policy/protocols/conn/failed-service-logging.zeek

Conn

This script adds the new column failed_service to the connection log. The column contains the list of protocols in a connection that raised protocol violations causing the analyzer to be removed. Protocols are listed in order that they were removed.

Namespace:: Conn
Imports:: base/frameworks/analyzer/dpd.zeek, base/protocols/conn

Summary

Redefinitions

Conn::Info: record

New Fields:

failed_service: set [string] &log &optional &ordered: List of analyzers in a connection that raised violations causing their removal.

Detailed Interface