Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Addresses BIT-1831

Browse source 
There is apparently some situation where a field wasn't being populated
which resulted in a reporter messsage.

Thanks to the report from Chris Herdt!
This commit is contained in:
Seth Hall 2017-08-01 16:24:44 -04:00
parent 310ef6974f
commit dbac2b1abb
3 changed files with 17 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

24
testing/btest/Baseline/scripts.base.protocols.ssh.basic/ssh.log
View file

@ -3,22 +3,22 @@
#empty_field (empty)
#unset_field -
#path ssh
#open 2016-10-13-19-57-11
#open 2017-08-01-16-26-21
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version auth_success auth_attempts direction client server cipher_alg mac_alg compression_alg kex_alg host_key_alg host_key
#types time string addr port addr port count bool count enum string string string string string string string string
1324071333.792887 CHhAvVGS1DHFjwGM9 192.168.1.79 51880 131.159.21.1 22 2 F 2 - SSH-2.0-OpenSSH_5.9 SSH-2.0-OpenSSH_5.8 aes128-ctr hmac-md5 none ecdh-sha2-nistp256 ssh-rsa a7:26:62:3f:75:1f:33:8a:f3:32:90:8b:73:fd:2c:83
1409516196.413240 ClEkJM2Vm5giqnMf4h 10.0.0.18 40184 128.2.6.88 41644 2 T 1 - SSH-2.0-OpenSSH_6.6 SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1.1 aes128-ctr hmac-md5 none ecdh-sha2-nistp256 ssh-rsa 8a:8d:55:28:1e:71:04:99:94:43:22:89:e5:ff:e9:03
1419870189.489202 C4J4Th3PJpwUYZZ6gc 192.168.2.1 57189 192.168.2.158 22 2 T 3 - SSH-2.0-OpenSSH_6.2 SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 aes128-ctr hmac-md5-etm@openssh.com none diffie-hellman-group-exchange-sha256 ssh-rsa 28:78:65:c1:c3:26:f7:1b:65:6a:44:14:d0:04:8f:b3
1419870206.111841 CtPZjS20MLrsMUOJi2 192.168.2.1 57191 192.168.2.158 22 1 - - - SSH-1.5-OpenSSH_6.2 SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 - - - - - a1:73:d1:e1:25:72:79:71:56:56:65:ed:81:bf:67:98
1419996264.344957 CUM0KZ3MLUfNB0cl11 192.168.2.1 55179 192.168.2.158 2200 2 - - - SSH-2.0-OpenSSH_6.2 SSH-2.0-paramiko_1.15.2 aes128-ctr hmac-sha1 none diffie-hellman-group14-sha1 ssh-rsa 60:73:38:44:cb:51:86:65:7f:de:da:a2:2b:5a:57:d5
1420588548.729561 CmES5u32sYpV7JYN 192.168.2.1 56594 192.168.2.158 22 1 - - - SSH-1.5-OpenSSH_5.3 SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 - - - - - a1:73:d1:e1:25:72:79:71:56:56:65:ed:81:bf:67:98
1420590124.885826 CP5puj4I8PtEU4qzYg 192.168.2.1 56821 192.168.2.158 22 1 - - - SSH-1.5-OpenSSH_6.2 SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 - - - - - a1:73:d1:e1:25:72:79:71:56:56:65:ed:81:bf:67:98
1420590308.781231 C37jN32gN3y3AZzyf6 192.168.2.1 56837 192.168.2.158 22 1 - - - SSH-1.5-OpenSSH_6.2 SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 - - - - - a1:73:d1:e1:25:72:79:71:56:56:65:ed:81:bf:67:98
1420590322.682536 C3eiCBGOLw3VtHfOj 192.168.2.1 56845 192.168.2.158 22 1 - - - SSH-1.5-OpenSSH_6.2 SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 - - - - - a1:73:d1:e1:25:72:79:71:56:56:65:ed:81:bf:67:98
1420590636.482711 CwjjYJ2WqgTbAqiHl6 192.168.2.1 56875 192.168.2.158 22 1 - - - SSH-1.5-OpenSSH_6.2 SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 - - - - - a1:73:d1:e1:25:72:79:71:56:56:65:ed:81:bf:67:98
1420590659.429570 C0LAHyvtKSQHyJxIl 192.168.2.1 56878 192.168.2.158 22 1 - - - SSH-1.5-OpenSSH_6.2 SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 - - - - - a1:73:d1:e1:25:72:79:71:56:56:65:ed:81:bf:67:98
1420591379.658705 CFLRIC3zaTU1loLGxh 192.168.2.1 56940 192.168.2.158 22 1 - - - SSH-1.5-OpenSSH_6.2 SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 - - - - - a1:73:d1:e1:25:72:79:71:56:56:65:ed:81:bf:67:98
1420599430.828441 C9rXSW3KSpTYvPrlI1 192.168.2.1 57831 192.168.2.158 22 1 - - - SSH-1.5-OpenSSH_6.2 SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 - - - - - a1:73:d1:e1:25:72:79:71:56:56:65:ed:81:bf:67:98
1419870206.111841 CtPZjS20MLrsMUOJi2 192.168.2.1 57191 192.168.2.158 22 1 - 0 - SSH-1.5-OpenSSH_6.2 SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 - - - - - a1:73:d1:e1:25:72:79:71:56:56:65:ed:81:bf:67:98
1419996264.344957 CUM0KZ3MLUfNB0cl11 192.168.2.1 55179 192.168.2.158 2200 2 - 0 - SSH-2.0-OpenSSH_6.2 SSH-2.0-paramiko_1.15.2 aes128-ctr hmac-sha1 none diffie-hellman-group14-sha1 ssh-rsa 60:73:38:44:cb:51:86:65:7f:de:da:a2:2b:5a:57:d5
1420588548.729561 CmES5u32sYpV7JYN 192.168.2.1 56594 192.168.2.158 22 1 - 0 - SSH-1.5-OpenSSH_5.3 SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 - - - - - a1:73:d1:e1:25:72:79:71:56:56:65:ed:81:bf:67:98
1420590124.885826 CP5puj4I8PtEU4qzYg 192.168.2.1 56821 192.168.2.158 22 1 - 0 - SSH-1.5-OpenSSH_6.2 SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 - - - - - a1:73:d1:e1:25:72:79:71:56:56:65:ed:81:bf:67:98
1420590308.781231 C37jN32gN3y3AZzyf6 192.168.2.1 56837 192.168.2.158 22 1 - 0 - SSH-1.5-OpenSSH_6.2 SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 - - - - - a1:73:d1:e1:25:72:79:71:56:56:65:ed:81:bf:67:98
1420590322.682536 C3eiCBGOLw3VtHfOj 192.168.2.1 56845 192.168.2.158 22 1 - 0 - SSH-1.5-OpenSSH_6.2 SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 - - - - - a1:73:d1:e1:25:72:79:71:56:56:65:ed:81:bf:67:98
1420590636.482711 CwjjYJ2WqgTbAqiHl6 192.168.2.1 56875 192.168.2.158 22 1 - 0 - SSH-1.5-OpenSSH_6.2 SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 - - - - - a1:73:d1:e1:25:72:79:71:56:56:65:ed:81:bf:67:98
1420590659.429570 C0LAHyvtKSQHyJxIl 192.168.2.1 56878 192.168.2.158 22 1 - 0 - SSH-1.5-OpenSSH_6.2 SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 - - - - - a1:73:d1:e1:25:72:79:71:56:56:65:ed:81:bf:67:98
1420591379.658705 CFLRIC3zaTU1loLGxh 192.168.2.1 56940 192.168.2.158 22 1 - 0 - SSH-1.5-OpenSSH_6.2 SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 - - - - - a1:73:d1:e1:25:72:79:71:56:56:65:ed:81:bf:67:98
1420599430.828441 C9rXSW3KSpTYvPrlI1 192.168.2.1 57831 192.168.2.158 22 1 - 0 - SSH-1.5-OpenSSH_6.2 SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 - - - - - a1:73:d1:e1:25:72:79:71:56:56:65:ed:81:bf:67:98
1420851448.310534 Ck51lg1bScffFj34Ri 192.168.2.1 59246 192.168.2.158 22 2 T 2 - SSH-2.0-OpenSSH_6.2 SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 arcfour256 hmac-md5-etm@openssh.com none diffie-hellman-group-exchange-sha256 ssh-rsa 28:78:65:c1:c3:26:f7:1b:65:6a:44:14:d0:04:8f:b3
1420860283.057451 C9mvWx3ezztgzcexV7 192.168.1.32 41164 128.2.10.238 22 2 T 5 - SSH-2.0-OpenSSH_6.6p1-hpn14v4 SSH-1.99-OpenSSH_3.4+p1+gssapi+OpenSSH_3.7.1buf_fix+2006100301 aes128-cbc hmac-md5 none diffie-hellman-group-exchange-sha1 ssh-rsa 7f:e5:81:92:26:77:05:44:c4:60:fb:cd:89:c8:81:ee
1420860616.428738 CNnMIj2QSd84NKf7U3 192.168.1.32 33910 128.2.13.133 22 2 T 1 - SSH-2.0-OpenSSH_6.6p1-hpn14v4 SSH-2.0-OpenSSH_5.3 aes128-ctr hmac-md5 none diffie-hellman-group-exchange-sha256 ssh-rsa 93:d8:4c:0d:b2:c3:2e:da:b9:c0:67:db:e4:8f:95:04
@ -28,4 +28,4 @@
1421041177.031508 CLNN1k2QMum1aexUK7 192.168.1.32 58641 131.103.20.168 22 2 F 1 - SSH-2.0-OpenSSH_6.7 SSH-2.0-OpenSSH_5.3 aes128-ctr hmac-md5 none diffie-hellman-group-exchange-sha256 ssh-rsa 97:8c:1b:f2:6f:14:6b:5c:3b:ec:aa:46:46:74:7c:40
1421041299.777962 CBA8792iHmnhPLksKa 192.168.1.32 58646 131.103.20.168 22 2 T 1 - SSH-2.0-OpenSSH_6.7 SSH-2.0-OpenSSH_5.3 aes128-ctr hmac-md5 none diffie-hellman-group-exchange-sha256 ssh-rsa 97:8c:1b:f2:6f:14:6b:5c:3b:ec:aa:46:46:74:7c:40
1421041526.353524 CGLPPc35OzDQij1XX8 192.168.1.32 58649 131.103.20.168 22 2 T 1 - SSH-2.0-OpenSSH_6.7 SSH-2.0-OpenSSH_5.3 aes128-ctr hmac-md5 none diffie-hellman-group-exchange-sha256 ssh-rsa 97:8c:1b:f2:6f:14:6b:5c:3b:ec:aa:46:46:74:7c:40
#close 2016-10-13-19-57-11
#close 2017-08-01-16-26-21