Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
11806 commits 387 branches 195 tags 255 MiB
Commit graph

12 commits

Author SHA1 Message Date
Johanna Amann
e310734d7b Add new ssl-log-ext policy script 
This policy script significantly extends the details that are logged
about SSL/TLS handshakes.

I am a bit tempted to just make this part of the default log - but it
does add a bunch logging overhead for each connection.
 2021-06-29 09:45:25 +01:00
Johanna Amann
279a060fae Deprecate extract-certs-pem.zeek and add log-certs-base64.zeek 
Extract-certs-pem writes pem files to a dedicated file; since it does
not really work in cluster-environments it was never super helpful.

This commit deprecates this file and, instead, adds
log-certs-base64.zeek, which adds the base64-encoded certificate (which
is basically equivalent with a PEM) to the log-file. Since, nowadays,
the log-files are deduplicates this should not add a huge overhead.
 2021-06-29 09:45:18 +01:00
Tim Wojtulewicz
c3cf36e135 GH-1221: Add unknown_protocols.log for logging packet analyzer lookup failures 2020-11-09 20:37:26 -07:00
Ryan Victory
63d99595fe Modified the DNS protocol analyzer to add a new parameter to the dns_request event which includes the DNS query in its original case. Added a policy script that will add the original_case to the dns.log file as well. Created new btests to test both. 2020-06-17 10:13:04 -05:00
Jon Siwek
aeef4bf030 Merge branch 'topic/jgras/dpd-late-match' of https://github.com/J-Gras/zeek 
* 'topic/jgras/dpd-late-match' of https://github.com/J-Gras/zeek:
  Improve dpd_late_match event generation.
  Improve logging of speculative service.
  Update test-all-policy script.
  Add speculative service script.
  Allow to handle late DPD matches.
 2019-09-17 11:17:41 -07:00
Jan Grashoefer
a810365f0e Update test-all-policy script. 2019-08-30 11:30:33 +02:00
Johanna Amann
0f96a9dedf Disable MQTT by default 
To enable MQTT, one has to load policy/scripts/mqtt. Like with smb in
2.5, the consts are loaded by default.
 2019-08-05 17:04:39 -07:00
Jon Siwek
b5050437fa GH-379: move catch-and-release and unified2 scripts to policy/ 
These are no longer loaded by default due to the performance impact they
cause simply by being loaded (they have event handlers for commonly
generated events) and they aren't generally useful enough to justify it.
 2019-06-05 13:33:45 -07:00
Daniel Thayer
be182aac83 More bro-to-zeek renaming in scripts and other files 2019-05-16 02:36:41 -05:00
Jon Siwek
f2f06d66c0 Remove previously deprecated policy/protocols/smb/__load__ 2019-05-02 20:50:30 -07:00
Johanna Amann
5d44735209 Remove deprecated functions/events 
This commit removed functions/events that have been deprecated in Bro
2.6. It also removes the detection code that checks if the old
communication framework is used (since all the functions that are
checked were removed).

Addresses parts of GH-243
 2019-05-02 12:06:39 -07:00
Daniel Thayer
18bd74454b Rename all scripts to have ".zeek" file extension 2019-04-11 21:12:40 -05:00