Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-06 00:28:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
zeek/testing/btest/Baseline/scripts.base.frameworks.analyzer.logging/analyzer.log-include-confirmations
Arne Welzel 17d0ade26a analyzer: Add analyzer.log for logging violations/confirmations 
By default this only logs all the violations, regardless of the
confirmation state (for which there's still dpd.log). It includes
packet, protocol and file analyzers.

This uses options, change handlers and event groups for toggling
the functionality at runtime.

Closes #2031
2023-01-09 18:11:49 +01:00

46 lines
4.6 KiB
Text
Raw Blame History

### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path analyzer
#open XXXX-XX-XX-XX-XX-XX
#fields ts cause analyzer_kind analyzer_name uid fuid id.orig_h id.orig_p id.resp_h id.resp_p failure_reason failure_data
#types time string string string string string addr port addr port string string
XXXXXXXXXX.XXXXXX violation packet TEREDO CHhAvVGS1DHFjwGM9 - 141.142.220.202 5353 224.0.0.251 5353 Bad Teredo encapsulation \x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x06gemini\x09_sftp-ssh\x04_tcp\x05lo
XXXXXXXXXX.XXXXXX confirmation protocol DNS CHhAvVGS1DHFjwGM9 - 141.142.220.202 5353 224.0.0.251 5353 - -
XXXXXXXXXX.XXXXXX violation packet TEREDO ClEkJM2Vm5giqnMf4h - fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 Bad Teredo encapsulation \x00\x00\x84\x00\x00\x00\x00\x01\x00\x00\x00\x04\x06gemini\x09_sftp-ssh\x04_tcp\x05local
XXXXXXXXXX.XXXXXX confirmation protocol DNS ClEkJM2Vm5giqnMf4h - fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 - -
XXXXXXXXXX.XXXXXX violation packet TEREDO C4J4Th3PJpwUYZZ6gc - 141.142.220.50 5353 224.0.0.251 5353 Bad Teredo encapsulation \x00\x00\x84\x00\x00\x00\x00\x01\x00\x00\x00\x04\x06gemini\x09_sftp-ssh\x04_tcp\x05local
XXXXXXXXXX.XXXXXX confirmation protocol DNS C4J4Th3PJpwUYZZ6gc - 141.142.220.50 5353 224.0.0.251 5353 - -
XXXXXXXXXX.XXXXXX confirmation protocol HTTP CUM0KZ3MLUfNB0cl11 - 141.142.220.118 48649 208.80.152.118 80 - -
XXXXXXXXXX.XXXXXX confirmation protocol DNS CmES5u32sYpV7JYN - 141.142.220.118 43927 141.142.2.2 53 - -
XXXXXXXXXX.XXXXXX confirmation protocol DNS CP5puj4I8PtEU4qzYg - 141.142.220.118 37676 141.142.2.2 53 - -
XXXXXXXXXX.XXXXXX confirmation protocol DNS C37jN32gN3y3AZzyf6 - 141.142.220.118 40526 141.142.2.2 53 - -
XXXXXXXXXX.XXXXXX confirmation protocol DNS C0LAHyvtKSQHyJxIl - 141.142.220.118 32902 141.142.2.2 53 - -
XXXXXXXXXX.XXXXXX confirmation protocol DNS CFLRIC3zaTU1loLGxh - 141.142.220.118 59816 141.142.2.2 53 - -
XXXXXXXXXX.XXXXXX confirmation protocol DNS C9rXSW3KSpTYvPrlI1 - 141.142.220.118 59714 141.142.2.2 53 - -
XXXXXXXXXX.XXXXXX confirmation protocol DNS C9mvWx3ezztgzcexV7 - 141.142.220.118 58206 141.142.2.2 53 - -
XXXXXXXXXX.XXXXXX confirmation protocol DNS CNnMIj2QSd84NKf7U3 - 141.142.220.118 38911 141.142.2.2 53 - -
XXXXXXXXXX.XXXXXX confirmation protocol DNS C7fIlMZDuRiqjpYbb - 141.142.220.118 59746 141.142.2.2 53 - -
XXXXXXXXXX.XXXXXX confirmation protocol DNS CpmdRlaUoJLN3uIRa - 141.142.220.118 45000 141.142.2.2 53 - -
XXXXXXXXXX.XXXXXX confirmation protocol DNS C1Xkzz2MaGtLrc1Tla - 141.142.220.118 48479 141.142.2.2 53 - -
XXXXXXXXXX.XXXXXX confirmation protocol DNS CqlVyW1YwZ15RhTBc4 - 141.142.220.118 48128 141.142.2.2 53 - -
XXXXXXXXXX.XXXXXX confirmation protocol DNS CBA8792iHmnhPLksKa - 141.142.220.118 56056 141.142.2.2 53 - -
XXXXXXXXXX.XXXXXX confirmation protocol DNS CGLPPc35OzDQij1XX8 - 141.142.220.118 55092 141.142.2.2 53 - -
XXXXXXXXXX.XXXXXX confirmation protocol HTTP CwjjYJ2WqgTbAqiHl6 - 141.142.220.118 49997 208.80.152.3 80 - -
XXXXXXXXXX.XXXXXX confirmation protocol HTTP C3eiCBGOLw3VtHfOj - 141.142.220.118 49996 208.80.152.3 80 - -
XXXXXXXXXX.XXXXXX confirmation protocol HTTP Ck51lg1bScffFj34Ri - 141.142.220.118 49998 208.80.152.3 80 - -
XXXXXXXXXX.XXXXXX confirmation protocol HTTP CykQaM33ztNt0csB9a - 141.142.220.118 49999 208.80.152.3 80 - -
XXXXXXXXXX.XXXXXX confirmation protocol HTTP CtxTCR2Yer0FR1tIBg - 141.142.220.118 50000 208.80.152.3 80 - -
XXXXXXXXXX.XXXXXX confirmation protocol HTTP CLNN1k2QMum1aexUK7 - 141.142.220.118 50001 208.80.152.3 80 - -
XXXXXXXXXX.XXXXXX confirmation protocol HTTP CiyBAq1bBLNaTiTAc - 141.142.220.118 35642 208.80.152.2 80 - -
XXXXXXXXXX.XXXXXX violation packet TEREDO Cipfzj1BEnhejw8cGf - 141.142.220.44 5353 224.0.0.251 5353 Bad Teredo encapsulation \x00\x00\x00\x00\x00\x01\x00\x01\x00\x00\x00\x00\x05gomez\x09_sftp-ssh\x04_tcp\x05local\x00
XXXXXXXXXX.XXXXXX confirmation protocol DNS Cipfzj1BEnhejw8cGf - 141.142.220.44 5353 224.0.0.251 5353 - -
XXXXXXXXXX.XXXXXX confirmation protocol DNS CV5WJ42jPYbNW9JNWf - 141.142.220.226 137 141.142.220.255 137 - -
XXXXXXXXXX.XXXXXX confirmation protocol DNS CPhDKt12KQPUVbQz06 - fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 - -
XXXXXXXXXX.XXXXXX confirmation protocol DNS CAnFrb2Cvxr5T7quOc - 141.142.220.226 55131 224.0.0.252 5355 - -
XXXXXXXXXX.XXXXXX confirmation protocol DNS C8rquZ3DjgNW06JGLl - fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 - -
XXXXXXXXXX.XXXXXX confirmation protocol DNS CzrZOtXqhwwndQva3 - 141.142.220.226 55671 224.0.0.252 5355 - -
XXXXXXXXXX.XXXXXX confirmation protocol DNS CaGCc13FffXe6RkQl9 - 141.142.220.238 56641 141.142.220.255 137 - -
#close XXXX-XX-XX-XX-XX-XX
Reference in a new issue View git blame Copy permalink