Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-11 02:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Fixed a problem where the Unified2 analyzer was attached to every file.

Browse source
This commit is contained in:
Seth Hall 2013-08-14 01:01:03 -04:00
parent efca3c0840
commit f8f465e259
2 changed files with 6 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

6
scripts/base/files/unified2/main.bro
View file

@ -136,7 +136,7 @@ event Unified2::read_classification_line(desc: Input::EventDescription, tpe: Inp
}
}
event bro_init()
event bro_init() &priority=5
{
Log::create_stream(Unified2::LOG, [$columns=Info, $ev=log_unified2]);
@ -200,8 +200,8 @@ event file_new(f: fa_file)
if ( |parts| == 3 )
file_dir = parts[1];
if ( f$source in watch_file ||
compress_path(watch_dir) == file_dir )
if ( (watch_file != "" && f$source == watch_file) ||
(watch_dir != "" && compress_path(watch_dir) == file_dir) )
{
Files::add_analyzer(f, Files::ANALYZER_UNIFIED2);
f$u2_events = table();