mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
31f60853c9
And switch Zeek's base scripts over to using it in place of "connection_state_remove". The difference between the two is that "connection_state_remove" is raised for all events while "successful_connection_remove" excludes TCP connections that were never established (just SYN packets). There can be performance benefits to this change for some use-cases. There's also a new event called ``connection_successful`` and a new ``connection`` record field named "successful" to help indicate this new property of connections.
231 lines
7.8 KiB
Text
231 lines
7.8 KiB
Text
0.000000 zeek_init
|
|
0.000000 filter_change_tracking
|
|
0.000000 NetControl::init
|
|
1254722767.492060 ChecksumOffloading::check
|
|
1254722767.492060 filter_change_tracking
|
|
1254722767.492060 new_connection
|
|
1254722767.492060 dns_message
|
|
1254722767.492060 dns_request
|
|
1254722767.492060 protocol_confirmation
|
|
1254722767.492060 dns_end
|
|
1254722767.526085 dns_message
|
|
1254722767.526085 dns_CNAME_reply
|
|
1254722767.526085 dns_A_reply
|
|
1254722767.526085 dns_end
|
|
1254722767.529046 new_connection
|
|
1254722767.875996 connection_established
|
|
1254722768.219663 smtp_reply
|
|
1254722768.219663 smtp_reply
|
|
1254722768.219663 smtp_reply
|
|
1254722768.224809 protocol_confirmation
|
|
1254722768.224809 smtp_request
|
|
1254722768.566183 smtp_reply
|
|
1254722768.566183 smtp_reply
|
|
1254722768.566183 smtp_reply
|
|
1254722768.566183 smtp_reply
|
|
1254722768.566183 smtp_reply
|
|
1254722768.566183 smtp_reply
|
|
1254722768.568729 smtp_request
|
|
1254722768.911081 smtp_reply
|
|
1254722768.911655 smtp_request
|
|
1254722769.253544 smtp_reply
|
|
1254722769.254118 smtp_request
|
|
1254722769.613798 smtp_reply
|
|
1254722769.614414 smtp_request
|
|
1254722769.956765 smtp_reply
|
|
1254722769.957250 smtp_request
|
|
1254722770.319708 smtp_reply
|
|
1254722770.320203 smtp_request
|
|
1254722770.320203 mime_begin_entity
|
|
1254722770.661679 smtp_reply
|
|
1254722770.692743 mime_one_header
|
|
1254722770.692743 mime_one_header
|
|
1254722770.692743 mime_one_header
|
|
1254722770.692743 mime_one_header
|
|
1254722770.692743 mime_one_header
|
|
1254722770.692743 mime_one_header
|
|
1254722770.692743 mime_one_header
|
|
1254722770.692743 mime_one_header
|
|
1254722770.692743 mime_one_header
|
|
1254722770.692743 mime_one_header
|
|
1254722770.692743 mime_one_header
|
|
1254722770.692743 mime_one_header
|
|
1254722770.692743 mime_begin_entity
|
|
1254722770.692743 mime_one_header
|
|
1254722770.692743 mime_begin_entity
|
|
1254722770.692743 mime_one_header
|
|
1254722770.692743 mime_one_header
|
|
1254722770.692743 get_file_handle
|
|
1254722770.692743 file_new
|
|
1254722770.692743 file_over_new_connection
|
|
1254722770.692743 mime_end_entity
|
|
1254722770.692743 get_file_handle
|
|
1254722770.692743 file_sniff
|
|
1254722770.692743 file_state_remove
|
|
1254722770.692743 get_file_handle
|
|
1254722770.692743 mime_begin_entity
|
|
1254722770.692743 mime_one_header
|
|
1254722770.692743 mime_one_header
|
|
1254722770.692743 get_file_handle
|
|
1254722770.692743 file_new
|
|
1254722770.692743 file_over_new_connection
|
|
1254722770.692804 mime_end_entity
|
|
1254722770.692804 get_file_handle
|
|
1254722770.692804 file_sniff
|
|
1254722770.692804 file_state_remove
|
|
1254722770.692804 get_file_handle
|
|
1254722770.692804 mime_end_entity
|
|
1254722770.692804 get_file_handle
|
|
1254722770.692804 get_file_handle
|
|
1254722770.692804 mime_begin_entity
|
|
1254722770.692804 mime_one_header
|
|
1254722770.692804 mime_one_header
|
|
1254722770.692804 mime_one_header
|
|
1254722770.692804 get_file_handle
|
|
1254722770.692804 file_new
|
|
1254722770.692804 file_over_new_connection
|
|
1254722770.695115 new_connection
|
|
1254722771.494181 file_sniff
|
|
1254722771.858334 mime_end_entity
|
|
1254722771.858334 get_file_handle
|
|
1254722771.858334 file_state_remove
|
|
1254722771.858334 get_file_handle
|
|
1254722771.858334 mime_end_entity
|
|
1254722771.858334 get_file_handle
|
|
1254722771.858334 get_file_handle
|
|
1254722771.858334 get_file_handle
|
|
1254722771.858334 get_file_handle
|
|
1254722771.858334 smtp_request
|
|
1254722772.248789 smtp_reply
|
|
1254722774.763825 smtp_request
|
|
1254722775.105467 smtp_reply
|
|
1254722776.690444 new_connection
|
|
1437831776.764391 ChecksumOffloading::check
|
|
1437831776.764391 connection_state_remove
|
|
1437831776.764391 successful_connection_remove
|
|
1437831776.764391 connection_state_remove
|
|
1437831776.764391 successful_connection_remove
|
|
1437831776.764391 connection_state_remove
|
|
1437831776.764391 successful_connection_remove
|
|
1437831776.764391 connection_state_remove
|
|
1437831776.764391 successful_connection_remove
|
|
1437831776.764391 filter_change_tracking
|
|
1437831776.764391 new_connection
|
|
1437831787.856895 new_connection
|
|
1437831787.861602 connection_established
|
|
1437831787.867142 smtp_reply
|
|
1437831787.883306 protocol_confirmation
|
|
1437831787.883306 smtp_request
|
|
1437831787.886281 smtp_reply
|
|
1437831787.886281 smtp_reply
|
|
1437831787.886281 smtp_reply
|
|
1437831787.886281 smtp_reply
|
|
1437831787.887031 smtp_request
|
|
1437831787.889785 smtp_reply
|
|
1437831787.890232 smtp_request
|
|
1437831787.892986 smtp_reply
|
|
1437831787.893587 smtp_request
|
|
1437831787.897624 smtp_reply
|
|
1437831787.898413 smtp_request
|
|
1437831787.901069 smtp_reply
|
|
1437831787.901697 smtp_request
|
|
1437831787.901697 mime_begin_entity
|
|
1437831787.904758 smtp_reply
|
|
1437831787.905375 mime_one_header
|
|
1437831787.905375 mime_one_header
|
|
1437831787.905375 mime_one_header
|
|
1437831787.905375 mime_one_header
|
|
1437831787.905375 mime_one_header
|
|
1437831787.905375 mime_one_header
|
|
1437831787.905375 mime_one_header
|
|
1437831787.905375 mime_one_header
|
|
1437831787.905375 mime_one_header
|
|
1437831787.905375 mime_one_header
|
|
1437831787.905375 mime_one_header
|
|
1437831787.905375 mime_one_header
|
|
1437831787.905375 get_file_handle
|
|
1437831787.905375 file_new
|
|
1437831787.905375 file_over_new_connection
|
|
1437831787.905375 mime_end_entity
|
|
1437831787.905375 get_file_handle
|
|
1437831787.905375 file_sniff
|
|
1437831787.905375 file_state_remove
|
|
1437831787.905375 get_file_handle
|
|
1437831787.905375 get_file_handle
|
|
1437831787.905375 get_file_handle
|
|
1437831787.905375 smtp_request
|
|
1437831787.914113 smtp_reply
|
|
1437831798.533593 new_connection
|
|
1437831799.262632 new_connection
|
|
1437831799.461152 new_connection
|
|
1437831799.610433 connection_established
|
|
1437831799.611764 ssl_extension_server_name
|
|
1437831799.611764 ssl_extension
|
|
1437831799.611764 ssl_extension
|
|
1437831799.611764 ssl_extension
|
|
1437831799.611764 ssl_extension
|
|
1437831799.611764 ssl_extension
|
|
1437831799.611764 protocol_confirmation
|
|
1437831799.611764 ssl_client_hello
|
|
1437831799.611764 ssl_handshake_message
|
|
1437831799.611764 ssl_plaintext_data
|
|
1437831799.764576 ssl_extension
|
|
1437831799.764576 ssl_server_hello
|
|
1437831799.764576 ssl_handshake_message
|
|
1437831799.764576 file_new
|
|
1437831799.764576 file_over_new_connection
|
|
1437831799.764576 file_sniff
|
|
1437831799.764576 file_hash
|
|
1437831799.764576 x509_certificate
|
|
1437831799.764576 x509_extension
|
|
1437831799.764576 x509_extension
|
|
1437831799.764576 x509_extension
|
|
1437831799.764576 x509_ext_basic_constraints
|
|
1437831799.764576 x509_extension
|
|
1437831799.764576 x509_extension
|
|
1437831799.764576 x509_extension
|
|
1437831799.764576 x509_extension
|
|
1437831799.764576 x509_extension
|
|
1437831799.764576 x509_extension
|
|
1437831799.764576 x509_ext_subject_alternative_name
|
|
1437831799.764576 file_hash
|
|
1437831799.764576 file_state_remove
|
|
1437831799.764576 file_new
|
|
1437831799.764576 file_over_new_connection
|
|
1437831799.764576 file_sniff
|
|
1437831799.764576 file_hash
|
|
1437831799.764576 x509_certificate
|
|
1437831799.764576 x509_extension
|
|
1437831799.764576 x509_extension
|
|
1437831799.764576 x509_extension
|
|
1437831799.764576 x509_ext_basic_constraints
|
|
1437831799.764576 x509_extension
|
|
1437831799.764576 x509_extension
|
|
1437831799.764576 x509_extension
|
|
1437831799.764576 x509_extension
|
|
1437831799.764576 file_hash
|
|
1437831799.764576 file_state_remove
|
|
1437831799.764576 ssl_handshake_message
|
|
1437831799.764576 ssl_handshake_message
|
|
1437831799.764576 ssl_plaintext_data
|
|
1437831799.838196 ssl_handshake_message
|
|
1437831799.838196 ssl_plaintext_data
|
|
1437831799.838197 ssl_change_cipher_spec
|
|
1437831799.838197 ssl_plaintext_data
|
|
1437831800.045701 ssl_change_cipher_spec
|
|
1437831800.045701 ssl_plaintext_data
|
|
1437831800.045701 ssl_established
|
|
1437831800.217854 net_done
|
|
1437831800.217854 filter_change_tracking
|
|
1437831800.217854 connection_state_remove
|
|
1437831800.217854 successful_connection_remove
|
|
1437831800.217854 connection_state_remove
|
|
1437831800.217854 successful_connection_remove
|
|
1437831800.217854 connection_state_remove
|
|
1437831800.217854 successful_connection_remove
|
|
1437831800.217854 connection_state_remove
|
|
1437831800.217854 successful_connection_remove
|
|
1437831800.217854 connection_state_remove
|
|
1437831800.217854 successful_connection_remove
|
|
1437831800.217854 zeek_done
|
|
1437831800.217854 ChecksumOffloading::check
|