base/protocols/syslog/main.zeek

Syslog

Core script support for logging syslog messages. This script represents one syslog message as one logged record.

Namespace:: Syslog
Imports:: base/protocols/syslog/consts.zeek

Summary

Types

Syslog::Info: record

The record type which contains the fields of the syslog log.

Redefinitions

`Log::ID`: `enum`	`Syslog::LOG`
`connection`: `record`	New Fields: `connection` syslog: `Syslog::Info` `&optional`
`likely_server_ports`: `set` `&redef`

Hooks

Syslog::log_policy: Log::PolicyHook

Detailed Interface

Types

Syslog::Info 

Type:

ts: time &log: Timestamp when the syslog message was seen.
uid: string &log: Unique ID for the connection.
id: conn_id &log: The connection’s 4-tuple of endpoint addresses/ports.
proto: transport_proto &log: Protocol over which the message was seen.
facility: string &log: Syslog facility for the message.
severity: string &log: Syslog severity for the message.
message: string &log: The plain text message.

The record type which contains the fields of the syslog log.

Hooks

Syslog::log_policy 

Type:: Log::PolicyHook