mirror of
https://github.com/zeek/zeek.git
synced 2025-10-06 00:28:21 +00:00
cee3991822
- Fixing more vestiges from moving site.bro and removing functions.bro - Updates comments on analysis-groups.bro - Added the trim-trace-file script from broctl.
33 lines
No EOL
951 B
Text
33 lines
No EOL
951 B
Text
##! This script gives the capability to selectively enable and disable event
|
|
##! groups at runtime. No events will be raised for all members of a disabled
|
|
##! event group.
|
|
|
|
@load frameworks/control
|
|
|
|
module AnalysisGroups;
|
|
|
|
export {
|
|
## By default, all event groups are enabled.
|
|
## We disable all groups in this table.
|
|
const disabled: set[string] &redef;
|
|
}
|
|
|
|
# Set to remember all groups which were disabled by the last update.
|
|
global currently_disabled: set[string];
|
|
|
|
# This is the event that the control framework uses when it needs to indicate
|
|
# that an update control action happened.
|
|
event Control::configuration_update()
|
|
{
|
|
# Reenable those which are not to be disabled anymore.
|
|
for ( g in currently_disabled )
|
|
if ( g !in disabled )
|
|
enable_event_group(g);
|
|
|
|
# Disable those which are not already.
|
|
for ( g in disable_event_group )
|
|
if ( g !in currently_disabled )
|
|
disable_event_group(g);
|
|
|
|
currently_disabled = copy(disabled);
|
|
} |