Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Add NEWS entry for ip_proto feature

Browse source
This commit is contained in:
Tim Wojtulewicz 2024-11-13 14:15:57 -07:00
parent e33aee8ca2
commit ec3794b43e
1 changed files with 9 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

9
NEWS
View file

@ -30,6 +30,15 @@ Breaking Changes
New Functionality
-----------------
* IP-based connections that were previously not logged due to using an unknown
IP protocol (e.g. not TCP, UDP, or ICMP) now appear in conn.log. All conn.log
entries have a new ``ip_proto`` column that indicates the numeric IP protocol
identifier used by the connection. A new policy script at
``policy/protocols/conn/ip-proto-name-logging.zeek`` can be loaded to also add
an ``ip_proto_name`` column with a string version of the ``ip_proto`` value.
This entire feature can be disabled by loading the new
``policy/protocols/conn/disable-unknown-ip-proto-support.zeek`` policy script.
- Zeek now includes a PostgreSQL protocol analyzer. This analyzer is enabled
by default. The analyzer's events and its ``postgresql.log`` should be
considered preliminary and experimental until the arrival of Zeek's next