base/protocols/ldap/main.zeek

LDAP

Namespace: LDAP
Imports: base/frameworks/reporter, base/protocols/conn/removal-hooks.zeek, base/protocols/ldap/consts.zeek

Summary

Runtime Options

`LDAP::default_capture_password`: `bool` `&redef`	Whether clear text passwords are captured or not.
`LDAP::default_log_search_attributes`: `bool` `&redef`	Whether to log LDAP search attributes or not.

Redefinable Options

`LDAP::ports_tcp`: `set` `&redef`	TCP ports which should be considered for analysis.
`LDAP::ports_udp`: `set` `&redef`	UDP ports which should be considered for analysis.

Types

`LDAP::MessageInfo`: `record`
`LDAP::SearchInfo`: `record`
`LDAP::State`: `record`

Redefinitions

`Log::ID`: `enum`	`LDAP::LDAP_LOG` `LDAP::LDAP_SEARCH_LOG`
`connection`: `record`	New Fields `connection` ldap: `LDAP::State` `&optional`
`likely_server_ports`: `set` `&redef`

Events

`LDAP::log_ldap`: `event`
`LDAP::log_ldap_search`: `event`

Hooks

`LDAP::finalize_ldap`: `Conn::RemovalHook`	LDAP finalization hook.
`LDAP::log_policy`: `Log::PolicyHook`	Default logging policy hook for LDAP_LOG.
`LDAP::log_policy_search`: `Log::PolicyHook`	Default logging policy hook for LDAP_SEARCH_LOG.

Detailed Interface

Runtime Options

LDAP::default_capture_password 

Type: bool
Attributes: &redef
Default: F

Whether clear text passwords are captured or not.

LDAP::default_log_search_attributes 

Type: bool
Attributes: &redef
Default: F

Whether to log LDAP search attributes or not.

Redefinable Options

LDAP::ports_tcp 

Type

Attributes

Default

{
   3268/tcp,
   389/tcp
}

TCP ports which should be considered for analysis.

LDAP::ports_udp 

Type

Attributes

Default

{
   389/udp
}

UDP ports which should be considered for analysis.

Types

LDAP::MessageInfo 

Type

ts: time &log

uid: string &log

id: conn_id &log

message_id: int &log &optional

version: int &log &optional

opcode: string &log &optional

result: string &log &optional

diagnostic_message: string &log &optional

object: string &log &optional

argument: string &log &optional

LDAP::SearchInfo 

Type

ts: time &log

uid: string &log

id: conn_id &log

message_id: int &log &optional

scope: string &log &optional

deref_aliases: string &log &optional

base_object: string &log &optional

result_count: count &log &optional

result: string &log &optional

diagnostic_message: string &log &optional

filter: string &log &optional

attributes: vector of string &log &optional

LDAP::State 

Type

messages: table [int] of LDAP::MessageInfo &optional

searches: table [int] of LDAP::SearchInfo &optional

Events

LDAP::log_ldap 

Type: event (rec: LDAP::MessageInfo)

LDAP::log_ldap_search 

Type: event (rec: LDAP::SearchInfo)

Hooks

LDAP::finalize_ldap 

Type: Conn::RemovalHook

LDAP finalization hook.

LDAP::log_policy 

Type: Log::PolicyHook

Default logging policy hook for LDAP_LOG.

LDAP::log_policy_search 

Type: Log::PolicyHook

Default logging policy hook for LDAP_SEARCH_LOG.

Read the Docs v: master (git/master)

Versions: master; v6.2.0; v6.1.1; v6.1.0; v6.0.3; v6.0.2; v6.0.1; v6.0.0; v5.2.2; v5.2.0; v5.1.3; v5.1.2; v5.1.1; v5.1.0; v5.0.10; v5.0.9; v5.0.8; v5.0.7; v5.0.6; v5.0.5; v5.0.4; v5.0.3; v5.0.2; v5.0.1; v5.0.0; v4.2.2; v4.1.1; v4.0.9; v3.2.3; v3.1.4; v3.0.14; topic-christian-test-fix-github-edit-link; lts; current

Downloads: html

On Read the Docs: Project Home; Builds