Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 22:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge remote-tracking branch 'origin/topic/seth/zeek_init'

Browse source 
* origin/topic/seth/zeek_init:
  Some more testing fixes.
  Update docs and tests for bro_(init|done) -> zeek_(init|done)
  Implement the zeek_init handler.
This commit is contained in:
Jon Siwek 2019-04-19 11:16:35 -07:00
commit a994be9eeb
628 changed files with 868 additions and 1082 deletions
Download patch file Download diff file Expand all files Collapse all files

2
scripts/base/protocols/conn/main.zeek
View file

@ -155,7 +155,7 @@ redef record connection += {
conn: Info &optional;
};
event bro_init() &priority=5
event zeek_init() &priority=5
{
Log::create_stream(Conn::LOG, [$columns=Info, $ev=log_conn, $path="conn"]);
}

2
scripts/base/protocols/dce-rpc/main.zeek
View file

@ -59,7 +59,7 @@ redef record connection += {
const ports = { 135/tcp };
redef likely_server_ports += { ports };
event bro_init() &priority=5
event zeek_init() &priority=5
{
Log::create_stream(DCE_RPC::LOG, [$columns=Info, $path="dce_rpc"]);
Analyzer::register_for_ports(Analyzer::ANALYZER_DCE_RPC, ports);

6
scripts/base/protocols/dhcp/main.zeek
View file

@ -117,14 +117,14 @@ redef record Info += {
const ports = { 67/udp, 68/udp, 4011/udp };
redef likely_server_ports += { 67/udp };
event bro_init() &priority=5
event zeek_init() &priority=5
{
Log::create_stream(DHCP::LOG, [$columns=Info, $ev=log_dhcp, $path="dhcp"]);
Analyzer::register_for_ports(Analyzer::ANALYZER_DHCP, ports);
}
@if ( Cluster::is_enabled() )
event bro_init()
event zeek_init()
{
Broker::auto_publish(Cluster::manager_topic, DHCP::aggregate_msgs);
}
@ -264,7 +264,7 @@ event dhcp_message(c: connection, is_orig: bool, msg: DHCP::Msg, options: DHCP::
event DHCP::aggregate_msgs(network_time(), c$id, c$uid, is_orig, msg, options);
}
event bro_done() &priority=-5
event zeek_done() &priority=-5
{
# Log any remaining data that hasn't already been logged!
for ( i in DHCP::join_data )

2
scripts/base/protocols/dnp3/main.zeek
View file

@ -34,7 +34,7 @@ redef record connection += {
const ports = { 20000/tcp , 20000/udp };
redef likely_server_ports += { ports };
event bro_init() &priority=5
event zeek_init() &priority=5
{
Log::create_stream(DNP3::LOG, [$columns=Info, $ev=log_dnp3, $path="dnp3"]);
Analyzer::register_for_ports(Analyzer::ANALYZER_DNP3_TCP, ports);

2
scripts/base/protocols/dns/main.zeek
View file

@ -154,7 +154,7 @@ redef record connection += {
const ports = { 53/udp, 53/tcp, 137/udp, 5353/udp, 5355/udp };
redef likely_server_ports += { ports };
event bro_init() &priority=5
event zeek_init() &priority=5
{
Log::create_stream(DNS::LOG, [$columns=Info, $ev=log_dns, $path="dns"]);
Analyzer::register_for_ports(Analyzer::ANALYZER_DNS, ports);

2
scripts/base/protocols/ftp/files.zeek
View file

@ -45,7 +45,7 @@ function describe_file(f: fa_file): string
return "";
}
event bro_init() &priority=5
event zeek_init() &priority=5
{
Files::register_protocol(Analyzer::ANALYZER_FTP_DATA,
[$get_file_handle = FTP::get_file_handle,

2
scripts/base/protocols/ftp/main.zeek
View file

@ -50,7 +50,7 @@ redef record connection += {
const ports = { 21/tcp, 2811/tcp };
redef likely_server_ports += { ports };
event bro_init() &priority=5
event zeek_init() &priority=5
{
Log::create_stream(FTP::LOG, [$columns=Info, $ev=log_ftp, $path="ftp"]);
Analyzer::register_for_ports(Analyzer::ANALYZER_FTP, ports);

2
scripts/base/protocols/http/files.zeek
View file

@ -48,7 +48,7 @@ function describe_file(f: fa_file): string
return "";
}
event bro_init() &priority=5
event zeek_init() &priority=5
{
Files::register_protocol(Analyzer::ANALYZER_HTTP,
[$get_file_handle = HTTP::get_file_handle,

2
scripts/base/protocols/http/main.zeek
View file

@ -139,7 +139,7 @@ const ports = {
redef likely_server_ports += { ports };
# Initialize the HTTP logging stream and ports.
event bro_init() &priority=5
event zeek_init() &priority=5
{
Log::create_stream(HTTP::LOG, [$columns=Info, $ev=log_http, $path="http"]);
Analyzer::register_for_ports(Analyzer::ANALYZER_HTTP, ports);

2
scripts/base/protocols/imap/main.zeek
View file

@ -4,7 +4,7 @@ module IMAP;
const ports = { 143/tcp };
redef likely_server_ports += { ports };
event bro_init() &priority=5
event zeek_init() &priority=5
{
Analyzer::register_for_ports(Analyzer::ANALYZER_IMAP, ports);
}

2
scripts/base/protocols/irc/files.zeek
View file

@ -23,7 +23,7 @@ function get_file_handle(c: connection, is_orig: bool): string
return cat(Analyzer::ANALYZER_IRC_DATA, c$start_time, c$id, is_orig);
}
event bro_init() &priority=5
event zeek_init() &priority=5
{
Files::register_protocol(Analyzer::ANALYZER_IRC_DATA,
[$get_file_handle = IRC::get_file_handle]);

2
scripts/base/protocols/irc/main.zeek
View file

@ -41,7 +41,7 @@ redef record connection += {
const ports = { 6666/tcp, 6667/tcp, 6668/tcp, 6669/tcp };
redef likely_server_ports += { ports };
event bro_init() &priority=5
event zeek_init() &priority=5
{
Log::create_stream(IRC::LOG, [$columns=Info, $ev=irc_log, $path="irc"]);
Analyzer::register_for_ports(Analyzer::ANALYZER_IRC, ports);

2
scripts/base/protocols/krb/files.zeek
View file

@ -61,7 +61,7 @@ function describe_file(f: fa_file): string
f$info$x509$certificate$issuer);
}
event bro_init() &priority=5
event zeek_init() &priority=5
{
Files::register_protocol(Analyzer::ANALYZER_KRB_TCP,
[$get_file_handle = KRB::get_file_handle,

2
scripts/base/protocols/krb/main.zeek
View file

@ -73,7 +73,7 @@ const tcp_ports = { 88/tcp };
const udp_ports = { 88/udp };
redef likely_server_ports += { tcp_ports, udp_ports };
event bro_init() &priority=5
event zeek_init() &priority=5
{
Analyzer::register_for_ports(Analyzer::ANALYZER_KRB, udp_ports);
Analyzer::register_for_ports(Analyzer::ANALYZER_KRB_TCP, tcp_ports);

2
scripts/base/protocols/modbus/main.zeek
View file

@ -32,7 +32,7 @@ redef record connection += {
const ports = { 502/tcp };
redef likely_server_ports += { ports };
event bro_init() &priority=5
event zeek_init() &priority=5
{
Log::create_stream(Modbus::LOG, [$columns=Info, $ev=log_modbus, $path="modbus"]);
Analyzer::register_for_ports(Analyzer::ANALYZER_MODBUS, ports);

2
scripts/base/protocols/mysql/main.zeek
View file

@ -37,7 +37,7 @@ redef record connection += {
const ports = { 1434/tcp, 3306/tcp };
event bro_init() &priority=5
event zeek_init() &priority=5
{
Log::create_stream(mysql::LOG, [$columns=Info, $ev=log_mysql, $path="mysql"]);
Analyzer::register_for_ports(Analyzer::ANALYZER_MYSQL, ports);

2
scripts/base/protocols/ntlm/main.zeek
View file

@ -42,7 +42,7 @@ redef record connection += {
ntlm: Info &optional;
};
event bro_init() &priority=5
event zeek_init() &priority=5
{
Log::create_stream(NTLM::LOG, [$columns=Info, $path="ntlm"]);
}

2
scripts/base/protocols/radius/main.zeek
View file

@ -56,7 +56,7 @@ redef record connection += {
const ports = { 1812/udp };
redef likely_server_ports += { ports };
event bro_init() &priority=5
event zeek_init() &priority=5
{
Log::create_stream(RADIUS::LOG, [$columns=Info, $ev=log_radius, $path="radius"]);
Analyzer::register_for_ports(Analyzer::ANALYZER_RADIUS, ports);

2
scripts/base/protocols/rdp/main.zeek
View file

@ -86,7 +86,7 @@ redef record connection += {
const ports = { 3389/tcp };
redef likely_server_ports += { ports };
event bro_init() &priority=5
event zeek_init() &priority=5
{
Log::create_stream(RDP::LOG, [$columns=RDP::Info, $ev=log_rdp, $path="rdp"]);
Analyzer::register_for_ports(Analyzer::ANALYZER_RDP, ports);

2
scripts/base/protocols/rfb/main.zeek
View file

@ -76,7 +76,7 @@ redef record connection += {
rfb: Info &optional;
};
event bro_init() &priority=5
event zeek_init() &priority=5
{
Log::create_stream(RFB::LOG, [$columns=Info, $ev=log_rfb, $path="rfb"]);
}

2
scripts/base/protocols/sip/main.zeek
View file

@ -98,7 +98,7 @@ redef record connection += {
const ports = { 5060/udp };
redef likely_server_ports += { ports };
event bro_init() &priority=5
event zeek_init() &priority=5
{
Log::create_stream(SIP::LOG, [$columns=Info, $ev=log_sip, $path="sip"]);
Analyzer::register_for_ports(Analyzer::ANALYZER_SIP, ports);

2
scripts/base/protocols/smb/files.zeek
View file

@ -46,7 +46,7 @@ function describe_file(f: fa_file): string
return "";
}
event bro_init() &priority=5
event zeek_init() &priority=5
{
Files::register_protocol(Analyzer::ANALYZER_SMB,
[$get_file_handle = SMB::get_file_handle,

2
scripts/base/protocols/smb/main.zeek
View file

@ -177,7 +177,7 @@ redef record FileInfo += {
const ports = { 139/tcp, 445/tcp };
redef likely_server_ports += { ports };
event bro_init() &priority=5
event zeek_init() &priority=5
{
Log::create_stream(SMB::FILES_LOG, [$columns=SMB::FileInfo, $path="smb_files"]);
Log::create_stream(SMB::MAPPING_LOG, [$columns=SMB::TreeInfo, $path="smb_mapping"]);

2
scripts/base/protocols/smtp/files.zeek
View file

@ -38,7 +38,7 @@ function describe_file(f: fa_file): string
return "";
}
event bro_init() &priority=5
event zeek_init() &priority=5
{
Files::register_protocol(Analyzer::ANALYZER_SMTP,
[$get_file_handle = SMTP::get_file_handle,

2
scripts/base/protocols/smtp/main.zeek
View file

@ -92,7 +92,7 @@ redef record connection += {
const ports = { 25/tcp, 587/tcp };
redef likely_server_ports += { ports };
event bro_init() &priority=5
event zeek_init() &priority=5
{
Log::create_stream(SMTP::LOG, [$columns=SMTP::Info, $ev=log_smtp, $path="smtp"]);
Analyzer::register_for_ports(Analyzer::ANALYZER_SMTP, ports);

2
scripts/base/protocols/snmp/main.zeek
View file

@ -63,7 +63,7 @@ redef record connection += {
const ports = { 161/udp, 162/udp };
redef likely_server_ports += { ports };
event bro_init() &priority=5
event zeek_init() &priority=5
{
Analyzer::register_for_ports(Analyzer::ANALYZER_SNMP, ports);
Log::create_stream(SNMP::LOG, [$columns=SNMP::Info, $ev=log_snmp, $path="snmp"]);

2
scripts/base/protocols/socks/main.zeek
View file

@ -47,7 +47,7 @@ export {
const ports = { 1080/tcp };
redef likely_server_ports += { ports };
event bro_init() &priority=5
event zeek_init() &priority=5
{
Log::create_stream(SOCKS::LOG, [$columns=Info, $ev=log_socks, $path="socks"]);
Analyzer::register_for_ports(Analyzer::ANALYZER_SOCKS, ports);

2
scripts/base/protocols/ssh/main.zeek
View file

@ -136,7 +136,7 @@ redef record connection += {
const ports = { 22/tcp };
redef likely_server_ports += { ports };
event bro_init() &priority=5
event zeek_init() &priority=5
{
Analyzer::register_for_ports(Analyzer::ANALYZER_SSH, ports);
Log::create_stream(SSH::LOG, [$columns=Info, $ev=log_ssh, $path="ssh"]);

2
scripts/base/protocols/ssl/files.zeek
View file

@ -79,7 +79,7 @@ function describe_file(f: fa_file): string
f$info$x509$certificate$issuer);
}
event bro_init() &priority=5
event zeek_init() &priority=5
{
Files::register_protocol(Analyzer::ANALYZER_SSL,
[$get_file_handle = SSL::get_file_handle,

2
scripts/base/protocols/ssl/main.zeek
View file

@ -137,7 +137,7 @@ const dtls_ports = { 443/udp };
redef likely_server_ports += { ssl_ports, dtls_ports };
event bro_init() &priority=5
event zeek_init() &priority=5
{
Log::create_stream(SSL::LOG, [$columns=Info, $ev=log_ssl, $path="ssl"]);
Analyzer::register_for_ports(Analyzer::ANALYZER_SSL, ssl_ports);

2
scripts/base/protocols/syslog/main.zeek
View file

@ -34,7 +34,7 @@ redef record connection += {
const ports = { 514/udp };
redef likely_server_ports += { ports };
event bro_init() &priority=5
event zeek_init() &priority=5
{
Log::create_stream(Syslog::LOG, [$columns=Info, $path="syslog"]);
Analyzer::register_for_ports(Analyzer::ANALYZER_SYSLOG, ports);

2
scripts/base/protocols/xmpp/main.zeek
View file

@ -4,7 +4,7 @@ module XMPP;
const ports = { 5222/tcp, 5269/tcp };
redef likely_server_ports += { ports };
event bro_init() &priority=5
event zeek_init() &priority=5
{
Analyzer::register_for_ports(Analyzer::ANALYZER_XMPP, ports);
}