mirror of
https://github.com/zeek/zeek.git
synced 2025-10-05 08:08:19 +00:00
23 lines
506 B
Text
23 lines
506 B
Text
##! This script adds MAC address information to the connection logs.
|
|
|
|
@load base/protocols/conn
|
|
|
|
module Conn;
|
|
|
|
redef record Info += {
|
|
## The Ethernet MAC source address for this connection, if applicable.
|
|
eth_src: string &log &optional;
|
|
|
|
## The Ethernet MAC destination address for this connection, if applicable.
|
|
eth_dst: string &log &optional;
|
|
};
|
|
|
|
event connection_state_remove(c: connection)
|
|
{
|
|
if ( c?$eth_src )
|
|
c$conn$eth_src = c$eth_src;
|
|
|
|
if ( c?$eth_dst )
|
|
c$conn$eth_dst = c$eth_dst;
|
|
}
|
|
|