zeek/testing/btest/scripts/policy/protocols/conn/known-services-multi.zeek at dddba3432f40ce1ba3558e6ec132d19e88b1f25c - Mirror/zeek - git.uphillsecurity.com: We code.

Mirror/zeek

mirror of https://github.com/zeek/zeek.git synced 2025-10-05 08:08:19 +00:00

Jon Siwek bf9b983f00 Merge branch 'known_services_multiprotocols' of https://github.com/mauropalumbo75/zeek

* 'known_services_multiprotocols' of https://github.com/mauropalumbo75/zeek:
  improve logging with broker store
  drop services starting with -
  remove service from key for Cluster::publish_hrw
  remove check for empty services
  update tests
  order list of services in store key
  remove repeated services in logs if already seen
  add multiprotocol known_services when Known::use_service_store = T
  remove hyphen in front of some services (for example -HTTP, -SSL)   In some cases, there is an hyphen before the protocol name in the field   connection$service. This can cause problems in known_services and   is removed here. It originates probably in some analyzer where it   would be better removed in the future.
  add multiprotocol known_services when Known::use_service_store = F

Changes during merge:
  * whitespace
  * add unit test

2019-08-09 10:47:34 -07:00

7 lines

284 B

Text

Raw Blame History

 # A test case for when more than a single service is detected for a given
 # (addr, port) pair.
 # @TEST-EXEC: zeek -C -r $TRACES/ssl-and-ssh-using-sslh.trace %INPUT "Known::service_tracking = ALL_HOSTS"
 # @TEST-EXEC: btest-diff known_services.log
 @load protocols/conn/known-services