mirror of
https://github.com/zeek/zeek.git
synced 2025-10-03 07:08:19 +00:00
31f60853c9
And switch Zeek's base scripts over to using it in place of "connection_state_remove". The difference between the two is that "connection_state_remove" is raised for all events while "successful_connection_remove" excludes TCP connections that were never established (just SYN packets). There can be performance benefits to this change for some use-cases. There's also a new event called ``connection_successful`` and a new ``connection`` record field named "successful" to help indicate this new property of connections. |
||
|---|---|---|
| .. | ||
| http.out | ||
| icmp.out | ||
| no-handshake.out | ||
| syn-synack.out | ||
| syn.out | ||
| udp.out | ||