mirror of
https://github.com/zeek/zeek.git
synced 2025-10-05 08:08:19 +00:00
59f0477d29
This is a small caveat to this implementation. The ethernet header that is carried over the tunnel is ignored. If a user tries to do MAC address logging, it will only show the MAC addresses for the outer tunnel and the inner MAC addresses will be stripped and not available anywhere.
10 lines
351 B
Text
10 lines
351 B
Text
#separator \x09
|
|
#set_separator ,
|
|
#empty_field (empty)
|
|
#unset_field -
|
|
#path tunnel
|
|
#open 2017-02-03-20-27-11
|
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action
|
|
#types time string addr port addr port enum enum
|
|
1442309933.472798 CHhAvVGS1DHFjwGM9 10.200.0.3 0 10.200.0.224 0 Tunnel::GRE Tunnel::DISCOVER
|
|
#close 2017-02-03-20-27-11
|