Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Copy timestamp from file object

Browse source 
In some cases, e.g. running zeek on short pcaps as opposed to continuous packet streams, network_time() may not equal the time that was used when generating the file object.

This results in the pe.log entry having a different timestamp than its corresponding files.log entry which is strange as they refer to the exact same file.
This commit is contained in:
mvhensbergen 2024-05-17 15:03:06 +02:00 committed by GitHub
parent 301d042ba7
commit a4f73ee45f
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
scripts/base/files/pe/main.zeek
View file

@ -66,7 +66,7 @@ event zeek_init() &priority=5
hook set_file(f: fa_file) &priority=5 hook set_file(f: fa_file) &priority=5
{ {
if ( ! f?$pe ) if ( ! f?$pe )
f$pe = [$ts=network_time(), $id=f$id]; f$pe = [$ts=f$info$ts, $id=f$id];
} }
event pe_dos_header(f: fa_file, h: PE::DOSHeader) &priority=5 event pe_dos_header(f: fa_file, h: PE::DOSHeader) &priority=5