mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
22bf3e1196
- The bit-length is adjustable via redef'ing bits_per_uid. - Prefix 'C' is used for connection UIDS (including IP tunnels) and 'F' for files.
33 lines
498 B
Awk
Executable file
33 lines
498 B
Awk
Executable file
#! /usr/bin/awk -f
|
|
#
|
|
# A diff canonifier that removes all file IDs from files.log
|
|
|
|
BEGIN {
|
|
FS="\t";
|
|
OFS="\t";
|
|
process = 0;
|
|
}
|
|
|
|
$1 == "#path" && $2 == "files" {
|
|
process = 1;
|
|
}
|
|
|
|
process && column1 > 0 && column2 > 0 {
|
|
$column1 = "XXXXXXXXXXX";
|
|
$column2 = "XXXXXXXXXXX";
|
|
}
|
|
|
|
/^#/ {
|
|
for ( i = 0; i < NF; ++i ) {
|
|
if ( $i == "fuid" )
|
|
column1 = i - 1;
|
|
|
|
if ( $i == "parent_fuid" )
|
|
column2 = i - 1;
|
|
}
|
|
}
|
|
|
|
{ print }
|
|
|
|
|
|
|