This script enables logging of packet segment data when a protocol parsing violation is encountered. The amount of data from the packet logged is set by the DPD::packet_segment_size variable. A caveat to logging packet data is that in some cases, the packet may not be the packet that actually caused the protocol violation.
Namespace: | DPD |
---|---|
Imports: | base/frameworks/dpd |
Source File: | /scripts/policy/frameworks/dpd/packet-segment-logging.bro |
DPD::packet_segment_size: int &redef | Size of the packet segment to display in the DPD log. |