Mirror/zeek - git.uphillsecurity.com: We code.

Mirror/zeek

Fork 0

mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00

Commit graph

Author	SHA1	Message	Date
Johanna Amann	b8c135d7cb	Remove violating analyzer from services field again This reverts some of the recent DPD changes; specifically violations trigger removal from the services field, again, by default. Discussion in GH-4521	2025-03-04 15:10:49 +00:00
Johanna Amann	e6ed61c47a	DPD: log analyzers that have confirmed This switches the DPD logic to always log analyzers that raised a protocol confirmation. The logic is that, once a protocol has been confirmed - and thus there probably is log output - it does not make sense to later remove it from the log. It does make sense to somehow flag it as failed - but that seems like a secondary step.	2025-01-30 16:59:44 +00:00
Arne Welzel	85ca59484b	postgresql: Initial parser implementation This adds a protocol parser for the PostgreSQL protocol and a new postgresql.log similar to the existing mysql.log. This should be considered preliminary and hopefully during 7.1 and 7.2 with feedback from the community, we can improve on the events and logs. Even if most PostgreSQL communication is encrypted in the real-world, this will minimally allow monitoring of the SSLRequest and hand off further analysis to the SSL analyzer. This originates from github.com/awelzel/spicy-postgresql, with lots of polishing happening in the past two days.	2024-09-06 16:10:48 +02:00

Author

SHA1

Message

Date

Johanna Amann

b8c135d7cb

Remove violating analyzer from services field again

This reverts some of the recent DPD changes; specifically violations
trigger removal from the services field, again, by default.

Discussion in GH-4521

2025-03-04 15:10:49 +00:00

Johanna Amann

e6ed61c47a

DPD: log analyzers that have confirmed

This switches the DPD logic to always log analyzers that raised a
protocol confirmation.

The logic is that, once a protocol has been confirmed - and thus there
probably is log output - it does not make sense to later remove it from
the log. It does make sense to somehow flag it as failed - but that
seems like a secondary step.

2025-01-30 16:59:44 +00:00

Arne Welzel

85ca59484b

postgresql: Initial parser implementation

This adds a protocol parser for the PostgreSQL protocol and a new
postgresql.log similar to the existing mysql.log.

This should be considered preliminary and hopefully during 7.1 and 7.2
with feedback from the community, we can improve on the events and logs.
Even if most PostgreSQL communication is encrypted in the real-world, this
will minimally allow monitoring of the SSLRequest and hand off further
analysis to the SSL analyzer.

This originates from github.com/awelzel/spicy-postgresql, with lots of
polishing happening in the past two days.

2024-09-06 16:10:48 +02:00

3 commits