mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
242db4981d
Skimming through the RFC, the previous approach of having containers for most fields seems unfounded for normal protocol operation. The new weirds could just as well be considered protocol violations. Outside of duplicated or missed data they just shouldn't happen for well-behaved client/server behavior. Additionally, with non-conformant traffic it would be trivial to cause unbounded state growth and immense log record sizes. Unfortunately, things have become a bit clunky now. Closes #3504
11 lines
634 B
Text
11 lines
634 B
Text
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
|
#separator \x09
|
|
#set_separator ,
|
|
#empty_field (empty)
|
|
#unset_field -
|
|
#path ldap_search
|
|
#open XXXX-XX-XX-XX-XX-XX
|
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p message_id scope deref_aliases base_object result_count result diagnostic_message filter attributes
|
|
#types time string addr port addr port int string string string count string string string vector[string]
|
|
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.31.1.104 3116 172.31.1.101 389 213 base never - 1 success - (objectclass=*) -
|
|
#close XXXX-XX-XX-XX-XX-XX
|