fix conflixt in zeek/init.sls

2026-04-26 06:27:50 +02:00 · 2022-09-20 11:12:44 -04:00
parent d1ee3a7d04 4c2ac9dd93
commit 29285b8fb1
51 changed files with 539 additions and 387 deletions
@@ -0,0 +1,19 @@
+module Filterconn;
+
+export {
+     global ignore_services: set[string] = {"dns", "krb", "krb_tcp"};
+  }
+
+hook Conn::log_policy(rec: Conn::Info, id: Log::ID, filter: Log::Filter)
+    {
+    # Record only connections not in the ignored services
+    if ( ! rec?$service || rec$service in ignore_services )
+        break;
+    }
+
+event zeek_init()
+{
+    Log::remove_default_filter(Conn::LOG);
+    local filter: Log::Filter = [$name="conn-filter"];
+    Log::add_filter(Conn::LOG, filter);
+}