anti/DECNET
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
47f2ca8d5feacfb0266e6128419d14ece3a56dd5
DECNET/decnet/collector
History
anti 8bdc5b98c9 feat(collector): parse real PROCID and extract IPs from logger kv pairs 
- Relaxed RFC 5424 regex to accept either NILVALUE or a numeric PROCID;
  sshd / sudo go through rsyslog with their real PID, while
  syslog_bridge emitters keep using '-'.
- Added a fallback pass that scans the MSG body for IP-shaped
  key=value tokens. This rescues attacker attribution for plain logger
  callers like the SSH PROMPT_COMMAND shim, which emits
  'CMD … src=IP …' without SD-element params.
2026-04-18 05:37:08 -04:00
..
__init__.py
refactor: separate engine, collector, mutator, and fleet into independent subpackages
2026-04-12 00:26:22 -04:00
worker.py
feat(collector): parse real PROCID and extract IPs from logger kv pairs
2026-04-18 05:37:08 -04:00