c_meyer/KasperskyLab-TinyCheck
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

zeek 5.1.1-0 has a new logfile format, fixes #123

Browse Source 
The columns tx_host and rx_host have been renamed. This commit reflects the
name change and repairs the analysis process.
This commit is contained in:
Jan Girlich 2022-12-18 15:37:48 +01:00
parent 52a705e0c7
commit fae904ec48
No known key found for this signature in database
GPG Key ID: D3730FB324783220
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
analysis/classes/zeekengine.py
View File

@ -269,8 +269,8 @@ class ZeekEngine(object):
for record in ParseZeekLogs(os.path.join(dir, "files.log"), output_format="json", safe_headers=False):
if record is not None:
f = {"filename": record["filename"],
"ip_src": record["tx_hosts"],
"ip_dst": record["rx_hosts"],
"ip_src": record["id.orig_h"],
"ip_dst": record["id.orig_p"],
"mime_type": record["mime_type"],
"sha1": record["sha1"]}
if f not in self.files: