mirror of
https://github.com/zeek/zeek.git
synced 2025-10-15 13:08:20 +00:00
e76b56ce53
Highlights: - Reduced all DHCP events into a single dhcp_message event. (removed legacy events since they weren't widely used anyway) - Support many more DHCP options. - DHCP log is completely reworked and now represents DHCP sessions based on the transaction ID (and works on clusters). - Removed the known-devices-and-hostnames script since it's generally less relevant now with the updated log.
21 lines
638 B
Text
21 lines
638 B
Text
##! Add a field that logs the order of hosts sending messages
|
|
##! using the same DHCP transaction ID. This information is
|
|
##! occasionally needed on some networks to fully explain the
|
|
##! DHCP sequence.
|
|
|
|
@load base/protocols/dhcp
|
|
|
|
module DHCP;
|
|
|
|
export {
|
|
redef record DHCP::Info += {
|
|
## The address that originated each message from the
|
|
## `msg_types` field.
|
|
msg_orig: vector of addr &log &default=addr_vec();
|
|
};
|
|
}
|
|
|
|
event DHCP::aggregate_msgs(ts: time, id: conn_id, uid: string, is_orig: bool, msg: DHCP::Msg, options: DHCP::Options) &priority=3
|
|
{
|
|
log_info$msg_orig[|log_info$msg_orig|] = is_orig ? id$orig_h : id$resp_h;
|
|
}
|