base/frameworks/notice/actions/add-geodata.zeek
- Notice
This script adds geographic location data to notices for the “remote” host in a connection. It does make the assumption that one of the addresses in a connection is “local” and one is “remote” which is probably a safe assumption to make in most cases. If both addresses are remote, it will use the $src address.
- Namespace
Notice
- Imports
base/frameworks/notice, base/frameworks/notice/main.zeek, base/utils/site.zeek
Summary
Runtime Options
Notice types which should have the “remote” location looked up. |
Redefinitions
|
|
|
Detailed Interface
Runtime Options
- Notice::lookup_location_types
- Type
- Attributes
- Default
{}
Notice types which should have the “remote” location looked up. If GeoIP support is not built in, this does nothing.