Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
11341 commits 386 branches 195 tags 256 MiB
Commit graph

9 commits

Author SHA1 Message Date
Christian Kreibich
1bd658da8f Support for log filter policy hooks 
This adds a "policy" hook into the logging framework's streams and
filters to replace the existing log filter predicates. The hook
signature is as follows:

    hook(rec: any, id: Log::ID, filter: Log::Filter);

The logging manager invokes hooks on each log record. Hooks can veto
log records via a break, and modify them if necessary. Log filters
inherit the stream-level hook, but can override or remove the hook as
needed.

The distribution's existing log streams now come with pre-defined
hooks that users can add handlers to. Their name is standardized as
"log_policy" by convention, with additional suffixes when a module
provides multiple streams. The following adds a handler to the Conn
module's default log policy hook:

    hook Conn::log_policy(rec: Conn::Info, id: Log::ID, filter: Log::Filter)
            {
            if ( some_veto_reason(rec) )
                break;
            }

By default, this handler will get invoked for any log filter
associated with the Conn::LOG stream.

The existing predicates are deprecated for removal in 4.1 but continue
to work.
 2020-09-30 12:32:45 -07:00
Jon Siwek
81ab0b0d05 Use explicit path name for NTP log stream 
For consistency (we do this for all other logs) and just to avoid
the extra path function calls.
 2019-10-25 10:38:58 -07:00
Seth Hall
7626344122 Tiny tweaks to try and address ticket #506 2019-07-31 11:17:53 -04:00
Jon Siwek
e2dc0092f3 Merge branch 'ntp-rewrite' of https://github.com/mauropalumbo75/zeek 
* 'ntp-rewrite' of https://github.com/mauropalumbo75/zeek: (25 commits)
  update tests baseline
  Apply requested changes: - file dpd.sig and TODO comments for signature protocol detection removed - missing doc field filled in events.bif - rename OpCode and ReqCode fields into op_code and req_code respectively - removed unnecessary child method in NTP.h/.cc - main.zeek and ntp-protocol.pac reformatted
  minor changes in the documentation
  fix some initializations
  fix wrong assignment of control key_id/crypto_checksum
  code clean up
  add extension fields parsing
  add extended mac field with 20 byte digest (+4 byte key id)
  update tests and add a new one for key_id and mac
  fix auth field (key_id and mac) in standard and control msg
  remove old NTP record in init-bare.zeek
  fix key_id and digest (WIP)
  fix wrong Assign with reference_id
  add tests for ntp protocol (finished)
  add tests for ntp protocol (WIP)
  fix problem with time vals
  add ntp records to init-bare.zeek
  update ntp analyzer to val_mgr
  extend and refact script-side of NTP analyzer
  extend and refactor several fields
  ...
 2019-06-15 19:11:34 -07:00
Mauro Palumbo
32663cec04 Apply requested changes: 
- file dpd.sig and TODO comments for signature protocol detection removed
- missing doc field filled in events.bif
- rename OpCode and ReqCode fields into op_code and req_code respectively
- removed unnecessary child method in NTP.h/.cc
- main.zeek and ntp-protocol.pac reformatted
 2019-06-14 12:30:29 +02:00
Mauro Palumbo
2cd2c65fe3 fix auth field (key_id and mac) in standard and control msg 2019-06-06 16:38:05 +02:00
Palumbo Mauro
ce07b10aa8 extend and refact script-side of NTP analyzer 2019-06-03 17:50:32 +02:00
Vlad Grigorescu
2005a76896 WIP: BinPAC NTP analyzer 2019-05-29 09:37:55 -05:00
Vlad Grigorescu
be4f6eae0e Ran binpac_quickstart for NTP (UDP, not buffered) 2019-05-29 09:04:48 -05:00