Skip to content

Commit

Permalink
Added log policy hooks.
Browse files Browse the repository at this point in the history
  • Loading branch information
@keithjjones
keithjjones committed May 3, 2022
1 parent 70a4449 commit 6561c6c
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 1 deletion.
1 change: 1 addition & 0 deletions CHANGES
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,3 @@
v0.1.2: Added log policy hooks.
v0.1.1: Improved signature based on live traffic analysis.
v0.1.0: Initial version.
4 changes: 3 additions & 1 deletion analyzer/main.zeek
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,8 @@ module Wireguard;
export {
redef enum Log::ID += { LOG };

global log_policy: Log::PolicyHook;

## The record type which contains the fields of the Wireguard log.
## Wireguard purposefully contains only very limited information. As such, the only
## things that we record in the log are wireguard handshakes - since the frequency of handshakes
Expand Down Expand Up @@ -67,7 +69,7 @@ function set_session(c: connection)

event zeek_init() &priority=5
{
Log::create_stream(Wireguard::LOG, [$columns=Info, $ev=log_wireguard, $path="wireguard"]);
Log::create_stream(Wireguard::LOG, [$columns=Info, $ev=log_wireguard, $path="wireguard", $policy=log_policy]);
}

event Wireguard::handshake_initiation(c: connection, is_orig: bool, sender_index: count, unencrypted_ephemeral: string, encrypted_static: string, encrypted_timestamp: string, mac1: string, mac2: string)
Expand Down

0 comments on commit 6561c6c

Please sign in to comment.