Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-14 04:28:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Change SSL and X.509 logging format

Browse source 
This commit changes the SSL and X.509 logging formats to something that,
hopefully, slowly approaches what they will look like in the future.

X.509 log is not yet deduplicated; this will come in the future.

This commit introduces two new options, which determine if certificate
issuers and subjects are still logged in ssl.log. The default is to have
the host subject/issuer logged, but to remove client-certificate
information. Client-certificates are not a typically used feature
nowadays.
This commit is contained in:
Johanna Amann 2021-05-13 12:46:11 +01:00
parent 64ab1bbd47
commit b02f22a667
70 changed files with 586 additions and 543 deletions
Download patch file Download diff file Expand all files Collapse all files

3
scripts/base/protocols/ssl/main.zeek
View file

@ -145,7 +145,8 @@ const dtls_ports = { 443/udp };
redef likely_server_ports += { ssl_ports, dtls_ports };
event zeek_init() &priority=5
# Priority needs to be higher than priority of zeek_init in ssl/files.zeek
event zeek_init() &priority=6
{
Log::create_stream(SSL::LOG, [$columns=Info, $ev=log_ssl, $path="ssl", $policy=log_policy]);
Analyzer::register_for_ports(Analyzer::ANALYZER_SSL, ssl_ports);