base/protocols/socks/main.zeek
- SOCKS
- Namespace:
SOCKS
- Imports:
base/frameworks/tunnels, base/protocols/conn/removal-hooks.zeek, base/protocols/socks/consts.zeek
Summary
Runtime Options
Whether passwords are captured or not. |
Types
The record type which contains the fields of the SOCKS log. |
Redefinitions
|
|
Events
Event that can be handled to access the SOCKS record as it is sent on to the logging framework. |
Hooks
SOCKS finalization hook. |
|
Detailed Interface
Runtime Options
- SOCKS::default_capture_password
-
Whether passwords are captured or not.
Types
- SOCKS::Info
- Type:
-
- ts:
time
&log
Time when the proxy connection was first detected.
- uid:
string
&log
Unique ID for the tunnel - may correspond to connection uid or be nonexistent.
- id:
conn_id
&log
The connection’s 4-tuple of endpoint addresses/ports.
- version:
count
&log
Protocol version of SOCKS.
- user:
string
&log
&optional
Username used to request a login to the proxy.
- password:
string
&log
&optional
Password used to request a login to the proxy.
- status:
string
&log
&optional
Server status for the attempt at using the proxy.
- request:
SOCKS::Address
&log
&optional
Client requested SOCKS address. Could be an address, a name or both.
- request_p:
port
&log
&optional
Client requested port.
- bound:
SOCKS::Address
&log
&optional
Server bound address. Could be an address, a name or both.
- bound_p:
port
&log
&optional
Server bound port.
- capture_password:
bool
&default
=SOCKS::default_capture_password
&optional
Determines if the password will be captured for this request.
- ts:
The record type which contains the fields of the SOCKS log.
Events
- SOCKS::log_socks
- Type:
event
(rec:SOCKS::Info
)
Event that can be handled to access the SOCKS record as it is sent on to the logging framework.
Hooks
- SOCKS::finalize_socks
- Type:
SOCKS finalization hook. Remaining SOCKS info may get logged when it’s called.