mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
d2314d2666
This is a script-only change that unrolls File::Info records into multiple files.log entries if the same file was seen over different connections by single worker. Consequently, the File::Info record gets the commonly used uid and id fields added. These fields are optional for File::Info - a file may be analyzed without relation to a network connection (e.g by using Input::add_analysis()). The existing tx_hosts, rx_hosts and conn_uids fields of Files::Info are not meaningful after this change and removed by default. Therefore, files.log will have them removed, too. The tx_hosts, rx_hosts and conn_uids fields can be revived by using the policy script frameworks/files/deprecated-txhosts-rxhosts-connuids.zeek included in the distribution. However, with v6.1 this script will be removed. |
||
|---|---|---|
| .. | ||
| analyzer | ||
| broker | ||
| cluster | ||
| config | ||
| control | ||
| dpd | ||
| files | ||
| input | ||
| intel | ||
| logging | ||
| netcontrol | ||
| notice | ||
| openflow | ||
| packet-filter | ||
| reporter | ||
| signatures | ||
| software | ||
| sumstats | ||
| supervisor | ||
| telemetry | ||
| tunnels | ||