mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
dde1e2e77e
By default, each certificate is now output only once per hour. This also should work in cluster mode, where we use the net broker-table-syncing feature to distribute the information about already seen certificates across the entire cluster. Log caching is also pretty configureable and can be changed using a range of confiuration options and hooks. Note that this is currently completely separate from X509 events caching, which prevents duplicate parsing of X509 certificates.
6 lines
194 B
Text
6 lines
194 B
Text
# @TEST-EXEC: zeek -b -r $TRACES/tls/google-duplicate.trace %INPUT
|
|
# @TEST-EXEC: btest-diff x509.log
|
|
|
|
@load protocols/ssl/log-hostcerts-only
|
|
|
|
redef X509::relog_known_certificates_after = 0secs;
|