mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
20ace6209f
The changes are mostly quite minor. The main change reasons are: * analyzers that were confirmed, and later removed now show up in the conn.log. * a couple of removed lines in analyzer.log, because non-confirmed analyzers get removed more quickly. * in some cases there are additional lines in analyzer.log. These are cases in which an analyzer gets removed due to a violation and then re-attached because of a later signature match, which replays the violating content. In all examples that I have so far, this is caused by both sides of a connection speaking a differing protocol. There probably should be a better way to handle this - but it works. * new column for failed analyzers in conn.log
20 lines
589 B
Text
20 lines
589 B
Text
# Sets some testing specific options.
|
|
|
|
@load external-ca-list
|
|
@load protocols/conn/failed-services
|
|
|
|
@ifdef ( SMTP::never_calc_md5 )
|
|
# MDD5s can depend on libmagic output.
|
|
redef SMTP::never_calc_md5 = T;
|
|
@endif
|
|
|
|
@ifdef ( LogAscii::use_json )
|
|
# Don't start logging everything as JSON.
|
|
# (json-logs.zeek activates this).
|
|
redef LogAscii::use_json = F;
|
|
@endif
|
|
|
|
# The IMAP analyzer includes absolute filenames in its error messages,
|
|
# exclude it for now from analyzer.log.
|
|
# https://github.com/zeek/zeek/issues/2659
|
|
redef Analyzer::Logging::ignore_analyzers += { Analyzer::ANALYZER_IMAP };
|