Skip to content

Commit

Permalink
Merge pull request #6 from awelzel/add-log-policy-hooks
Browse files Browse the repository at this point in the history 
Add PolicyHooks to log streams
  • Loading branch information
@NothinRandom
NothinRandom committed Mar 20, 2024
2 parents 348f4af + 54ec600 commit 8c90cb3
Showing 1 changed file with 6 additions and 2 deletions.
8 changes: 6 additions & 2 deletions scripts/S7comm/main.zeek
View file
Expand Up @@ -21,6 +21,7 @@ export {
pdu_type: string &optional &log; ## COTP message type.
};
global log_iso_cotp: event(rec: ISO_COTP);
global log_policy_iso_cotp: Log::PolicyHook;

type S7comm: record {
ts : time &optional &log; ## Time when the command was sent.
Expand All @@ -33,6 +34,7 @@ export {
data_info : string_vec &optional &log; ## contains data of 1st entry
};
global log_s7comm: event(rec: S7comm);
global log_policy: Log::PolicyHook;
}

redef record connection += {
Expand All @@ -51,11 +53,13 @@ event zeek_init() &priority=5 {
Log::create_stream(S7comm::LOG_ISO_COTP,
[$columns=ISO_COTP,
$ev=log_iso_cotp,
$path="iso_cotp"]);
$path="iso_cotp",
$policy=log_policy_iso_cotp]);
Log::create_stream(S7comm::LOG_S7COMM,
[$columns=S7comm,
$ev=log_s7comm,
$path="s7comm"]);
$path="s7comm",
$policy=log_policy]);
Analyzer::register_for_ports(Analyzer::ANALYZER_S7COMM, ports);
}

Expand Down

0 comments on commit 8c90cb3

Please sign in to comment.