zeek/scripts/base/frameworks/notice at cfd726afbd52a3d1e6b71845afdc757dc94a73ca - Mirror/zeek

mirror of https://github.com/zeek/zeek.git synced 2025-10-03 15:18:20 +00:00

History

Arne Welzel f56785740c ftp: Limit user, password, arg and reply_msg column sizes in log The user and password fields are replicated to each of the ftp.log entries. Using a very large username (100s of KBs) allows to bloat the log without actually sending much traffic. Further, limit the arg and reply_msg columns to large, but not unbounded values.		2023-02-21 12:28:07 -07:00
..
actions	Spelling fixes: scripts	2022-11-02 17:36:39 -04:00
__load__.zeek	GH-379: move catch-and-release and unified2 scripts to policy/	2019-06-05 13:33:45 -07:00
main.zeek	frameworks/notice: Handle fa_file with no or more than a single connection better	2022-12-06 11:17:30 +01:00
README	More bro-to-zeek renaming in scripts and other files	2019-05-16 02:36:41 -05:00
weird.zeek	ftp: Limit user, password, arg and reply_msg column sizes in log	2023-02-21 12:28:07 -07:00

README

The notice framework enables Zeek to "notice" things which are odd or
potentially bad, leaving it to the local configuration to define which
of them are actionable.  This decoupling of detection and reporting allows
Zeek to be customized to the different needs that sites have.