mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
30 lines
684 B
Text
30 lines
684 B
Text
##! This script add VLAN information to the connection logs
|
|
|
|
@load base/protocols/conn
|
|
|
|
module Conn;
|
|
|
|
redef record Info += {
|
|
## The Outer VLAN for this connection, if applicable
|
|
vlan: int &log &optional;
|
|
|
|
## The Inner VLAN for this connection, if applicable
|
|
inner_vlan: int &log &optional;
|
|
};
|
|
|
|
# Add the VLAN information to the Conn::Info structure after the connection has
|
|
# been removed. This ensures it's only done once, and is done before
|
|
# the connection information is written to the log.
|
|
event connection_state_remove(c: connection) &priority=5
|
|
{
|
|
if (c?$vlan)
|
|
{
|
|
c$conn$vlan = c$vlan;
|
|
}
|
|
|
|
if (c?$inner_vlan)
|
|
{
|
|
c$conn$inner_vlan = c$inner_vlan;
|
|
}
|
|
}
|
|
|