base/protocols/socks/main.bro
@ -83,5 +83,8 @@ event socks_reply(c: connection, version: count, reply: count, sa: SOCKS::Addres

 event socks_reply(c: connection, version: count, reply: count, sa: SOCKS::Address, p: port) &priority=-5
 	{
-	Log::write(SOCKS::LOG, c$socks);
+	# This will handle the case where the analyzer failed in some way and was removed.  We probably 
+	# don't want to log these connections.
+	if ( "SOCKS" in c$service )
+		Log::write(SOCKS::LOG, c$socks);
 	}