zeek/testing/btest/scripts/base/frameworks/analyzer/dpd-logging-configuration.zeek at 2f712c3c247019e6eef5419fe8bb037a02775eaf - Mirror/zeek - git.uphillsecurity.com: We code.

Mirror/zeek

mirror of https://github.com/zeek/zeek.git synced 2025-10-05 08:08:19 +00:00

Johanna Amann 2f712c3c24 Allow to track service violations in conn.log.

This introduces ian options, DPD::track_removed_services_in_connection.
It adds failed services to the services column, prefixed with a
"-".

Alternatively, this commit also adds
policy/protocols/conn/failed-services.zeek, which provides the same
information in a new column in conn.log.

2025-01-30 16:59:44 +00:00

7 lines

256 B

Text

Raw Blame History

 # @TEST-DOC: Check if DPD options on violations work.
 # @TEST-EXEC: zeek -r $TRACES/ftp/ftp-invalid-reply-code.pcap %INPUT
 # @TEST-EXEC: btest-diff conn.log
 @load policy/protocols/conn/failed-services
 redef DPD::track_removed_services_in_connection = T;