Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-04 15:48:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

New script misc/dump-events.bro, along with core support, that dumps events Bro is raising

Browse source 
in an easily readable form.

This is for debugging purposes, obviously.

Example, including only SMTP events:

    > bro -r smtp.trace misc/dump-events.bro DumpEvents::include=/smtp/

    [...]
    1254722768.219663 smtp_reply
                  [0] c: connection   = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, [...]
                  [1] is_orig: bool   = F
                  [2] code: count     = 220
                  [3] cmd: string     = >
                  [4] msg: string     = xc90.websitewelcome.com ESMTP Exim 4.69 #1 Mon, 05 Oct 2009 01:05:54 -0500
                  [5] cont_resp: bool = T

    1254722768.219663 smtp_reply
                  [0] c: connection   = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, [...]
                  [1] is_orig: bool   = F
                  [2] code: count     = 220
                  [3] cmd: string     = >
                  [4] msg: string     = We do not authorize the use of this system to transport unsolicited,
                  [5] cont_resp: bool = T
    [...]
This commit is contained in:
Robin Sommer 2013-11-22 14:17:15 -08:00
parent 08c7dd3d71
commit de9f03b0bf
7 changed files with 126 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/NetVar.h
View file

@ -239,6 +239,8 @@ extern RecordType* script_id;
extern TableType* id_table;
extern RecordType* record_field;
extern TableType* record_field_table;
extern RecordType* call_argument;
extern VectorType* call_argument_vector;
extern StringVal* cmd_line_bpf_filter;