mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
17d0ade26a
By default this only logs all the violations, regardless of the confirmation state (for which there's still dpd.log). It includes packet, protocol and file analyzers. This uses options, change handlers and event groups for toggling the functionality at runtime. Closes #2031
29 lines
893 B
Text
29 lines
893 B
Text
# Sets some testing specific options.
|
|
|
|
@load external-ca-list
|
|
|
|
@ifdef ( SMTP::never_calc_md5 )
|
|
# MDD5s can depend on libmagic output.
|
|
redef SMTP::never_calc_md5 = T;
|
|
@endif
|
|
|
|
@ifdef ( LogAscii::use_json )
|
|
# Don't start logging everything as JSON.
|
|
# (json-logs.zeek activates this).
|
|
redef LogAscii::use_json = F;
|
|
@endif
|
|
|
|
# Exclude process metrics, they are non-deterministic.
|
|
redef Telemetry::log_prefixes -= { "process" };
|
|
|
|
# Prevent the version_info metric from being logged as it's not deterministic.
|
|
hook Telemetry::log_policy(rec: Telemetry::Info, id: Log::ID, filter: Log::Filter)
|
|
{
|
|
if ( rec$prefix == "zeek" && rec$name == "version_info" )
|
|
break;
|
|
}
|
|
|
|
# The IMAP analyzer includes absolute filenames in its error messages,
|
|
# exclude it for now from analyzer.log.
|
|
# https://github.com/zeek/zeek/issues/2659
|
|
redef Analyzer::Logging::ignore_analyzers += { Analyzer::ANALYZER_IMAP };
|