trace-summary icon indicating copy to clipboard operation
trace-summary copied to clipboard

Published 20 hours ago verified publisher icon zeek

Fixed parsing of `unknown_transport` lines in the conn.log

Open initconf opened this issue 1 month ago • 1 comments

Now the following error goes away:

Ignoring corrupt line: 1761814048.127874        CmMFVmcRZAnzkCv0a       137.164.23.36   0       224.0.0.1       0       unknown_transport       -       -       -
-       OTH     F       T       0       -       1       36      0       0       -       2       worker-11

and instead you see additional section as follows:

>== Unknown Transport Connections Summary by Source/Destination IPs

Source IP                                | Destination IP                           | Count
----------------------------------------------------------------------------------------------------
131.243.244.219                          | 224.0.0.1                                |  11.0
128.3.40.3                               | 224.0.0.1                                |  10.0
128.3.3.2                                | 224.0.0.1                                |  10.0

initconf avatar Nov 01 '25 00:11 initconf

Hey @initconf - thanks! It seems your changes were done to an older trace-summary revision than we have in the repo. There were some updates done for linting and formatting, sorry. Could you see if you could forward port your updates to the latest revision? Seems totally reasonable to have a summary for the unknown transports.

awelzel avatar Nov 04 '25 08:11 awelzel

Superseded by https://github.com/zeek/trace-summary/pull/15

timwoj avatar Nov 07 '25 19:11 timwoj