base/protocols/irc/main.zeek
- IRC
Implements the core IRC analysis support. The logging model is to log IRC commands along with the associated response and some additional metadata about the connection if it’s available.
- Namespace
IRC
Summary
Types
Redefinitions
|
|
Events
Event that can be handled to access the IRC record as it is sent on to the logging framework. |
Hooks
Detailed Interface
Types
- IRC::Info
- Type
-
- ts:
time
&log
Timestamp when the command was seen.
- uid:
string
&log
Unique ID for the connection.
- id:
conn_id
&log
The connection’s 4-tuple of endpoint addresses/ports.
- nick:
string
&log
&optional
Nickname given for the connection.
- user:
string
&log
&optional
Username given for the connection.
- command:
string
&log
&optional
Command given by the client.
- value:
string
&log
&optional
Value for the command given by the client.
- addl:
string
&log
&optional
Any additional data for the command.
- dcc_file_name:
string
&log
&optional
(present if base/protocols/irc/dcc-send.zeek is loaded)
DCC filename requested.
- dcc_file_size:
count
&log
&optional
(present if base/protocols/irc/dcc-send.zeek is loaded)
Size of the DCC transfer as indicated by the sender.
- dcc_mime_type:
string
&log
&optional
(present if base/protocols/irc/dcc-send.zeek is loaded)
Sniffed mime type of the file.
- fuid:
string
&log
&optional
(present if base/protocols/irc/files.zeek is loaded)
File unique ID.
- ts:
Events
- IRC::irc_log
-
Event that can be handled to access the IRC record as it is sent on to the logging framework.