base/protocols/sip/main.zeek
- SIP
Implements base functionality for SIP analysis. The logging model is to log request/response pairs and all relevant metadata together in a single record.
- Namespace
SIP
- Imports
base/protocols/conn/removal-hooks.zeek, base/utils/files.zeek, base/utils/numbers.zeek
Summary
Runtime Options
A list of SIP methods. |
Types
The record type which contains the fields of the SIP log. |
|
Redefinitions
|
|
Events
Event that can be handled to access the SIP record as it is sent on to the logging framework. |
Hooks
SIP finalization hook. |
|
Detailed Interface
Runtime Options
- SIP::sip_methods
- Type
- Attributes
- Default
{ "BYE", "SUBSCRIBE", "NOTIFY", "REGISTER", "INVITE", "CANCEL", "OPTIONS", "ACK" }
A list of SIP methods. Other methods will generate a weird. Note that the SIP analyzer will only accept methods consisting solely of letters
[A-Za-z]
.
Types
- SIP::Info
- Type
-
- ts:
time
&log
Timestamp for when the request happened.
- uid:
string
&log
Unique ID for the connection.
- id:
conn_id
&log
The connection’s 4-tuple of endpoint addresses/ports.
- trans_depth:
count
&log
Represents the pipelined depth into the connection of this request/response transaction.
- method:
string
&log
&optional
Verb used in the SIP request (INVITE, REGISTER etc.).
- uri:
string
&log
&optional
URI used in the request.
- date:
string
&log
&optional
Contents of the Date: header from the client
- request_from:
string
&log
&optional
Contents of the request From: header Note: The tag= value that’s usually appended to the sender is stripped off and not logged.
- request_to:
string
&log
&optional
Contents of the To: header
- response_from:
string
&log
&optional
Contents of the response From: header Note: The
tag=
value that’s usually appended to the sender is stripped off and not logged.- response_to:
string
&log
&optional
Contents of the response To: header
- reply_to:
string
&log
&optional
Contents of the Reply-To: header
- call_id:
string
&log
&optional
Contents of the Call-ID: header from the client
- seq:
string
&log
&optional
Contents of the CSeq: header from the client
- subject:
string
&log
&optional
Contents of the Subject: header from the client
- request_path:
vector
ofstring
&log
&optional
The client message transmission path, as extracted from the headers.
- response_path:
vector
ofstring
&log
&optional
The server message transmission path, as extracted from the headers.
- user_agent:
string
&log
&optional
Contents of the User-Agent: header from the client
- status_code:
count
&log
&optional
Status code returned by the server.
- status_msg:
string
&log
&optional
Status message returned by the server.
- warning:
string
&log
&optional
Contents of the Warning: header
- request_body_len:
count
&log
&optional
Contents of the Content-Length: header from the client
- response_body_len:
count
&log
&optional
Contents of the Content-Length: header from the server
- content_type:
string
&log
&optional
Contents of the Content-Type: header from the server
- ts:
The record type which contains the fields of the SIP log.
Events
- SIP::log_sip
-
Event that can be handled to access the SIP record as it is sent on to the logging framework.
Hooks
- SIP::finalize_sip
- Type
SIP finalization hook. Remaining SIP info may get logged when it’s called.