Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-17 05:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

DPD: log analyzers that have confirmed

Browse source 
This switches the DPD logic to always log analyzers that raised a
protocol confirmation.

The logic is that, once a protocol has been confirmed - and thus there
probably is log output - it does not make sense to later remove it from
the log. It does make sense to somehow flag it as failed - but that
seems like a secondary step.
This commit is contained in:
Johanna Amann 2025-01-30 15:30:59 +00:00
parent e411153f0d
commit e6ed61c47a
7 changed files with 12 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

2
testing/btest/Baseline/scripts.base.protocols.modbus.events/conn-first.log
View file

@ -14,6 +14,6 @@ XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 10.0.0.9 3082 10.0.0.3 502 tcp modbus 177.0
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 10.0.0.57 2585 10.0.0.8 502 tcp - 76.561880 926 0 SF T T 0 ShADafF 8 1254 7 288 - 6
XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 10.0.0.8 502 10.0.0.57 4446 tcp - 155.114237 128 0 SF T T 0 ShADaFf 16 776 15 608 - 6
XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 192.168.66.235 2582 166.161.16.230 502 tcp - 2.905078 0 0 S0 T F 0 S 2 96 0 0 - 6
XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 192.168.66.235 2582 166.161.16.230 502 tcp - 85.560847 1692 1278 S1 T F 0 ShADad 167 8380 181 8522 - 6
XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 192.168.66.235 2582 166.161.16.230 502 tcp modbus 85.560847 1692 1278 S1 T F 0 ShADad 167 8380 181 8522 - 6
XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 10.1.1.234 51411 10.10.5.85 502 tcp modbus 2100.811351 237936 4121200 S2 T T 0 ShADdaF 39659 2300216 20100 5166412 - 6
#close XXXX-XX-XX-XX-XX-XX