mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 22:58:20 +00:00
3bce313b12
This commit switches UID hashing from md5 to a highway hash. It also moves the salt value out of the file plugin - and makes it installation-specific instead - it is moved to the global namespace. There now are digest hash functions to make "static" installation-specific hashes that are stable over workers available to everyone; hashes can be 64, 128 or 256 bits in size. Due to the fact that we switch the file hashing algorithm, all file hashes change. The underlyigng algorithm that is used for hashing is highwayhash-128, which is significantly faster than md5.
13 lines
1,018 B
Text
13 lines
1,018 B
Text
#separator \x09
|
|
#set_separator ,
|
|
#empty_field (empty)
|
|
#unset_field -
|
|
#path files
|
|
#open 2020-04-30-00-47-31
|
|
#fields ts fuid tx_hosts rx_hosts conn_uids source depth analyzers mime_type filename duration local_orig is_orig seen_bytes total_bytes missing_bytes overflow_bytes timedout parent_fuid
|
|
#types time string set[addr] set[addr] set[string] string count set[string] string string interval bool bool count count count count bool string
|
|
1254722770.692743 FmFp351N5nhsMmAfQg 10.10.1.4 74.53.140.153 CHhAvVGS1DHFjwGM9 SMTP 3 (empty) text/plain - 0.000000 - T 77 - 0 0 F -
|
|
1254722770.692743 Fqrb1K5DWEfgy4WU2 10.10.1.4 74.53.140.153 CHhAvVGS1DHFjwGM9 SMTP 4 (empty) text/html - 0.000061 - T 1868 - 0 0 F -
|
|
1254722770.692804 FEFYSd1s8Onn9LynKj 10.10.1.4 74.53.140.153 CHhAvVGS1DHFjwGM9 SMTP 5 (empty) text/plain NEWS.txt 1.165512 - T 10809 - 0 0 F -
|
|
1437831787.905375 Fc5KpS3kUYqDLwWSMf 192.168.133.100 192.168.133.102 CUM0KZ3MLUfNB0cl11 SMTP 1 (empty) text/plain - 0.000000 - T 204 - 0 0 F -
|
|
#close 2020-04-30-00-47-31
|