Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-08 01:28:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

file_analysis/Analyzer: Limit maximum number of violations

Browse source 
Just the same as for protocol analyzers, prevent from violation event overload.
This commit is contained in:
Arne Welzel 2022-10-17 10:23:01 +02:00 committed by Tim Wojtulewicz
parent e688bfcf73
commit fa956efa79
7 changed files with 58 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

2
testing/btest/plugins/file-plugin/src/Foo.cc
View file

@ -25,7 +25,7 @@ bool Foo::DeliverStream(const u_char* data, uint64_t len)
AnalyzerConfirmation();
zeek::event_mgr.Enqueue(foo_piece, GetFile()->ToVal(),
zeek::make_intrusive<zeek::StringVal>(new zeek::String(data, len, 0)));
if ( ++i % 5 == 0 )
if ( ++i % 3 == 0 )
{
uint64_t threshold = 16;
AnalyzerViolation(zeek::util::fmt("test violation %d", i),