Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-08 09:38:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
9240 commits 385 branches 195 tags 262 MiB
Commit graph

5 commits

Author SHA1 Message Date
Johanna Amann
e5db1f085c Merge remote-tracking branch 'origin/topic/jsiwek/gh-684-fix-rpc-parsing' 
* origin/topic/jsiwek/gh-684-fix-rpc-parsing:
  GH-684: Fix parsing of RPC calls with non-AUTH_UNIX flavors

Addresses GH-684
 2019-11-21 08:50:28 -08:00
Jon Siwek
37a478ae99 GH-684: Fix parsing of RPC calls with non-AUTH_UNIX flavors 
The parsing logic that should be specific to the AUTH_UNIX credential
flavor was previously applied unconditionally to other flavors.
 2019-11-13 13:14:14 -08:00
Jon Siwek
31f60853c9 GH-646: add new "successful_connection_remove" event 
And switch Zeek's base scripts over to using it in place of
"connection_state_remove".  The difference between the two is
that "connection_state_remove" is raised for all events while
"successful_connection_remove" excludes TCP connections that were never
established (just SYN packets).  There can be performance benefits
to this change for some use-cases.

There's also a new event called ``connection_successful`` and a new
``connection`` record field named "successful" to help indicate this new
property of connections.
 2019-11-11 19:52:59 -08:00
Jon Siwek
0350004f1e Add return value checks for some RPC parsing functions 2018-10-04 11:33:57 -05:00
Devin Trejo
f6cf4a41ff Add unit tests for new MOUNT events -- mount_proc_mnt, mount_proc_umnt, 
mount_proc_umnt_all, mount_proc_not_implemented.
 2018-01-11 17:00:15 -05:00