mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
de9f03b0bf
in an easily readable form.
This is for debugging purposes, obviously.
Example, including only SMTP events:
> bro -r smtp.trace misc/dump-events.bro DumpEvents::include=/smtp/
[...]
1254722768.219663 smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, [...]
[1] is_orig: bool = F
[2] code: count = 220
[3] cmd: string = >
[4] msg: string = xc90.websitewelcome.com ESMTP Exim 4.69 #1 Mon, 05 Oct 2009 01:05:54 -0500
[5] cont_resp: bool = T
1254722768.219663 smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, [...]
[1] is_orig: bool = F
[2] code: count = 220
[3] cmd: string = >
[4] msg: string = We do not authorize the use of this system to transport unsolicited,
[5] cont_resp: bool = T
[...]
35 lines
687 B
Text
35 lines
687 B
Text
|
|
module DumpEvents;
|
|
|
|
export {
|
|
# If true, include event argument in output.
|
|
const include_args = T &redef;
|
|
|
|
# Only include events matching the given pattern into output.
|
|
const include = /.*/ &redef;
|
|
}
|
|
|
|
event new_event(name: string, args: call_argument_vector)
|
|
{
|
|
if ( include !in name )
|
|
return;
|
|
|
|
if ( ! include_args || |args| == 0 )
|
|
return;
|
|
|
|
print fmt("%.6f %s", network_time(), name);
|
|
|
|
for ( i in args )
|
|
{
|
|
local a = args[i];
|
|
|
|
local proto = fmt("%s: %s", a$name, a$type_name);
|
|
|
|
if ( a?$value )
|
|
print fmt(" [%d] %-15s = %s", i, proto, a$value);
|
|
else
|
|
print fmt(" | %-15s = %s [default]", proto, a$value);
|
|
}
|
|
|
|
print "";
|
|
}
|