I'm finding it would be handy to be able to glance at a connection log line
and know that the analysis for the connection experienced a content gap.
For example, this can immediately explain why DPD failed to identify a
known server.
Proposal: add 'g'/'G' connection history values, scaled in the same
exponential way as for 'c', 't' and 'w'.
Any thoughts/objections before I go ahead and implement this?
Vern
_______________________________________________
zeek-dev mailing list
zeek-dev@zeek.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/zeek-dev
