Zeek Logo
current (v6.0.0)

Table of Contents

  • About Zeek
  • Monitoring With Zeek
  • Get Started
  • Zeek Log Formats and Inspection
  • Zeek Logs
  • Introduction to Scripting
  • Frameworks
  • Popular Customizations
  • Troubleshooting
  • Script Reference
    • Operators
    • Types
    • Attributes
    • Declarations and Statements
    • Directives
    • Log Files
    • Notices
    • Packet Analyzers
    • Protocol Analyzers
    • File Analyzers
    • Zeek Package Index
    • Zeek Script Index
      • base/init-bare.zeek
      • base/bif/const.bif.zeek
      • base/bif/types.bif.zeek
      • base/bif/zeek.bif.zeek
      • base/bif/communityid.bif.zeek
      • base/bif/stats.bif.zeek
      • base/bif/reporter.bif.zeek
      • base/bif/strings.bif.zeek
      • base/bif/option.bif.zeek
      • base/frameworks/supervisor/api.zeek
      • base/bif/supervisor.bif.zeek
      • base/bif/packet_analysis.bif.zeek
      • base/bif/CPP-load.bif.zeek
      • base/bif/plugins/Zeek_SNMP.types.bif.zeek
      • base/bif/plugins/Zeek_KRB.types.bif.zeek
      • base/bif/event.bif.zeek
      • base/packet-protocols/__load__.zeek
      • base/packet-protocols/main.zeek
      • base/frameworks/analyzer/main.zeek
      • base/frameworks/packet-filter/utils.zeek
      • base/bif/analyzer.bif.zeek
      • base/bif/file_analysis.bif.zeek
      • base/packet-protocols/root/__load__.zeek
      • base/packet-protocols/root/main.zeek
      • base/packet-protocols/ip/__load__.zeek
      • base/packet-protocols/ip/main.zeek
      • base/packet-protocols/skip/__load__.zeek
      • base/packet-protocols/skip/main.zeek
      • base/packet-protocols/ethernet/__load__.zeek
      • base/packet-protocols/ethernet/main.zeek
      • base/packet-protocols/fddi/__load__.zeek
      • base/packet-protocols/fddi/main.zeek
      • base/packet-protocols/ieee802_11/__load__.zeek
      • base/packet-protocols/ieee802_11/main.zeek
      • base/packet-protocols/ieee802_11_radio/__load__.zeek
      • base/packet-protocols/ieee802_11_radio/main.zeek
      • base/packet-protocols/linux_sll/__load__.zeek
      • base/packet-protocols/linux_sll/main.zeek
      • base/packet-protocols/linux_sll2/__load__.zeek
      • base/packet-protocols/linux_sll2/main.zeek
      • base/packet-protocols/nflog/__load__.zeek
      • base/packet-protocols/nflog/main.zeek
      • base/packet-protocols/null/__load__.zeek
      • base/packet-protocols/null/main.zeek
      • base/packet-protocols/ppp_serial/__load__.zeek
      • base/packet-protocols/ppp_serial/main.zeek
      • base/packet-protocols/pppoe/__load__.zeek
      • base/packet-protocols/pppoe/main.zeek
      • base/packet-protocols/vlan/__load__.zeek
      • base/packet-protocols/vlan/main.zeek
      • base/packet-protocols/mpls/__load__.zeek
      • base/packet-protocols/mpls/main.zeek
      • base/packet-protocols/pbb/__load__.zeek
      • base/packet-protocols/pbb/main.zeek
      • base/packet-protocols/vntag/__load__.zeek
      • base/packet-protocols/vntag/main.zeek
      • base/packet-protocols/udp/__load__.zeek
      • base/packet-protocols/udp/main.zeek
      • base/packet-protocols/tcp/__load__.zeek
      • base/packet-protocols/tcp/main.zeek
      • base/packet-protocols/icmp/__load__.zeek
      • base/packet-protocols/icmp/main.zeek
      • base/packet-protocols/llc/__load__.zeek
      • base/packet-protocols/llc/main.zeek
      • base/packet-protocols/novell_802_3/__load__.zeek
      • base/packet-protocols/novell_802_3/main.zeek
      • base/packet-protocols/snap/__load__.zeek
      • base/packet-protocols/snap/main.zeek
      • base/packet-protocols/gre/__load__.zeek
      • base/packet-protocols/gre/main.zeek
      • base/packet-protocols/iptunnel/__load__.zeek
      • base/packet-protocols/iptunnel/main.zeek
      • base/packet-protocols/ayiya/__load__.zeek
      • base/packet-protocols/ayiya/main.zeek
      • base/packet-protocols/geneve/__load__.zeek
      • base/packet-protocols/geneve/main.zeek
      • base/packet-protocols/vxlan/__load__.zeek
      • base/packet-protocols/vxlan/main.zeek
      • base/packet-protocols/teredo/__load__.zeek
      • base/packet-protocols/teredo/main.zeek
      • base/bif/plugins/Zeek_Teredo.functions.bif.zeek
      • base/packet-protocols/gtpv1/__load__.zeek
      • base/packet-protocols/gtpv1/main.zeek
      • base/bif/plugins/Zeek_GTPv1.functions.bif.zeek
      • builtin-plugins/__preload__.zeek
      • base/init-frameworks-and-bifs.zeek
      • base/frameworks/logging/__load__.zeek
      • base/frameworks/logging/main.zeek
      • base/bif/logging.bif.zeek
      • base/frameworks/logging/postprocessors/__load__.zeek
      • base/frameworks/logging/postprocessors/scp.zeek
      • base/frameworks/logging/postprocessors/sftp.zeek
      • base/frameworks/logging/writers/ascii.zeek
      • base/frameworks/logging/writers/sqlite.zeek
      • base/frameworks/logging/writers/none.zeek
      • base/frameworks/broker/__load__.zeek
      • base/frameworks/broker/main.zeek
      • base/bif/comm.bif.zeek
      • base/bif/messaging.bif.zeek
      • base/frameworks/broker/store.zeek
      • base/bif/data.bif.zeek
      • base/bif/store.bif.zeek
      • base/frameworks/broker/log.zeek
      • base/frameworks/supervisor/__load__.zeek
      • base/frameworks/supervisor/control.zeek
      • base/frameworks/supervisor/main.zeek
      • base/frameworks/input/__load__.zeek
      • base/frameworks/input/main.zeek
      • base/bif/input.bif.zeek
      • base/frameworks/input/readers/ascii.zeek
      • base/frameworks/input/readers/raw.zeek
      • base/frameworks/input/readers/benchmark.zeek
      • base/frameworks/input/readers/binary.zeek
      • base/frameworks/input/readers/config.zeek
      • base/frameworks/input/readers/sqlite.zeek
      • base/frameworks/cluster/__load__.zeek
      • base/frameworks/cluster/main.zeek
      • base/frameworks/control/__load__.zeek
      • base/frameworks/control/main.zeek
      • base/frameworks/cluster/pools.zeek
      • base/utils/hash_hrw.zeek
      • base/frameworks/config/__load__.zeek
      • base/frameworks/config/main.zeek
      • base/frameworks/config/input.zeek
      • base/frameworks/config/weird.zeek
      • base/frameworks/analyzer/__load__.zeek
      • base/frameworks/analyzer/dpd.zeek
      • base/frameworks/analyzer/logging.zeek
      • base/frameworks/files/__load__.zeek
      • base/frameworks/files/main.zeek
      • base/utils/site.zeek
      • base/utils/patterns.zeek
      • base/frameworks/files/magic/__load__.zeek
      • base/bif/__load__.zeek
      • base/bif/telemetry.bif.zeek
      • base/bif/zeekygen.bif.zeek
      • base/bif/pcap.bif.zeek
      • base/bif/bloom-filter.bif.zeek
      • base/bif/cardinality-counter.bif.zeek
      • base/bif/top-k.bif.zeek
      • base/bif/plugins/__load__.zeek
      • base/bif/plugins/Zeek_BitTorrent.events.bif.zeek
      • base/bif/plugins/Zeek_ConnSize.events.bif.zeek
      • base/bif/plugins/Zeek_ConnSize.functions.bif.zeek
      • base/bif/plugins/Zeek_DCE_RPC.consts.bif.zeek
      • base/bif/plugins/Zeek_DCE_RPC.types.bif.zeek
      • base/bif/plugins/Zeek_DCE_RPC.events.bif.zeek
      • base/bif/plugins/Zeek_DHCP.events.bif.zeek
      • base/bif/plugins/Zeek_DHCP.types.bif.zeek
      • base/bif/plugins/Zeek_DNP3.events.bif.zeek
      • base/bif/plugins/Zeek_DNS.events.bif.zeek
      • base/bif/plugins/Zeek_File.events.bif.zeek
      • base/bif/plugins/Zeek_Finger.events.bif.zeek
      • base/bif/plugins/Zeek_FTP.events.bif.zeek
      • base/bif/plugins/Zeek_FTP.functions.bif.zeek
      • base/bif/plugins/Zeek_Gnutella.events.bif.zeek
      • base/bif/plugins/Zeek_GSSAPI.events.bif.zeek
      • base/bif/plugins/Zeek_HTTP.events.bif.zeek
      • base/bif/plugins/Zeek_HTTP.functions.bif.zeek
      • base/bif/plugins/Zeek_Ident.events.bif.zeek
      • base/bif/plugins/Zeek_IMAP.events.bif.zeek
      • base/bif/plugins/Zeek_IRC.events.bif.zeek
      • base/bif/plugins/Zeek_KRB.events.bif.zeek
      • base/bif/plugins/Zeek_Login.events.bif.zeek
      • base/bif/plugins/Zeek_Login.functions.bif.zeek
      • base/bif/plugins/Zeek_MIME.events.bif.zeek
      • base/bif/plugins/Zeek_Modbus.events.bif.zeek
      • base/bif/plugins/Zeek_MQTT.types.bif.zeek
      • base/bif/plugins/Zeek_MQTT.events.bif.zeek
      • base/bif/plugins/Zeek_MySQL.events.bif.zeek
      • base/bif/plugins/Zeek_NCP.events.bif.zeek
      • base/bif/plugins/Zeek_NCP.consts.bif.zeek
      • base/bif/plugins/Zeek_NetBIOS.events.bif.zeek
      • base/bif/plugins/Zeek_NetBIOS.functions.bif.zeek
      • base/bif/plugins/Zeek_NTLM.types.bif.zeek
      • base/bif/plugins/Zeek_NTLM.events.bif.zeek
      • base/bif/plugins/Zeek_NTP.types.bif.zeek
      • base/bif/plugins/Zeek_NTP.events.bif.zeek
      • base/bif/plugins/Zeek_POP3.events.bif.zeek
      • base/bif/plugins/Zeek_RADIUS.events.bif.zeek
      • base/bif/plugins/Zeek_RDP.events.bif.zeek
      • base/bif/plugins/Zeek_RDP.types.bif.zeek
      • base/bif/plugins/Zeek_RFB.events.bif.zeek
      • base/bif/plugins/Zeek_RPC.events.bif.zeek
      • base/bif/plugins/Zeek_SIP.events.bif.zeek
      • base/bif/plugins/Zeek_SMB.smb1_com_check_directory.bif.zeek
      • base/bif/plugins/Zeek_SMB.smb1_com_close.bif.zeek
      • base/bif/plugins/Zeek_SMB.smb1_com_create_directory.bif.zeek
      • base/bif/plugins/Zeek_SMB.smb1_com_echo.bif.zeek
      • base/bif/plugins/Zeek_SMB.smb1_com_logoff_andx.bif.zeek
      • base/bif/plugins/Zeek_SMB.smb1_com_negotiate.bif.zeek
      • base/bif/plugins/Zeek_SMB.smb1_com_nt_create_andx.bif.zeek
      • base/bif/plugins/Zeek_SMB.smb1_com_nt_cancel.bif.zeek
      • base/bif/plugins/Zeek_SMB.smb1_com_query_information.bif.zeek
      • base/bif/plugins/Zeek_SMB.smb1_com_read_andx.bif.zeek
      • base/bif/plugins/Zeek_SMB.smb1_com_session_setup_andx.bif.zeek
      • base/bif/plugins/Zeek_SMB.smb1_com_transaction.bif.zeek
      • base/bif/plugins/Zeek_SMB.smb1_com_transaction_secondary.bif.zeek
      • base/bif/plugins/Zeek_SMB.smb1_com_transaction2.bif.zeek
      • base/bif/plugins/Zeek_SMB.smb1_com_transaction2_secondary.bif.zeek
      • base/bif/plugins/Zeek_SMB.smb1_com_tree_connect_andx.bif.zeek
      • base/bif/plugins/Zeek_SMB.smb1_com_tree_disconnect.bif.zeek
      • base/bif/plugins/Zeek_SMB.smb1_com_write_andx.bif.zeek
      • base/bif/plugins/Zeek_SMB.smb1_events.bif.zeek
      • base/bif/plugins/Zeek_SMB.smb2_com_close.bif.zeek
      • base/bif/plugins/Zeek_SMB.smb2_com_create.bif.zeek
      • base/bif/plugins/Zeek_SMB.smb2_com_negotiate.bif.zeek
      • base/bif/plugins/Zeek_SMB.smb2_com_read.bif.zeek
      • base/bif/plugins/Zeek_SMB.smb2_com_session_setup.bif.zeek
      • base/bif/plugins/Zeek_SMB.smb2_com_set_info.bif.zeek
      • base/bif/plugins/Zeek_SMB.smb2_com_tree_connect.bif.zeek
      • base/bif/plugins/Zeek_SMB.smb2_com_tree_disconnect.bif.zeek
      • base/bif/plugins/Zeek_SMB.smb2_com_write.bif.zeek
      • base/bif/plugins/Zeek_SMB.smb2_com_transform_header.bif.zeek
      • base/bif/plugins/Zeek_SMB.smb2_events.bif.zeek
      • base/bif/plugins/Zeek_SMB.events.bif.zeek
      • base/bif/plugins/Zeek_SMB.consts.bif.zeek
      • base/bif/plugins/Zeek_SMB.types.bif.zeek
      • base/bif/plugins/Zeek_SMTP.events.bif.zeek
      • base/bif/plugins/Zeek_SMTP.functions.bif.zeek
      • base/bif/plugins/Zeek_SNMP.events.bif.zeek
      • base/bif/plugins/Zeek_SOCKS.events.bif.zeek
      • base/bif/plugins/Zeek_SSH.types.bif.zeek
      • base/bif/plugins/Zeek_SSH.events.bif.zeek
      • base/bif/plugins/Zeek_SSL.types.bif.zeek
      • base/bif/plugins/Zeek_SSL.events.bif.zeek
      • base/bif/plugins/Zeek_SSL.functions.bif.zeek
      • base/bif/plugins/Zeek_SSL.consts.bif.zeek
      • base/bif/plugins/Zeek_Syslog.events.bif.zeek
      • base/bif/plugins/Zeek_TCP.events.bif.zeek
      • base/bif/plugins/Zeek_TCP.types.bif.zeek
      • base/bif/plugins/Zeek_TCP.functions.bif.zeek
      • base/bif/plugins/Zeek_XMPP.events.bif.zeek
      • base/bif/plugins/Zeek_ARP.events.bif.zeek
      • base/bif/plugins/Zeek_UDP.events.bif.zeek
      • base/bif/plugins/Zeek_ICMP.events.bif.zeek
      • base/bif/plugins/Zeek_Geneve.events.bif.zeek
      • base/bif/plugins/Zeek_VXLAN.events.bif.zeek
      • base/bif/plugins/Zeek_Teredo.events.bif.zeek
      • base/bif/plugins/Zeek_GTPv1.events.bif.zeek
      • base/bif/plugins/Zeek_FileEntropy.events.bif.zeek
      • base/bif/plugins/Zeek_FileExtract.events.bif.zeek
      • base/bif/plugins/Zeek_FileExtract.functions.bif.zeek
      • base/bif/plugins/Zeek_FileHash.events.bif.zeek
      • base/bif/plugins/Zeek_PE.events.bif.zeek
      • base/bif/plugins/Zeek_X509.events.bif.zeek
      • base/bif/plugins/Zeek_X509.types.bif.zeek
      • base/bif/plugins/Zeek_X509.functions.bif.zeek
      • base/bif/plugins/Zeek_X509.ocsp_events.bif.zeek
      • base/bif/plugins/Zeek_AsciiReader.ascii.bif.zeek
      • base/bif/plugins/Zeek_BenchmarkReader.benchmark.bif.zeek
      • base/bif/plugins/Zeek_BinaryReader.binary.bif.zeek
      • base/bif/plugins/Zeek_ConfigReader.config.bif.zeek
      • base/bif/plugins/Zeek_RawReader.raw.bif.zeek
      • base/bif/plugins/Zeek_SQLiteReader.sqlite.bif.zeek
      • base/bif/plugins/Zeek_AsciiWriter.ascii.bif.zeek
      • base/bif/plugins/Zeek_NoneWriter.none.bif.zeek
      • base/bif/plugins/Zeek_SQLiteWriter.sqlite.bif.zeek
      • base/bif/plugins/Zeek_AF_Packet.af_packet.bif.zeek
      • base/init-default.zeek
      • base/utils/active-http.zeek
      • base/utils/exec.zeek
      • base/utils/addrs.zeek
      • base/utils/backtrace.zeek
      • base/utils/conn-ids.zeek
      • base/utils/dir.zeek
      • base/frameworks/reporter/__load__.zeek
      • base/frameworks/reporter/main.zeek
      • base/utils/paths.zeek
      • base/utils/directions-and-hosts.zeek
      • base/utils/email.zeek
      • base/utils/files.zeek
      • base/utils/geoip-distance.zeek
      • base/utils/numbers.zeek
      • base/utils/queue.zeek
      • base/utils/strings.zeek
      • base/utils/thresholds.zeek
      • base/utils/time.zeek
      • base/utils/urls.zeek
      • base/frameworks/notice/__load__.zeek
      • base/frameworks/notice/main.zeek
      • base/frameworks/notice/weird.zeek
      • base/frameworks/notice/actions/email_admin.zeek
      • base/frameworks/notice/actions/page.zeek
      • base/frameworks/notice/actions/add-geodata.zeek
      • base/frameworks/notice/actions/pp-alarms.zeek
      • base/frameworks/signatures/__load__.zeek
      • base/frameworks/signatures/main.zeek
      • base/frameworks/packet-filter/__load__.zeek
      • base/frameworks/packet-filter/main.zeek
      • base/frameworks/packet-filter/netstats.zeek
      • base/frameworks/software/__load__.zeek
      • base/frameworks/software/main.zeek
      • base/frameworks/intel/__load__.zeek
      • base/frameworks/intel/main.zeek
      • base/frameworks/intel/files.zeek
      • base/frameworks/intel/input.zeek
      • base/frameworks/sumstats/__load__.zeek
      • base/frameworks/sumstats/main.zeek
      • base/frameworks/sumstats/plugins/__load__.zeek
      • base/frameworks/sumstats/plugins/average.zeek
      • base/frameworks/sumstats/plugins/hll_unique.zeek
      • base/frameworks/sumstats/plugins/last.zeek
      • base/frameworks/sumstats/plugins/max.zeek
      • base/frameworks/sumstats/plugins/min.zeek
      • base/frameworks/sumstats/plugins/sample.zeek
      • base/frameworks/sumstats/plugins/std-dev.zeek
      • base/frameworks/sumstats/plugins/variance.zeek
      • base/frameworks/sumstats/plugins/sum.zeek
      • base/frameworks/sumstats/plugins/topk.zeek
      • base/frameworks/sumstats/plugins/unique.zeek
      • base/frameworks/sumstats/non-cluster.zeek
      • base/frameworks/tunnels/__load__.zeek
      • base/frameworks/tunnels/main.zeek
      • base/protocols/conn/removal-hooks.zeek
      • base/frameworks/openflow/__load__.zeek
      • base/frameworks/openflow/consts.zeek
      • base/frameworks/openflow/types.zeek
      • base/frameworks/openflow/main.zeek
      • base/frameworks/openflow/plugins/__load__.zeek
      • base/frameworks/openflow/plugins/ryu.zeek
      • base/frameworks/openflow/plugins/log.zeek
      • base/frameworks/openflow/plugins/broker.zeek
      • base/frameworks/openflow/non-cluster.zeek
      • base/frameworks/netcontrol/__load__.zeek
      • base/frameworks/netcontrol/types.zeek
      • base/frameworks/netcontrol/main.zeek
      • base/frameworks/netcontrol/plugin.zeek
      • base/frameworks/netcontrol/plugins/__load__.zeek
      • base/frameworks/netcontrol/plugins/debug.zeek
      • base/frameworks/netcontrol/plugins/openflow.zeek
      • base/frameworks/netcontrol/plugins/packetfilter.zeek
      • base/frameworks/netcontrol/plugins/broker.zeek
      • base/frameworks/netcontrol/plugins/acld.zeek
      • base/frameworks/netcontrol/drop.zeek
      • base/frameworks/netcontrol/shunt.zeek
      • base/frameworks/netcontrol/non-cluster.zeek
      • base/frameworks/telemetry/__load__.zeek
      • base/frameworks/telemetry/main.zeek
      • base/misc/version.zeek
      • base/protocols/conn/__load__.zeek
      • base/protocols/conn/main.zeek
      • base/protocols/conn/contents.zeek
      • base/protocols/conn/inactivity.zeek
      • base/protocols/conn/polling.zeek
      • base/protocols/conn/thresholds.zeek
      • base/protocols/dce-rpc/__load__.zeek
      • base/protocols/dce-rpc/consts.zeek
      • base/protocols/dce-rpc/main.zeek
      • base/protocols/dhcp/__load__.zeek
      • base/protocols/dhcp/consts.zeek
      • base/protocols/dhcp/main.zeek
      • base/protocols/dnp3/__load__.zeek
      • base/protocols/dnp3/main.zeek
      • base/protocols/dnp3/consts.zeek
      • base/protocols/dns/__load__.zeek
      • base/protocols/dns/consts.zeek
      • base/protocols/dns/main.zeek
      • base/protocols/finger/__load__.zeek
      • base/protocols/finger/spicy-events.zeek
      • base/protocols/finger/main.zeek
      • base/protocols/ftp/__load__.zeek
      • base/protocols/ftp/utils-commands.zeek
      • base/protocols/ftp/info.zeek
      • base/protocols/ftp/main.zeek
      • base/protocols/ftp/utils.zeek
      • base/protocols/ftp/files.zeek
      • base/protocols/ftp/gridftp.zeek
      • base/protocols/ssl/__load__.zeek
      • base/protocols/ssl/consts.zeek
      • base/protocols/ssl/main.zeek
      • base/protocols/ssl/mozilla-ca-list.zeek
      • base/protocols/ssl/ct-list.zeek
      • base/protocols/ssl/files.zeek
      • base/files/x509/__load__.zeek
      • base/files/x509/main.zeek
      • base/files/hash/__load__.zeek
      • base/files/hash/main.zeek
      • base/files/x509/certificate-event-cache.zeek
      • base/files/x509/log-ocsp.zeek
      • base/protocols/http/__load__.zeek
      • base/protocols/http/main.zeek
      • base/protocols/http/entities.zeek
      • base/protocols/http/utils.zeek
      • base/protocols/http/files.zeek
      • base/protocols/imap/__load__.zeek
      • base/protocols/imap/main.zeek
      • base/protocols/irc/__load__.zeek
      • base/protocols/irc/main.zeek
      • base/protocols/irc/dcc-send.zeek
      • base/protocols/irc/files.zeek
      • base/protocols/krb/__load__.zeek
      • base/protocols/krb/main.zeek
      • base/protocols/krb/consts.zeek
      • base/protocols/krb/files.zeek
      • base/protocols/modbus/__load__.zeek
      • base/protocols/modbus/consts.zeek
      • base/protocols/modbus/main.zeek
      • base/protocols/mqtt/__load__.zeek
      • base/protocols/mqtt/consts.zeek
      • base/protocols/mqtt/main.zeek
      • base/protocols/mysql/__load__.zeek
      • base/protocols/mysql/main.zeek
      • base/protocols/mysql/consts.zeek
      • base/protocols/ntlm/__load__.zeek
      • base/protocols/ntlm/main.zeek
      • base/protocols/ntp/__load__.zeek
      • base/protocols/ntp/main.zeek
      • base/protocols/ntp/consts.zeek
      • base/protocols/pop3/__load__.zeek
      • base/protocols/radius/__load__.zeek
      • base/protocols/radius/main.zeek
      • base/protocols/radius/consts.zeek
      • base/protocols/rdp/__load__.zeek
      • base/protocols/rdp/consts.zeek
      • base/protocols/rdp/main.zeek
      • base/protocols/rfb/__load__.zeek
      • base/protocols/rfb/main.zeek
      • base/protocols/sip/__load__.zeek
      • base/protocols/sip/main.zeek
      • base/protocols/snmp/__load__.zeek
      • base/protocols/snmp/main.zeek
      • base/protocols/smb/__load__.zeek
      • base/protocols/smb/consts.zeek
      • base/protocols/smb/const-dos-error.zeek
      • base/protocols/smb/const-nt-status.zeek
      • base/protocols/smb/main.zeek
      • base/protocols/smb/smb1-main.zeek
      • base/protocols/smb/smb2-main.zeek
      • base/protocols/smb/files.zeek
      • base/protocols/smtp/__load__.zeek
      • base/protocols/smtp/main.zeek
      • base/protocols/smtp/entities.zeek
      • base/protocols/smtp/files.zeek
      • base/protocols/socks/__load__.zeek
      • base/protocols/socks/consts.zeek
      • base/protocols/socks/main.zeek
      • base/protocols/ssh/__load__.zeek
      • base/protocols/ssh/main.zeek
      • base/protocols/syslog/__load__.zeek
      • base/protocols/syslog/spicy-events.zeek
      • base/protocols/syslog/consts.zeek
      • base/protocols/syslog/main.zeek
      • base/protocols/tunnels/__load__.zeek
      • base/protocols/xmpp/__load__.zeek
      • base/protocols/xmpp/main.zeek
      • base/files/pe/__load__.zeek
      • base/files/pe/consts.zeek
      • base/files/pe/main.zeek
      • base/files/extract/__load__.zeek
      • base/files/extract/main.zeek
      • base/misc/find-checksum-offloading.zeek
      • base/misc/find-filtered-trace.zeek
      • base/misc/installation.zeek
      • builtin-plugins/__load__.zeek
      • builtin-plugins/Zeek_AF_Packet/__load__.zeek
      • builtin-plugins/Zeek_AF_Packet/init.zeek
      • zeekygen/__load__.zeek
      • test-all-policy.zeek
      • policy/frameworks/cluster/experimental.zeek
      • policy/frameworks/management/agent/__load__.zeek
      • policy/frameworks/management/agent/api.zeek
      • policy/frameworks/management/types.zeek
      • policy/frameworks/management/agent/boot.zeek
      • policy/frameworks/management/agent/config.zeek
      • policy/frameworks/management/__load__.zeek
      • policy/frameworks/management/config.zeek
      • policy/frameworks/management/log.zeek
      • policy/frameworks/management/persistence.zeek
      • policy/frameworks/management/request.zeek
      • policy/frameworks/management/util.zeek
      • policy/frameworks/management/controller/config.zeek
      • policy/frameworks/management/controller/__load__.zeek
      • policy/frameworks/management/controller/api.zeek
      • policy/frameworks/management/controller/boot.zeek
      • policy/frameworks/management/node/api.zeek
      • policy/frameworks/management/node/config.zeek
      • policy/frameworks/management/supervisor/__load__.zeek
      • policy/frameworks/management/supervisor/main.zeek
      • policy/frameworks/management/supervisor/api.zeek
      • policy/frameworks/management/supervisor/config.zeek
      • policy/frameworks/dpd/detect-protocols.zeek
      • policy/frameworks/dpd/packet-segment-logging.zeek
      • policy/frameworks/intel/do_notice.zeek
      • policy/frameworks/intel/do_expire.zeek
      • policy/frameworks/intel/whitelist.zeek
      • policy/frameworks/intel/removal.zeek
      • policy/frameworks/intel/seen/__load__.zeek
      • policy/frameworks/intel/seen/conn-established.zeek
      • policy/frameworks/intel/seen/where-locations.zeek
      • policy/frameworks/intel/seen/dns.zeek
      • policy/frameworks/intel/seen/file-hashes.zeek
      • policy/frameworks/intel/seen/file-names.zeek
      • policy/frameworks/intel/seen/http-headers.zeek
      • policy/frameworks/intel/seen/http-url.zeek
      • policy/frameworks/intel/seen/pubkey-hashes.zeek
      • policy/frameworks/intel/seen/ssl.zeek
      • policy/frameworks/intel/seen/smb-filenames.zeek
      • policy/frameworks/intel/seen/smtp.zeek
      • policy/frameworks/intel/seen/smtp-url-extraction.zeek
      • policy/frameworks/intel/seen/x509.zeek
      • policy/frameworks/netcontrol/catch-and-release.zeek
      • policy/frameworks/files/deprecated-txhosts-rxhosts-connuids.zeek
      • policy/frameworks/files/detect-MHR.zeek
      • policy/frameworks/files/hash-all-files.zeek
      • policy/frameworks/files/entropy-test-all-files.zeek
      • policy/frameworks/notice/__load__.zeek
      • policy/frameworks/notice/extend-email/hostnames.zeek
      • policy/frameworks/notice/actions/drop.zeek
      • policy/frameworks/notice/community-id.zeek
      • policy/files/x509/disable-certificate-events-known-certs.zeek
      • policy/frameworks/packet-filter/shunt.zeek
      • policy/frameworks/software/version-changes.zeek
      • policy/frameworks/software/vulnerable.zeek
      • policy/frameworks/software/windows-version-detection.zeek
      • policy/frameworks/telemetry/prometheus.zeek
      • policy/frameworks/telemetry/log.zeek
      • policy/integration/collective-intel/__load__.zeek
      • policy/integration/collective-intel/main.zeek
      • policy/misc/capture-loss.zeek
      • policy/misc/detect-traceroute/__load__.zeek
      • policy/misc/detect-traceroute/main.zeek
      • policy/misc/load-balancing.zeek
      • policy/misc/loaded-scripts.zeek
      • policy/misc/profiling.zeek
      • policy/misc/scan.zeek
      • policy/misc/stats.zeek
      • policy/misc/weird-stats.zeek
      • policy/misc/trim-trace-file.zeek
      • policy/misc/unknown-protocols.zeek
      • policy/protocols/conn/community-id-logging.zeek
      • policy/protocols/conn/known-hosts.zeek
      • policy/protocols/conn/known-services.zeek
      • policy/protocols/conn/mac-logging.zeek
      • policy/protocols/conn/vlan-logging.zeek
      • policy/protocols/conn/weirds.zeek
      • policy/protocols/dhcp/msg-orig.zeek
      • policy/protocols/dhcp/software.zeek
      • policy/protocols/dhcp/sub-opts.zeek
      • policy/protocols/dns/auth-addl.zeek
      • policy/protocols/dns/detect-external-names.zeek
      • policy/protocols/dns/log-original-query-case.zeek
      • policy/protocols/ftp/detect-bruteforcing.zeek
      • policy/protocols/ftp/detect.zeek
      • policy/protocols/ftp/software.zeek
      • policy/protocols/http/detect-sqli.zeek
      • policy/protocols/http/detect-webapps.zeek
      • policy/protocols/http/header-names.zeek
      • policy/protocols/http/software-browser-plugins.zeek
      • policy/protocols/http/software.zeek
      • policy/protocols/http/var-extraction-cookies.zeek
      • policy/protocols/http/var-extraction-uri.zeek
      • policy/protocols/krb/ticket-logging.zeek
      • policy/protocols/modbus/known-masters-slaves.zeek
      • policy/protocols/modbus/track-memmap.zeek
      • policy/protocols/mysql/software.zeek
      • policy/protocols/rdp/indicate_ssl.zeek
      • policy/protocols/smb/log-cmds.zeek
      • policy/protocols/smtp/blocklists.zeek
      • policy/protocols/smtp/detect-suspicious-orig.zeek
      • policy/protocols/smtp/entities-excerpt.zeek
      • policy/protocols/smtp/software.zeek
      • policy/protocols/ssh/detect-bruteforcing.zeek
      • policy/protocols/ssh/geo-data.zeek
      • policy/protocols/ssh/interesting-hostnames.zeek
      • policy/protocols/ssh/software.zeek
      • policy/protocols/ssl/certificate-request-info.zeek
      • policy/protocols/ssl/decryption.zeek
      • policy/protocols/ssl/expiring-certs.zeek
      • policy/protocols/ssl/heartbleed.zeek
      • policy/protocols/ssl/known-certs.zeek
      • policy/protocols/ssl/log-certs-base64.zeek
      • policy/protocols/ssl/ssl-log-ext.zeek
      • policy/protocols/ssl/log-hostcerts-only.zeek
      • policy/protocols/ssl/validate-certs.zeek
      • policy/protocols/ssl/validate-ocsp.zeek
      • policy/protocols/ssl/validate-sct.zeek
      • policy/protocols/ssl/weak-keys.zeek
      • policy/tuning/__load__.zeek
      • policy/tuning/defaults/__load__.zeek
      • policy/tuning/defaults/packet-fragments.zeek
      • policy/tuning/defaults/warnings.zeek
      • policy/tuning/defaults/extracted_file_limits.zeek
      • policy/tuning/json-logs.zeek
      • policy/tuning/track-all-assets.zeek
      • policy/protocols/mqtt/__load__.zeek
      • policy/frameworks/cluster/nodes-experimental/manager.zeek
      • policy/frameworks/control/controllee.zeek
      • policy/frameworks/control/controller.zeek
      • policy/frameworks/management/agent/main.zeek
      • policy/frameworks/management/controller/main.zeek
      • policy/frameworks/management/node/__load__.zeek
      • policy/frameworks/management/node/main.zeek
      • policy/frameworks/files/extract-all-files.zeek
      • policy/misc/dump-events.zeek
      • policy/protocols/conn/speculative-service.zeek
      • zeekygen/example.zeek
    • Zeekygen Example Script
  • Developer Guides
  • Subcomponents
  • Acknowledgements
Index
Zeek
  • Script Reference
  • Zeek Script Index
  • base/protocols/ftp/__load__.zeek

base/protocols/ftp/__load__.zeek¶

Imports

base/protocols/ftp/files.zeek, base/protocols/ftp/gridftp.zeek, base/protocols/ftp/info.zeek, base/protocols/ftp/main.zeek, base/protocols/ftp/utils-commands.zeek, base/protocols/ftp/utils.zeek

Summary¶

Detailed Interface¶

Previous Next

© Copyright 2019-2021, The Zeek Project. Revision 841cbf0b. Last updated on July 05, 2023.

Built with Sphinx using a theme provided by Read the Docs.
Read the Docs v: current (v6.0.0)
Versions
master
v6.0.0
v5.2.2
v5.2.0
v5.1.3
v5.1.2
v5.1.1
v5.1.0
v5.0.9
v5.0.7
v5.0.6
v5.0.5
v5.0.4
v5.0.3
v5.0.2
v5.0.1
v5.0.0
v4.2.2
v4.1.1
v4.0.9
v3.2.3
v3.1.4
v3.0.14
topic-awelzel-js-docs
lts
current
Downloads
html
On Read the Docs
Project Home
Builds