mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
fb4858d42b
A flood of DHCP traffic can result if very large log entries consisting of many uids and/or msg_types. Such large log entries can disrupt a SIEM ingestion pipeline. This change forcing a log entry to be written when the number of uids or the number of msg_Types exceed a certain value. The values are treated as options for easy configuration.
7 lines
241 B
Text
7 lines
241 B
Text
# This tests that DHCP log entries do not contain large numbers
|
|
# of uids.
|
|
|
|
# @TEST-EXEC: zeek -b -r $TRACES/dhcp/dhcp_flood.pcap -e ' redef DHCP::max_uids_per_log_entry=5' %INPUT
|
|
# @TEST-EXEC: btest-diff dhcp.log
|
|
|
|
@load base/protocols/dhcp
|