zeek/scripts/base/frameworks/analyzer at e6ed61c47af32ae44f85b20135c981ea67f667fc - Mirror/zeek

mirror of https://github.com/zeek/zeek.git synced 2025-10-04 07:38:19 +00:00

History

Johanna Amann e6ed61c47a DPD: log analyzers that have confirmed This switches the DPD logic to always log analyzers that raised a protocol confirmation. The logic is that, once a protocol has been confirmed - and thus there probably is log output - it does not make sense to later remove it from the log. It does make sense to somehow flag it as failed - but that seems like a secondary step.		2025-01-30 16:59:44 +00:00
..
__load__.zeek	analyzer: Add analyzer.log for logging violations/confirmations	2023-01-09 18:11:49 +01:00
dpd.zeek	DPD: log analyzers that have confirmed	2025-01-30 16:59:44 +00:00
logging.zeek	Add logging of disabled analyzers to analyzer.log	2024-07-09 18:22:43 +02:00
main.zeek	Document `get_tag` to ensure that `name` exists	2024-12-18 16:13:13 -05:00
README	More bro-to-zeek renaming in scripts and other files	2019-05-16 02:36:41 -05:00

README

The analyzer framework allows to dynamically enable or disable Zeek's
protocol analyzers, as well as to manage the well-known ports which
automatically activate a particular analyzer for new connections.