mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
fb848f795d
* 'master' of https://github.com/aaronmbr/bro: Copy-paste issue Allow for logging of the VLAN data about a connection in conn.log Save the inner vlan in the Packet object for Q-in-Q setups
26 lines
674 B
Text
26 lines
674 B
Text
##! This script add VLAN information to the connection logs
|
|
|
|
@load base/protocols/conn
|
|
|
|
module Conn;
|
|
|
|
redef record Info += {
|
|
## The outer VLAN for this connection, if applicable.
|
|
vlan: int &log &optional;
|
|
|
|
## The inner VLAN for this connection, if applicable.
|
|
inner_vlan: int &log &optional;
|
|
};
|
|
|
|
# Add the VLAN information to the Conn::Info structure after the connection
|
|
# has been removed. This ensures it's only done once, and is done before the
|
|
# connection information is written to the log.
|
|
event connection_state_remove(c: connection) &priority=5
|
|
{
|
|
if ( c?$vlan )
|
|
c$conn$vlan = c$vlan;
|
|
|
|
if ( c?$inner_vlan )
|
|
c$conn$inner_vlan = c$inner_vlan;
|
|
}
|
|
|