mirror of
https://github.com/zeek/zeek.git
synced 2025-10-05 16:18:19 +00:00
bf9b983f00
* 'known_services_multiprotocols' of https://github.com/mauropalumbo75/zeek: improve logging with broker store drop services starting with - remove service from key for Cluster::publish_hrw remove check for empty services update tests order list of services in store key remove repeated services in logs if already seen add multiprotocol known_services when Known::use_service_store = T remove hyphen in front of some services (for example -HTTP, -SSL) In some cases, there is an hyphen before the protocol name in the field connection$service. This can cause problems in known_services and is removed here. It originates probably in some analyzer where it would be better removed in the future. add multiprotocol known_services when Known::use_service_store = F Changes during merge: * whitespace * add unit test
11 lines
314 B
Text
11 lines
314 B
Text
#separator \x09
|
|
#set_separator ,
|
|
#empty_field (empty)
|
|
#unset_field -
|
|
#path known_services
|
|
#open 2019-08-09-17-38-17
|
|
#fields ts host port_num port_proto service
|
|
#types time addr port enum set[string]
|
|
1455718916.856316 192.168.2.230 443 tcp SSH
|
|
1455718922.796688 192.168.2.230 443 tcp SSL
|
|
#close 2019-08-09-17-38-18
|