mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
1bd658da8f
This adds a "policy" hook into the logging framework's streams and
filters to replace the existing log filter predicates. The hook
signature is as follows:
hook(rec: any, id: Log::ID, filter: Log::Filter);
The logging manager invokes hooks on each log record. Hooks can veto
log records via a break, and modify them if necessary. Log filters
inherit the stream-level hook, but can override or remove the hook as
needed.
The distribution's existing log streams now come with pre-defined
hooks that users can add handlers to. Their name is standardized as
"log_policy" by convention, with additional suffixes when a module
provides multiple streams. The following adds a handler to the Conn
module's default log policy hook:
hook Conn::log_policy(rec: Conn::Info, id: Log::ID, filter: Log::Filter)
{
if ( some_veto_reason(rec) )
break;
}
By default, this handler will get invoked for any log filter
associated with the Conn::LOG stream.
The existing predicates are deprecated for removal in 4.1 but continue
to work.
|
||
|---|---|---|
| .. | ||
| __load__.zeek | ||
| consts.zeek | ||
| ct-list.zeek | ||
| dpd.sig | ||
| files.zeek | ||
| main.zeek | ||
| mozilla-ca-list.zeek | ||
| README | ||
Support for Secure Sockets Layer (SSL)/Transport Layer Security(TLS) protocol analysis.