Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-08 17:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Log only local-originated IPs.

Browse source
This commit is contained in:
Johanna Amann 2015-12-08 14:55:50 -08:00
parent cdc812074c
commit c93a9fbebd
1 changed files with 8 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

8
scripts/policy/protocols/ssl/ocsp-ssl-split.bro
View file

@ -494,6 +494,10 @@ function start_log_ocsp(rec: OCSP::Info)
info_ocsp_rec$delay = info_ocsp_rec$resp_ts - info_ocsp_rec$req_ts;
update_http_info(info_ocsp_rec, http);
if ( Site::is_private_addr(info_ocsp_rec$cid$orig_h) || !Site::is_local_addr(info_ocsp_rec$cid$orig_h) )
return;
Log::write(LOG_OCSP, info_ocsp_rec);
}
@ -564,6 +568,10 @@ event connection_state_remove(c: connection) &priority= -20
if (|cert_recv_ts_str| > 0)
ssl_info_rec$cert_recv_ts = cert_recv_ts_str;
update_ssl_info(ssl_info_rec, c$ssl);
if ( Site::is_private_addr(ssl_info_rec$id$orig_h) || !Site::is_local_addr(ssl_info_rec$id$orig_h) )
return;
Log::write(LOG_SSL, ssl_info_rec);
#delete c$ssl$cert_ts[ocsp_uri, serial_number, issuer_name];
}