12 lines
339 B
Plaintext
12 lines
339 B
Plaintext
##! This script filters the ip_proto field out of the conn.log and disables
|
|
##! logging of connections with unknown IP protocols.
|
|
|
|
@load base/protocols/conn
|
|
@load base/frameworks/analyzer/main
|
|
|
|
redef record Conn::Info$ip_proto -= { &log };
|
|
|
|
event zeek_init() {
|
|
Analyzer::disable_analyzer(PacketAnalyzer::ANALYZER_UNKNOWN_IP_TRANSPORT);
|
|
}
|