policy/protocols/conn/ip-proto-name-logging.zeek

Conn

This script adds a string version of the ip_proto field. It’s not recommended to load this policy and the ip_proto removal policy at the same time, as conn.log will end up with useless information in the log from this field.

Namespace

Conn

Imports

base/protocols/conn

Summary

Redefinitions

Conn::Info: record

New Fields

Conn::Info

ip_proto_name: string &log &optional

A string version of the ip_proto field

Detailed Interface