mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
f1267b0b94
In the process, some of the script documentation of the NetControl framework was also updated.
32 lines
1.7 KiB
Text
32 lines
1.7 KiB
Text
.. rst-class:: btest-cmd
|
|
|
|
.. code-block:: none
|
|
:linenos:
|
|
:emphasize-lines: 1,1
|
|
|
|
# bro -C -r ssh/sshguess.pcap netcontrol-2-ssh-guesser.bro
|
|
netcontrol debug (Debug-All): init
|
|
netcontrol debug (Debug-All): add_rule: [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=192.168.56.1/32, mac=<uninitialized>], expire=1.0 hr, priority=0, location=, out_port=<uninitialized>, mod=<uninitialized>, id=2, cid=2, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _no_expire_plugins={\x0a\x0a}, _added=F]
|
|
|
|
.. rst-class:: btest-cmd
|
|
|
|
.. code-block:: none
|
|
:linenos:
|
|
:emphasize-lines: 1,1
|
|
|
|
# cat netcontrol.log
|
|
#separator \x09
|
|
#set_separator ,
|
|
#empty_field (empty)
|
|
#unset_field -
|
|
#path netcontrol
|
|
#open 2016-06-22-22-58-36
|
|
#fields ts rule_id category cmd state action target entity_type entity mod msg priority expire location plugin
|
|
#types time string enum string enum string enum string string string string int interval string string
|
|
0.000000 - NetControl::MESSAGE - - - - - - - activating plugin with priority 0 - - - Debug-All
|
|
0.000000 - NetControl::MESSAGE - - - - - - - activation finished - - - Debug-All
|
|
0.000000 - NetControl::MESSAGE - - - - - - - plugin initialization done - - - -
|
|
1427726711.398575 2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.56.1/32 - - 0 3600.000000 - Debug-All
|
|
1427726711.398575 2 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.56.1/32 - - 0 3600.000000 - Debug-All
|
|
#close 2016-06-22-22-58-36
|
|
|