mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
Rename DefaultAnalyzer to IP.
This commit is contained in:
Jan Grashoefer
Tim Wojtulewicz
parent
24babf096e
commit
d5ca0f9da5
18 changed files with 99 additions and 109 deletions
|
|
@ -1,4 +1,4 @@
|
|||
@load base/packet-protocols/default
|
||||
@load base/packet-protocols/ip
|
||||
@load base/packet-protocols/skip
|
||||
@load base/packet-protocols/ethernet
|
||||
@load base/packet-protocols/fddi
|
||||
|
|
|
|||
|
|
@ -1,7 +0,0 @@
|
|||
module PacketAnalyzer::Default;
|
||||
|
||||
redef PacketAnalyzer::config_map += {
|
||||
PacketAnalyzer::ConfigEntry($analyzer=PacketAnalyzer::ANALYZER_DEFAULTANALYZER),
|
||||
PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_DEFAULTANALYZER, $identifier=4, $analyzer=PacketAnalyzer::ANALYZER_IPV4),
|
||||
PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_DEFAULTANALYZER, $identifier=6, $analyzer=PacketAnalyzer::ANALYZER_IPV6)
|
||||
};
|
||||
|
|
@ -22,5 +22,5 @@ redef PacketAnalyzer::config_map += {
|
|||
PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ETHERNET, $identifier=0x88A8, $analyzer=PacketAnalyzer::ANALYZER_VLAN),
|
||||
PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ETHERNET, $identifier=0x9100, $analyzer=PacketAnalyzer::ANALYZER_VLAN),
|
||||
PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ETHERNET, $identifier=0x8864, $analyzer=PacketAnalyzer::ANALYZER_PPPOE),
|
||||
PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ETHERNET, $analyzer=PacketAnalyzer::ANALYZER_DEFAULTANALYZER)
|
||||
PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ETHERNET, $analyzer=PacketAnalyzer::ANALYZER_IP)
|
||||
};
|
||||
|
|
|
|||
|
|
@ -4,5 +4,5 @@ const DLT_FDDI : count = 10;
|
|||
|
||||
redef PacketAnalyzer::config_map += {
|
||||
PacketAnalyzer::ConfigEntry($identifier=DLT_FDDI, $analyzer=PacketAnalyzer::ANALYZER_FDDI),
|
||||
PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_FDDI, $analyzer=PacketAnalyzer::ANALYZER_DEFAULTANALYZER)
|
||||
PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_FDDI, $analyzer=PacketAnalyzer::ANALYZER_IP)
|
||||
};
|
||||
|
|
|
|||
7
scripts/base/packet-protocols/ip/main.zeek
Normal file
7
scripts/base/packet-protocols/ip/main.zeek
Normal file
|
|
@ -0,0 +1,7 @@
|
|||
module PacketAnalyzer::IP;
|
||||
|
||||
redef PacketAnalyzer::config_map += {
|
||||
PacketAnalyzer::ConfigEntry($analyzer=PacketAnalyzer::ANALYZER_IP),
|
||||
PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_IP, $identifier=4, $analyzer=PacketAnalyzer::ANALYZER_IPV4),
|
||||
PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_IP, $identifier=6, $analyzer=PacketAnalyzer::ANALYZER_IPV6)
|
||||
};
|
||||
|
|
@ -6,5 +6,5 @@ export {
|
|||
}
|
||||
|
||||
redef PacketAnalyzer::config_map += {
|
||||
PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_SKIP, $analyzer=PacketAnalyzer::ANALYZER_DEFAULTANALYZER)
|
||||
PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_SKIP, $analyzer=PacketAnalyzer::ANALYZER_IP)
|
||||
};
|
||||
|
|
|
|||
|
|
@ -121,7 +121,7 @@ protected:
|
|||
*
|
||||
* @return The outcome of the analysis.
|
||||
*/
|
||||
virtual AnalyzerResult AnalyzeInnerPacket(Packet* packet, const uint8_t*& data,
|
||||
AnalyzerResult AnalyzeInnerPacket(Packet* packet, const uint8_t*& data,
|
||||
uint32_t identifier) const;
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -1,4 +1,3 @@
|
|||
add_subdirectory(default)
|
||||
add_subdirectory(skip)
|
||||
|
||||
add_subdirectory(wrapper)
|
||||
|
|
@ -15,5 +14,6 @@ add_subdirectory(mpls)
|
|||
add_subdirectory(linux_sll)
|
||||
|
||||
add_subdirectory(arp)
|
||||
add_subdirectory(ip)
|
||||
add_subdirectory(ipv4)
|
||||
add_subdirectory(ipv6)
|
||||
|
|
|
|||
|
|
@ -1,44 +0,0 @@
|
|||
// See the file "COPYING" in the main distribution directory for copyright.
|
||||
|
||||
#include "Default.h"
|
||||
#include "NetVar.h"
|
||||
|
||||
using namespace zeek::packet_analysis::Default;
|
||||
|
||||
DefaultAnalyzer::DefaultAnalyzer()
|
||||
: zeek::packet_analysis::Analyzer("DefaultAnalyzer")
|
||||
{
|
||||
}
|
||||
|
||||
zeek::packet_analysis::AnalyzerResult DefaultAnalyzer::Analyze(Packet* packet, const uint8_t*& data)
|
||||
{
|
||||
// Assume we're pointing at IP. Just figure out which version.
|
||||
if ( data + sizeof(struct ip) >= packet->GetEndOfData() )
|
||||
{
|
||||
packet->Weird("packet_analyzer_truncated_header");
|
||||
return AnalyzerResult::Failed;
|
||||
}
|
||||
|
||||
auto ip = (const struct ip *)data;
|
||||
uint32_t protocol = ip->ip_v;
|
||||
|
||||
return AnalyzeInnerPacket(packet, data, protocol);
|
||||
}
|
||||
|
||||
zeek::packet_analysis::AnalyzerResult DefaultAnalyzer::AnalyzeInnerPacket(Packet* packet,
|
||||
const uint8_t*& data, uint32_t identifier) const
|
||||
{
|
||||
auto inner_analyzer = Lookup(identifier);
|
||||
|
||||
if ( inner_analyzer == nullptr )
|
||||
{
|
||||
DBG_LOG(DBG_PACKET_ANALYSIS, "Default analysis in %s failed, could not find analyzer for identifier %#x.",
|
||||
GetAnalyzerName(), identifier);
|
||||
packet->Weird("no_suitable_analyzer_found");
|
||||
return AnalyzerResult::Failed;
|
||||
}
|
||||
|
||||
DBG_LOG(DBG_PACKET_ANALYSIS, "Default analysis in %s succeeded, next layer identifier is %#x.",
|
||||
GetAnalyzerName(), identifier);
|
||||
return inner_analyzer->Analyze(packet, data);
|
||||
}
|
||||
|
|
@ -1,27 +0,0 @@
|
|||
// See the file "COPYING" in the main distribution directory for copyright.
|
||||
|
||||
#pragma once
|
||||
|
||||
#include <packet_analysis/Analyzer.h>
|
||||
#include <packet_analysis/Component.h>
|
||||
|
||||
namespace zeek::packet_analysis::Default {
|
||||
|
||||
class DefaultAnalyzer : public Analyzer {
|
||||
public:
|
||||
DefaultAnalyzer();
|
||||
~DefaultAnalyzer() override = default;
|
||||
|
||||
AnalyzerResult Analyze(Packet* packet, const uint8_t*& data) override;
|
||||
|
||||
static zeek::packet_analysis::AnalyzerPtr Instantiate()
|
||||
{
|
||||
return std::make_shared<DefaultAnalyzer>();
|
||||
}
|
||||
|
||||
protected:
|
||||
AnalyzerResult AnalyzeInnerPacket(Packet* packet, const uint8_t*& data,
|
||||
uint32_t identifier) const override;
|
||||
};
|
||||
|
||||
}
|
||||
|
|
@ -3,6 +3,6 @@ include(ZeekPlugin)
|
|||
|
||||
include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR})
|
||||
|
||||
zeek_plugin_begin(PacketAnalyzer Default)
|
||||
zeek_plugin_cc(Default.cc Plugin.cc)
|
||||
zeek_plugin_begin(PacketAnalyzer IP)
|
||||
zeek_plugin_cc(IP.cc Plugin.cc)
|
||||
zeek_plugin_end()
|
||||
38
src/packet_analysis/protocol/ip/IP.cc
Normal file
38
src/packet_analysis/protocol/ip/IP.cc
Normal file
|
|
@ -0,0 +1,38 @@
|
|||
// See the file "COPYING" in the main distribution directory for copyright.
|
||||
|
||||
#include "IP.h"
|
||||
#include "NetVar.h"
|
||||
|
||||
using namespace zeek::packet_analysis::IP;
|
||||
|
||||
IPAnalyzer::IPAnalyzer()
|
||||
: zeek::packet_analysis::Analyzer("IP")
|
||||
{
|
||||
}
|
||||
|
||||
zeek::packet_analysis::AnalyzerResult IPAnalyzer::Analyze(Packet* packet, const uint8_t*& data)
|
||||
{
|
||||
// Assume we're pointing at IP. Just figure out which version.
|
||||
if ( data + sizeof(struct ip) >= packet->GetEndOfData() )
|
||||
{
|
||||
packet->Weird("packet_analyzer_truncated_header");
|
||||
return AnalyzerResult::Failed;
|
||||
}
|
||||
|
||||
auto ip = (const struct ip *)data;
|
||||
uint32_t protocol = ip->ip_v;
|
||||
|
||||
auto inner_analyzer = Lookup(protocol);
|
||||
|
||||
if ( inner_analyzer == nullptr )
|
||||
{
|
||||
DBG_LOG(DBG_PACKET_ANALYSIS, "Analysis in %s failed, could not find analyzer for identifier %#x.",
|
||||
GetAnalyzerName(), protocol);
|
||||
packet->Weird("no_suitable_analyzer_found");
|
||||
return AnalyzerResult::Failed;
|
||||
}
|
||||
|
||||
DBG_LOG(DBG_PACKET_ANALYSIS, "Analysis in %s succeeded, next layer identifier is %#x.",
|
||||
GetAnalyzerName(), protocol);
|
||||
return inner_analyzer->Analyze(packet, data);
|
||||
}
|
||||
23
src/packet_analysis/protocol/ip/IP.h
Normal file
23
src/packet_analysis/protocol/ip/IP.h
Normal file
|
|
@ -0,0 +1,23 @@
|
|||
// See the file "COPYING" in the main distribution directory for copyright.
|
||||
|
||||
#pragma once
|
||||
|
||||
#include <packet_analysis/Analyzer.h>
|
||||
#include <packet_analysis/Component.h>
|
||||
|
||||
namespace zeek::packet_analysis::IP {
|
||||
|
||||
class IPAnalyzer : public Analyzer {
|
||||
public:
|
||||
IPAnalyzer();
|
||||
~IPAnalyzer() override = default;
|
||||
|
||||
AnalyzerResult Analyze(Packet* packet, const uint8_t*& data) override;
|
||||
|
||||
static zeek::packet_analysis::AnalyzerPtr Instantiate()
|
||||
{
|
||||
return std::make_shared<IPAnalyzer>();
|
||||
}
|
||||
};
|
||||
|
||||
}
|
||||
|
|
@ -1,6 +1,6 @@
|
|||
// See the file "COPYING" in the main distribution directory for copyright.
|
||||
|
||||
#include "Default.h"
|
||||
#include "IP.h"
|
||||
#include "plugin/Plugin.h"
|
||||
#include "packet_analysis/Component.h"
|
||||
|
||||
|
|
@ -10,12 +10,12 @@ class Plugin : public zeek::plugin::Plugin {
|
|||
public:
|
||||
zeek::plugin::Configuration Configure()
|
||||
{
|
||||
AddComponent(new zeek::packet_analysis::Component("DefaultAnalyzer",
|
||||
zeek::packet_analysis::Default::DefaultAnalyzer::Instantiate));
|
||||
AddComponent(new zeek::packet_analysis::Component("IP",
|
||||
zeek::packet_analysis::IP::IPAnalyzer::Instantiate));
|
||||
|
||||
zeek::plugin::Configuration config;
|
||||
config.name = "Zeek::DefaultAnalyzer";
|
||||
config.description = "Default packet analyzer for IP fallback";
|
||||
config.name = "Zeek::IP";
|
||||
config.description = "Packet analyzer for IP fallback (v4 or v6)";
|
||||
return config;
|
||||
}
|
||||
|
||||
|
|
@ -3,7 +3,7 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path loaded_scripts
|
||||
#open 2020-08-28-14-19-59
|
||||
#open 2020-08-28-15-37-31
|
||||
#fields name
|
||||
#types string
|
||||
scripts/base/init-bare.zeek
|
||||
|
|
@ -20,8 +20,8 @@ scripts/base/init-bare.zeek
|
|||
build/scripts/base/bif/plugins/Zeek_KRB.types.bif.zeek
|
||||
build/scripts/base/bif/event.bif.zeek
|
||||
scripts/base/packet-protocols/__load__.zeek
|
||||
scripts/base/packet-protocols/default/__load__.zeek
|
||||
scripts/base/packet-protocols/default/main.zeek
|
||||
scripts/base/packet-protocols/ip/__load__.zeek
|
||||
scripts/base/packet-protocols/ip/main.zeek
|
||||
scripts/base/packet-protocols/skip/__load__.zeek
|
||||
scripts/base/packet-protocols/skip/main.zeek
|
||||
scripts/base/packet-protocols/ethernet/__load__.zeek
|
||||
|
|
@ -212,4 +212,4 @@ scripts/base/init-frameworks-and-bifs.zeek
|
|||
build/scripts/base/bif/plugins/Zeek_SQLiteWriter.sqlite.bif.zeek
|
||||
scripts/policy/misc/loaded-scripts.zeek
|
||||
scripts/base/utils/paths.zeek
|
||||
#close 2020-08-28-14-19-59
|
||||
#close 2020-08-28-15-37-31
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path loaded_scripts
|
||||
#open 2020-09-22-17-05-35
|
||||
#open 2020-09-22-17-07-43
|
||||
#fields name
|
||||
#types string
|
||||
scripts/base/init-bare.zeek
|
||||
|
|
@ -20,8 +20,8 @@ scripts/base/init-bare.zeek
|
|||
build/scripts/base/bif/plugins/Zeek_KRB.types.bif.zeek
|
||||
build/scripts/base/bif/event.bif.zeek
|
||||
scripts/base/packet-protocols/__load__.zeek
|
||||
scripts/base/packet-protocols/default/__load__.zeek
|
||||
scripts/base/packet-protocols/default/main.zeek
|
||||
scripts/base/packet-protocols/ip/__load__.zeek
|
||||
scripts/base/packet-protocols/ip/main.zeek
|
||||
scripts/base/packet-protocols/skip/__load__.zeek
|
||||
scripts/base/packet-protocols/skip/main.zeek
|
||||
scripts/base/packet-protocols/ethernet/__load__.zeek
|
||||
|
|
@ -408,4 +408,4 @@ scripts/base/init-default.zeek
|
|||
scripts/base/misc/find-filtered-trace.zeek
|
||||
scripts/base/misc/version.zeek
|
||||
scripts/policy/misc/loaded-scripts.zeek
|
||||
#close 2020-09-22-17-05-36
|
||||
#close 2020-09-22-17-07-43
|
||||
|
|
|
|||
|
|
@ -283,7 +283,7 @@
|
|||
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1600794262.290585, node=zeek, filter=ip or not ip, init=T, success=T])) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1600794430.221915, node=zeek, filter=ip or not ip, init=T, success=T])) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(Log::add_default_filter, <frame>, (Broker::LOG)) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(Log::add_default_filter, <frame>, (Cluster::LOG)) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(Log::add_default_filter, <frame>, (Config::LOG)) -> <no result>
|
||||
|
|
@ -464,7 +464,7 @@
|
|||
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1600794262.290585, node=zeek, filter=ip or not ip, init=T, success=T])) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1600794430.221915, node=zeek, filter=ip or not ip, init=T, success=T])) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(NetControl::check_plugins, <frame>, ()) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(NetControl::init, <null>, ()) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(Notice::want_pp, <frame>, ()) -> <no result>
|
||||
|
|
@ -827,7 +827,6 @@
|
|||
0.000000 MetaHookPost LoadFile(0, base<...>/control) -> -1
|
||||
0.000000 MetaHookPost LoadFile(0, base<...>/data.bif.zeek) -> -1
|
||||
0.000000 MetaHookPost LoadFile(0, base<...>/dce-rpc) -> -1
|
||||
0.000000 MetaHookPost LoadFile(0, base<...>/default) -> -1
|
||||
0.000000 MetaHookPost LoadFile(0, base<...>/dhcp) -> -1
|
||||
0.000000 MetaHookPost LoadFile(0, base<...>/dir.zeek) -> -1
|
||||
0.000000 MetaHookPost LoadFile(0, base<...>/directions-and-hosts.zeek) -> -1
|
||||
|
|
@ -858,6 +857,7 @@
|
|||
0.000000 MetaHookPost LoadFile(0, base<...>/input) -> -1
|
||||
0.000000 MetaHookPost LoadFile(0, base<...>/input.bif.zeek) -> -1
|
||||
0.000000 MetaHookPost LoadFile(0, base<...>/intel) -> -1
|
||||
0.000000 MetaHookPost LoadFile(0, base<...>/ip) -> -1
|
||||
0.000000 MetaHookPost LoadFile(0, base<...>/irc) -> -1
|
||||
0.000000 MetaHookPost LoadFile(0, base<...>/krb) -> -1
|
||||
0.000000 MetaHookPost LoadFile(0, base<...>/linux_sll) -> -1
|
||||
|
|
@ -1226,7 +1226,7 @@
|
|||
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird]))
|
||||
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509]))
|
||||
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql]))
|
||||
0.000000 MetaHookPre CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1600794262.290585, node=zeek, filter=ip or not ip, init=T, success=T]))
|
||||
0.000000 MetaHookPre CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1600794430.221915, node=zeek, filter=ip or not ip, init=T, success=T]))
|
||||
0.000000 MetaHookPre CallFunction(Log::add_default_filter, <frame>, (Broker::LOG))
|
||||
0.000000 MetaHookPre CallFunction(Log::add_default_filter, <frame>, (Cluster::LOG))
|
||||
0.000000 MetaHookPre CallFunction(Log::add_default_filter, <frame>, (Config::LOG))
|
||||
|
|
@ -1407,7 +1407,7 @@
|
|||
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird]))
|
||||
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509]))
|
||||
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql]))
|
||||
0.000000 MetaHookPre CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1600794262.290585, node=zeek, filter=ip or not ip, init=T, success=T]))
|
||||
0.000000 MetaHookPre CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1600794430.221915, node=zeek, filter=ip or not ip, init=T, success=T]))
|
||||
0.000000 MetaHookPre CallFunction(NetControl::check_plugins, <frame>, ())
|
||||
0.000000 MetaHookPre CallFunction(NetControl::init, <null>, ())
|
||||
0.000000 MetaHookPre CallFunction(Notice::want_pp, <frame>, ())
|
||||
|
|
@ -1770,7 +1770,6 @@
|
|||
0.000000 MetaHookPre LoadFile(0, base<...>/control)
|
||||
0.000000 MetaHookPre LoadFile(0, base<...>/data.bif.zeek)
|
||||
0.000000 MetaHookPre LoadFile(0, base<...>/dce-rpc)
|
||||
0.000000 MetaHookPre LoadFile(0, base<...>/default)
|
||||
0.000000 MetaHookPre LoadFile(0, base<...>/dhcp)
|
||||
0.000000 MetaHookPre LoadFile(0, base<...>/dir.zeek)
|
||||
0.000000 MetaHookPre LoadFile(0, base<...>/directions-and-hosts.zeek)
|
||||
|
|
@ -1801,6 +1800,7 @@
|
|||
0.000000 MetaHookPre LoadFile(0, base<...>/input)
|
||||
0.000000 MetaHookPre LoadFile(0, base<...>/input.bif.zeek)
|
||||
0.000000 MetaHookPre LoadFile(0, base<...>/intel)
|
||||
0.000000 MetaHookPre LoadFile(0, base<...>/ip)
|
||||
0.000000 MetaHookPre LoadFile(0, base<...>/irc)
|
||||
0.000000 MetaHookPre LoadFile(0, base<...>/krb)
|
||||
0.000000 MetaHookPre LoadFile(0, base<...>/linux_sll)
|
||||
|
|
@ -2168,7 +2168,7 @@
|
|||
0.000000 | HookCallFunction Log::__create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])
|
||||
0.000000 | HookCallFunction Log::__create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])
|
||||
0.000000 | HookCallFunction Log::__create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])
|
||||
0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1600794262.290585, node=zeek, filter=ip or not ip, init=T, success=T])
|
||||
0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1600794430.221915, node=zeek, filter=ip or not ip, init=T, success=T])
|
||||
0.000000 | HookCallFunction Log::add_default_filter(Broker::LOG)
|
||||
0.000000 | HookCallFunction Log::add_default_filter(Cluster::LOG)
|
||||
0.000000 | HookCallFunction Log::add_default_filter(Config::LOG)
|
||||
|
|
@ -2349,7 +2349,7 @@
|
|||
0.000000 | HookCallFunction Log::create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])
|
||||
0.000000 | HookCallFunction Log::create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])
|
||||
0.000000 | HookCallFunction Log::create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])
|
||||
0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1600794262.290585, node=zeek, filter=ip or not ip, init=T, success=T])
|
||||
0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1600794430.221915, node=zeek, filter=ip or not ip, init=T, success=T])
|
||||
0.000000 | HookCallFunction NetControl::check_plugins()
|
||||
0.000000 | HookCallFunction NetControl::init()
|
||||
0.000000 | HookCallFunction Notice::want_pp()
|
||||
|
|
@ -2724,7 +2724,6 @@
|
|||
0.000000 | HookLoadFile base<...>/control
|
||||
0.000000 | HookLoadFile base<...>/data.bif.zeek
|
||||
0.000000 | HookLoadFile base<...>/dce-rpc
|
||||
0.000000 | HookLoadFile base<...>/default
|
||||
0.000000 | HookLoadFile base<...>/dhcp
|
||||
0.000000 | HookLoadFile base<...>/dir.zeek
|
||||
0.000000 | HookLoadFile base<...>/directions-and-hosts.zeek
|
||||
|
|
@ -2755,6 +2754,7 @@
|
|||
0.000000 | HookLoadFile base<...>/input
|
||||
0.000000 | HookLoadFile base<...>/input.bif.zeek
|
||||
0.000000 | HookLoadFile base<...>/intel
|
||||
0.000000 | HookLoadFile base<...>/ip
|
||||
0.000000 | HookLoadFile base<...>/irc
|
||||
0.000000 | HookLoadFile base<...>/krb
|
||||
0.000000 | HookLoadFile base<...>/linux_sll
|
||||
|
|
@ -2822,7 +2822,7 @@
|
|||
0.000000 | HookLoadFile base<...>/xmpp
|
||||
0.000000 | HookLoadFile base<...>/zeek.bif.zeek
|
||||
0.000000 | HookLogInit packet_filter 1/1 {ts (time), node (string), filter (string), init (bool), success (bool)}
|
||||
0.000000 | HookLogWrite packet_filter [ts=1600794262.290585, node=zeek, filter=ip or not ip, init=T, success=T]
|
||||
0.000000 | HookLogWrite packet_filter [ts=1600794430.221915, node=zeek, filter=ip or not ip, init=T, success=T]
|
||||
0.000000 | HookQueueEvent NetControl::init()
|
||||
0.000000 | HookQueueEvent filter_change_tracking()
|
||||
0.000000 | HookQueueEvent zeek_init()
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue