Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
zeek/scripts/base/frameworks/notice
History
Jon Siwek 51e738a1c0 GH-998: Fix Reporter::conn_weird() to handle expired connections 
This introduces a new sampling state-map for expired connections to fix
segfaults that previously occured when passing in a `connection` record
to `Reporter::conn_weird()` for which the internal `Connection` object
had already been expired and deleted.  This also introduces a new event
called `expired_conn_weird`, which is similar to `conn_weird`, except
the full `connection` record is no longer available, just the `conn_id`
and UID string.
2020-06-15 12:57:47 -07:00
..
actions Change notices to be processed on worker. 2019-06-25 13:51:27 -07:00
__load__.zeek GH-379: move catch-and-release and unified2 scripts to policy/ 2019-06-05 13:33:45 -07:00
main.zeek Update notice user agent. 2020-01-29 12:08:10 +00:00
README More bro-to-zeek renaming in scripts and other files 2019-05-16 02:36:41 -05:00
weird.zeek GH-998: Fix Reporter::conn_weird() to handle expired connections 2020-06-15 12:57:47 -07:00

README 

The notice framework enables Zeek to "notice" things which are odd or
potentially bad, leaving it to the local configuration to define which
of them are actionable.  This decoupling of detection and reporting allows
Zeek to be customized to the different needs that sites have.