mirror of
https://github.com/zeek/zeek.git
synced 2025-10-13 12:08:20 +00:00
17d0ade26a
By default this only logs all the violations, regardless of the confirmation state (for which there's still dpd.log). It includes packet, protocol and file analyzers. This uses options, change handlers and event groups for toggling the functionality at runtime. Closes #2031
14 lines
1.3 KiB
Text
14 lines
1.3 KiB
Text
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
|
#separator \x09
|
|
#set_separator ,
|
|
#empty_field (empty)
|
|
#unset_field -
|
|
#path analyzer
|
|
#open XXXX-XX-XX-XX-XX-XX
|
|
#fields ts cause analyzer_kind analyzer_name uid fuid id.orig_h id.orig_p id.resp_h id.resp_p failure_reason failure_data
|
|
#types time string string string string string addr port addr port string string
|
|
XXXXXXXXXX.XXXXXX violation packet TEREDO CHhAvVGS1DHFjwGM9 - 141.142.220.202 5353 224.0.0.251 5353 Bad Teredo encapsulation \x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x06gemini\x09_sftp-ssh\x04_tcp\x05lo
|
|
XXXXXXXXXX.XXXXXX violation packet TEREDO ClEkJM2Vm5giqnMf4h - fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 Bad Teredo encapsulation \x00\x00\x84\x00\x00\x00\x00\x01\x00\x00\x00\x04\x06gemini\x09_sftp-ssh\x04_tcp\x05local
|
|
XXXXXXXXXX.XXXXXX violation packet TEREDO C4J4Th3PJpwUYZZ6gc - 141.142.220.50 5353 224.0.0.251 5353 Bad Teredo encapsulation \x00\x00\x84\x00\x00\x00\x00\x01\x00\x00\x00\x04\x06gemini\x09_sftp-ssh\x04_tcp\x05local
|
|
XXXXXXXXXX.XXXXXX violation packet TEREDO Cipfzj1BEnhejw8cGf - 141.142.220.44 5353 224.0.0.251 5353 Bad Teredo encapsulation \x00\x00\x00\x00\x00\x01\x00\x01\x00\x00\x00\x00\x05gomez\x09_sftp-ssh\x04_tcp\x05local\x00
|
|
#close XXXX-XX-XX-XX-XX-XX
|