mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
aebcb1415d
* All "Broxygen" usages have been replaced in code, documentation, filenames, etc. * Sphinx roles/directives like ":bro:see" are now ":zeek:see" * The "--broxygen" command-line option is now "--zeexygen"
34 lines
831 B
Text
34 lines
831 B
Text
##! This script is for optionally adding a body excerpt to the SMTP
|
|
##! entities log.
|
|
|
|
@load base/protocols/smtp/entities
|
|
|
|
module SMTP;
|
|
|
|
export {
|
|
redef record SMTP::Entity+= {
|
|
## The entity body excerpt.
|
|
excerpt: string &log &default="";
|
|
};
|
|
|
|
## This is the default value for how much of the entity body should be
|
|
## included for all MIME entities. The lesser of this value and
|
|
## :zeek:see:`default_file_bof_buffer_size` will be used.
|
|
option default_entity_excerpt_len = 0;
|
|
}
|
|
|
|
event file_new(f: fa_file) &priority=5
|
|
{
|
|
if ( ! f?$source ) return;
|
|
if ( f$source != "SMTP" ) return;
|
|
if ( ! f?$bof_buffer ) return;
|
|
if ( ! f?$conns ) return;
|
|
|
|
for ( cid, c in f$conns )
|
|
{
|
|
if ( ! c?$smtp ) next;
|
|
|
|
if ( default_entity_excerpt_len > 0 )
|
|
c$smtp$entity$excerpt = f$bof_buffer[0:default_entity_excerpt_len];
|
|
}
|
|
}
|