Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-13 12:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Implement X509 certificate log caching

Browse source 
By default, each certificate is now output only once per hour. This also
should work in cluster mode, where we use the net broker-table-syncing
feature to distribute the information about already seen certificates
across the entire cluster.

Log caching is also pretty configureable and can be changed using a
range of confiuration options and hooks.

Note that this is currently completely separate from X509 events
caching, which prevents duplicate parsing of X509 certificates.
This commit is contained in:
Johanna Amann 2021-06-28 15:41:57 +01:00
parent 311e113ff6
commit dde1e2e77e
17 changed files with 400 additions and 152 deletions
Download patch file Download diff file Expand all files Collapse all files

2
testing/btest/scripts/base/protocols/ftp/gridftp.test
View file

@ -10,6 +10,8 @@ module GridFTP;
redef size_threshold = 2;
redef X509::relog_known_certificates_after = 0secs;
redef enum Notice::Type += {
Data_Channel
};