Zeek
current (v5.2.2)
Table of Contents
About Zeek
Monitoring With Zeek
Get Started
Zeek Log Formats and Inspection
Zeek Logs
Introduction to Scripting
Frameworks
Script Reference
Operators
Types
Attributes
Declarations and Statements
Directives
Log Files
Notices
Packet Analyzers
Protocol Analyzers
File Analyzers
Zeek Package Index
Zeek Script Index
base/init-bare.zeek
base/bif/const.bif.zeek
base/bif/types.bif.zeek
base/bif/zeek.bif.zeek
base/bif/stats.bif.zeek
base/bif/reporter.bif.zeek
base/bif/strings.bif.zeek
base/bif/option.bif.zeek
base/frameworks/supervisor/api.zeek
base/bif/supervisor.bif.zeek
base/bif/packet_analysis.bif.zeek
base/bif/CPP-load.bif.zeek
base/bif/plugins/Zeek_SNMP.types.bif.zeek
base/bif/plugins/Zeek_KRB.types.bif.zeek
base/bif/event.bif.zeek
base/packet-protocols/__load__.zeek
base/packet-protocols/main.zeek
base/frameworks/analyzer/main.zeek
base/frameworks/packet-filter/utils.zeek
base/bif/analyzer.bif.zeek
base/bif/file_analysis.bif.zeek
base/packet-protocols/root/__load__.zeek
base/packet-protocols/root/main.zeek
base/packet-protocols/ip/__load__.zeek
base/packet-protocols/ip/main.zeek
base/packet-protocols/skip/__load__.zeek
base/packet-protocols/skip/main.zeek
base/packet-protocols/ethernet/__load__.zeek
base/packet-protocols/ethernet/main.zeek
base/packet-protocols/fddi/__load__.zeek
base/packet-protocols/fddi/main.zeek
base/packet-protocols/ieee802_11/__load__.zeek
base/packet-protocols/ieee802_11/main.zeek
base/packet-protocols/ieee802_11_radio/__load__.zeek
base/packet-protocols/ieee802_11_radio/main.zeek
base/packet-protocols/linux_sll/__load__.zeek
base/packet-protocols/linux_sll/main.zeek
base/packet-protocols/linux_sll2/__load__.zeek
base/packet-protocols/linux_sll2/main.zeek
base/packet-protocols/nflog/__load__.zeek
base/packet-protocols/nflog/main.zeek
base/packet-protocols/null/__load__.zeek
base/packet-protocols/null/main.zeek
base/packet-protocols/ppp_serial/__load__.zeek
base/packet-protocols/ppp_serial/main.zeek
base/packet-protocols/pppoe/__load__.zeek
base/packet-protocols/pppoe/main.zeek
base/packet-protocols/vlan/__load__.zeek
base/packet-protocols/vlan/main.zeek
base/packet-protocols/mpls/__load__.zeek
base/packet-protocols/mpls/main.zeek
base/packet-protocols/vntag/__load__.zeek
base/packet-protocols/vntag/main.zeek
base/packet-protocols/udp/__load__.zeek
base/packet-protocols/udp/main.zeek
base/packet-protocols/tcp/__load__.zeek
base/packet-protocols/tcp/main.zeek
base/packet-protocols/icmp/__load__.zeek
base/packet-protocols/icmp/main.zeek
base/packet-protocols/gre/__load__.zeek
base/packet-protocols/gre/main.zeek
base/packet-protocols/iptunnel/__load__.zeek
base/packet-protocols/iptunnel/main.zeek
base/packet-protocols/ayiya/__load__.zeek
base/packet-protocols/ayiya/main.zeek
base/packet-protocols/geneve/__load__.zeek
base/packet-protocols/geneve/main.zeek
base/packet-protocols/vxlan/__load__.zeek
base/packet-protocols/vxlan/main.zeek
base/packet-protocols/teredo/__load__.zeek
base/packet-protocols/teredo/main.zeek
base/bif/plugins/Zeek_Teredo.functions.bif.zeek
base/packet-protocols/gtpv1/__load__.zeek
base/packet-protocols/gtpv1/main.zeek
base/bif/plugins/Zeek_GTPv1.functions.bif.zeek
builtin-plugins/__preload__.zeek
base/init-frameworks-and-bifs.zeek
base/frameworks/logging/__load__.zeek
base/frameworks/logging/main.zeek
base/bif/logging.bif.zeek
base/frameworks/logging/postprocessors/__load__.zeek
base/frameworks/logging/postprocessors/scp.zeek
base/frameworks/logging/postprocessors/sftp.zeek
base/frameworks/logging/writers/ascii.zeek
base/frameworks/logging/writers/sqlite.zeek
base/frameworks/logging/writers/none.zeek
base/frameworks/broker/__load__.zeek
base/frameworks/broker/main.zeek
base/bif/comm.bif.zeek
base/bif/messaging.bif.zeek
base/frameworks/broker/store.zeek
base/bif/data.bif.zeek
base/bif/store.bif.zeek
base/frameworks/broker/log.zeek
base/frameworks/supervisor/__load__.zeek
base/frameworks/supervisor/control.zeek
base/frameworks/supervisor/main.zeek
base/frameworks/input/__load__.zeek
base/frameworks/input/main.zeek
base/bif/input.bif.zeek
base/frameworks/input/readers/ascii.zeek
base/frameworks/input/readers/raw.zeek
base/frameworks/input/readers/benchmark.zeek
base/frameworks/input/readers/binary.zeek
base/frameworks/input/readers/config.zeek
base/frameworks/input/readers/sqlite.zeek
base/frameworks/cluster/__load__.zeek
base/frameworks/cluster/main.zeek
base/frameworks/control/__load__.zeek
base/frameworks/control/main.zeek
base/frameworks/cluster/pools.zeek
base/utils/hash_hrw.zeek
base/frameworks/config/__load__.zeek
base/frameworks/config/main.zeek
base/frameworks/config/input.zeek
base/frameworks/config/weird.zeek
base/frameworks/analyzer/__load__.zeek
base/frameworks/analyzer/dpd.zeek
base/frameworks/analyzer/logging.zeek
base/frameworks/files/__load__.zeek
base/frameworks/files/main.zeek
base/utils/site.zeek
base/utils/patterns.zeek
base/frameworks/files/magic/__load__.zeek
base/bif/__load__.zeek
base/bif/telemetry.bif.zeek
base/bif/zeekygen.bif.zeek
base/bif/pcap.bif.zeek
base/bif/bloom-filter.bif.zeek
base/bif/cardinality-counter.bif.zeek
base/bif/top-k.bif.zeek
base/bif/plugins/__load__.zeek
base/bif/plugins/Zeek_BitTorrent.events.bif.zeek
base/bif/plugins/Zeek_ConnSize.events.bif.zeek
base/bif/plugins/Zeek_ConnSize.functions.bif.zeek
base/bif/plugins/Zeek_DCE_RPC.consts.bif.zeek
base/bif/plugins/Zeek_DCE_RPC.types.bif.zeek
base/bif/plugins/Zeek_DCE_RPC.events.bif.zeek
base/bif/plugins/Zeek_DHCP.events.bif.zeek
base/bif/plugins/Zeek_DHCP.types.bif.zeek
base/bif/plugins/Zeek_DNP3.events.bif.zeek
base/bif/plugins/Zeek_DNS.events.bif.zeek
base/bif/plugins/Zeek_File.events.bif.zeek
base/bif/plugins/Zeek_Finger.events.bif.zeek
base/bif/plugins/Zeek_FTP.events.bif.zeek
base/bif/plugins/Zeek_FTP.functions.bif.zeek
base/bif/plugins/Zeek_Gnutella.events.bif.zeek
base/bif/plugins/Zeek_GSSAPI.events.bif.zeek
base/bif/plugins/Zeek_HTTP.events.bif.zeek
base/bif/plugins/Zeek_HTTP.functions.bif.zeek
base/bif/plugins/Zeek_Ident.events.bif.zeek
base/bif/plugins/Zeek_IMAP.events.bif.zeek
base/bif/plugins/Zeek_IRC.events.bif.zeek
base/bif/plugins/Zeek_KRB.events.bif.zeek
base/bif/plugins/Zeek_Login.events.bif.zeek
base/bif/plugins/Zeek_Login.functions.bif.zeek
base/bif/plugins/Zeek_MIME.events.bif.zeek
base/bif/plugins/Zeek_Modbus.events.bif.zeek
base/bif/plugins/Zeek_MQTT.types.bif.zeek
base/bif/plugins/Zeek_MQTT.events.bif.zeek
base/bif/plugins/Zeek_MySQL.events.bif.zeek
base/bif/plugins/Zeek_NCP.events.bif.zeek
base/bif/plugins/Zeek_NCP.consts.bif.zeek
base/bif/plugins/Zeek_NetBIOS.events.bif.zeek
base/bif/plugins/Zeek_NetBIOS.functions.bif.zeek
base/bif/plugins/Zeek_NTLM.types.bif.zeek
base/bif/plugins/Zeek_NTLM.events.bif.zeek
base/bif/plugins/Zeek_NTP.types.bif.zeek
base/bif/plugins/Zeek_NTP.events.bif.zeek
base/bif/plugins/Zeek_POP3.events.bif.zeek
base/bif/plugins/Zeek_RADIUS.events.bif.zeek
base/bif/plugins/Zeek_RDP.events.bif.zeek
base/bif/plugins/Zeek_RDP.types.bif.zeek
base/bif/plugins/Zeek_RFB.events.bif.zeek
base/bif/plugins/Zeek_RPC.events.bif.zeek
base/bif/plugins/Zeek_SIP.events.bif.zeek
base/bif/plugins/Zeek_SMB.smb1_com_check_directory.bif.zeek
base/bif/plugins/Zeek_SMB.smb1_com_close.bif.zeek
base/bif/plugins/Zeek_SMB.smb1_com_create_directory.bif.zeek
base/bif/plugins/Zeek_SMB.smb1_com_echo.bif.zeek
base/bif/plugins/Zeek_SMB.smb1_com_logoff_andx.bif.zeek
base/bif/plugins/Zeek_SMB.smb1_com_negotiate.bif.zeek
base/bif/plugins/Zeek_SMB.smb1_com_nt_create_andx.bif.zeek
base/bif/plugins/Zeek_SMB.smb1_com_nt_cancel.bif.zeek
base/bif/plugins/Zeek_SMB.smb1_com_query_information.bif.zeek
base/bif/plugins/Zeek_SMB.smb1_com_read_andx.bif.zeek
base/bif/plugins/Zeek_SMB.smb1_com_session_setup_andx.bif.zeek
base/bif/plugins/Zeek_SMB.smb1_com_transaction.bif.zeek
base/bif/plugins/Zeek_SMB.smb1_com_transaction_secondary.bif.zeek
base/bif/plugins/Zeek_SMB.smb1_com_transaction2.bif.zeek
base/bif/plugins/Zeek_SMB.smb1_com_transaction2_secondary.bif.zeek
base/bif/plugins/Zeek_SMB.smb1_com_tree_connect_andx.bif.zeek
base/bif/plugins/Zeek_SMB.smb1_com_tree_disconnect.bif.zeek
base/bif/plugins/Zeek_SMB.smb1_com_write_andx.bif.zeek
base/bif/plugins/Zeek_SMB.smb1_events.bif.zeek
base/bif/plugins/Zeek_SMB.smb2_com_close.bif.zeek
base/bif/plugins/Zeek_SMB.smb2_com_create.bif.zeek
base/bif/plugins/Zeek_SMB.smb2_com_negotiate.bif.zeek
base/bif/plugins/Zeek_SMB.smb2_com_read.bif.zeek
base/bif/plugins/Zeek_SMB.smb2_com_session_setup.bif.zeek
base/bif/plugins/Zeek_SMB.smb2_com_set_info.bif.zeek
base/bif/plugins/Zeek_SMB.smb2_com_tree_connect.bif.zeek
base/bif/plugins/Zeek_SMB.smb2_com_tree_disconnect.bif.zeek
base/bif/plugins/Zeek_SMB.smb2_com_write.bif.zeek
base/bif/plugins/Zeek_SMB.smb2_com_transform_header.bif.zeek
base/bif/plugins/Zeek_SMB.smb2_events.bif.zeek
base/bif/plugins/Zeek_SMB.events.bif.zeek
base/bif/plugins/Zeek_SMB.consts.bif.zeek
base/bif/plugins/Zeek_SMB.types.bif.zeek
base/bif/plugins/Zeek_SMTP.events.bif.zeek
base/bif/plugins/Zeek_SMTP.functions.bif.zeek
base/bif/plugins/Zeek_SNMP.events.bif.zeek
base/bif/plugins/Zeek_SOCKS.events.bif.zeek
base/bif/plugins/Zeek_SSH.types.bif.zeek
base/bif/plugins/Zeek_SSH.events.bif.zeek
base/bif/plugins/Zeek_SSL.types.bif.zeek
base/bif/plugins/Zeek_SSL.events.bif.zeek
base/bif/plugins/Zeek_SSL.functions.bif.zeek
base/bif/plugins/Zeek_SSL.consts.bif.zeek
base/bif/plugins/Zeek_Syslog.events.bif.zeek
base/bif/plugins/Zeek_TCP.events.bif.zeek
base/bif/plugins/Zeek_TCP.types.bif.zeek
base/bif/plugins/Zeek_TCP.functions.bif.zeek
base/bif/plugins/Zeek_XMPP.events.bif.zeek
base/bif/plugins/Zeek_ARP.events.bif.zeek
base/bif/plugins/Zeek_UDP.events.bif.zeek
base/bif/plugins/Zeek_ICMP.events.bif.zeek
base/bif/plugins/Zeek_Geneve.events.bif.zeek
base/bif/plugins/Zeek_VXLAN.events.bif.zeek
base/bif/plugins/Zeek_Teredo.events.bif.zeek
base/bif/plugins/Zeek_GTPv1.events.bif.zeek
base/bif/plugins/Zeek_FileEntropy.events.bif.zeek
base/bif/plugins/Zeek_FileExtract.events.bif.zeek
base/bif/plugins/Zeek_FileExtract.functions.bif.zeek
base/bif/plugins/Zeek_FileHash.events.bif.zeek
base/bif/plugins/Zeek_PE.events.bif.zeek
base/bif/plugins/Zeek_X509.events.bif.zeek
base/bif/plugins/Zeek_X509.types.bif.zeek
base/bif/plugins/Zeek_X509.functions.bif.zeek
base/bif/plugins/Zeek_X509.ocsp_events.bif.zeek
base/bif/plugins/Zeek_AsciiReader.ascii.bif.zeek
base/bif/plugins/Zeek_BenchmarkReader.benchmark.bif.zeek
base/bif/plugins/Zeek_BinaryReader.binary.bif.zeek
base/bif/plugins/Zeek_ConfigReader.config.bif.zeek
base/bif/plugins/Zeek_RawReader.raw.bif.zeek
base/bif/plugins/Zeek_SQLiteReader.sqlite.bif.zeek
base/bif/plugins/Zeek_AsciiWriter.ascii.bif.zeek
base/bif/plugins/Zeek_NoneWriter.none.bif.zeek
base/bif/plugins/Zeek_SQLiteWriter.sqlite.bif.zeek
base/bif/plugins/Zeek_AF_Packet.af_packet.bif.zeek
base/init-default.zeek
base/utils/active-http.zeek
base/utils/exec.zeek
base/utils/addrs.zeek
base/utils/backtrace.zeek
base/utils/conn-ids.zeek
base/utils/dir.zeek
base/frameworks/reporter/__load__.zeek
base/frameworks/reporter/main.zeek
base/utils/paths.zeek
base/utils/directions-and-hosts.zeek
base/utils/email.zeek
base/utils/files.zeek
base/utils/geoip-distance.zeek
base/utils/numbers.zeek
base/utils/queue.zeek
base/utils/strings.zeek
base/utils/thresholds.zeek
base/utils/time.zeek
base/utils/urls.zeek
base/frameworks/notice/__load__.zeek
base/frameworks/notice/main.zeek
base/frameworks/notice/weird.zeek
base/frameworks/notice/actions/email_admin.zeek
base/frameworks/notice/actions/page.zeek
base/frameworks/notice/actions/add-geodata.zeek
base/frameworks/notice/actions/pp-alarms.zeek
base/frameworks/signatures/__load__.zeek
base/frameworks/signatures/main.zeek
base/frameworks/packet-filter/__load__.zeek
base/frameworks/packet-filter/main.zeek
base/frameworks/packet-filter/netstats.zeek
base/frameworks/software/__load__.zeek
base/frameworks/software/main.zeek
base/frameworks/intel/__load__.zeek
base/frameworks/intel/main.zeek
base/frameworks/intel/files.zeek
base/frameworks/intel/input.zeek
base/frameworks/sumstats/__load__.zeek
base/frameworks/sumstats/main.zeek
base/frameworks/sumstats/plugins/__load__.zeek
base/frameworks/sumstats/plugins/average.zeek
base/frameworks/sumstats/plugins/hll_unique.zeek
base/frameworks/sumstats/plugins/last.zeek
base/frameworks/sumstats/plugins/max.zeek
base/frameworks/sumstats/plugins/min.zeek
base/frameworks/sumstats/plugins/sample.zeek
base/frameworks/sumstats/plugins/std-dev.zeek
base/frameworks/sumstats/plugins/variance.zeek
base/frameworks/sumstats/plugins/sum.zeek
base/frameworks/sumstats/plugins/topk.zeek
base/frameworks/sumstats/plugins/unique.zeek
base/frameworks/sumstats/non-cluster.zeek
base/frameworks/tunnels/__load__.zeek
base/frameworks/tunnels/main.zeek
base/protocols/conn/removal-hooks.zeek
base/frameworks/openflow/__load__.zeek
base/frameworks/openflow/consts.zeek
base/frameworks/openflow/types.zeek
base/frameworks/openflow/main.zeek
base/frameworks/openflow/plugins/__load__.zeek
base/frameworks/openflow/plugins/ryu.zeek
base/frameworks/openflow/plugins/log.zeek
base/frameworks/openflow/plugins/broker.zeek
base/frameworks/openflow/non-cluster.zeek
base/frameworks/netcontrol/__load__.zeek
base/frameworks/netcontrol/types.zeek
base/frameworks/netcontrol/main.zeek
base/frameworks/netcontrol/plugin.zeek
base/frameworks/netcontrol/plugins/__load__.zeek
base/frameworks/netcontrol/plugins/debug.zeek
base/frameworks/netcontrol/plugins/openflow.zeek
base/frameworks/netcontrol/plugins/packetfilter.zeek
base/frameworks/netcontrol/plugins/broker.zeek
base/frameworks/netcontrol/plugins/acld.zeek
base/frameworks/netcontrol/drop.zeek
base/frameworks/netcontrol/shunt.zeek
base/frameworks/netcontrol/non-cluster.zeek
base/frameworks/telemetry/__load__.zeek
base/frameworks/telemetry/main.zeek
base/misc/version.zeek
base/protocols/conn/__load__.zeek
base/protocols/conn/main.zeek
base/protocols/conn/contents.zeek
base/protocols/conn/inactivity.zeek
base/protocols/conn/polling.zeek
base/protocols/conn/thresholds.zeek
base/protocols/dce-rpc/__load__.zeek
base/protocols/dce-rpc/consts.zeek
base/protocols/dce-rpc/main.zeek
base/protocols/dhcp/__load__.zeek
base/protocols/dhcp/consts.zeek
base/protocols/dhcp/main.zeek
base/protocols/dnp3/__load__.zeek
base/protocols/dnp3/main.zeek
base/protocols/dnp3/consts.zeek
base/protocols/dns/__load__.zeek
base/protocols/dns/consts.zeek
base/protocols/dns/main.zeek
base/protocols/finger/__load__.zeek
base/protocols/finger/spicy-events.zeek
base/protocols/finger/main.zeek
base/protocols/ftp/__load__.zeek
base/protocols/ftp/utils-commands.zeek
base/protocols/ftp/info.zeek
base/protocols/ftp/main.zeek
base/protocols/ftp/utils.zeek
base/protocols/ftp/files.zeek
base/protocols/ftp/gridftp.zeek
base/protocols/ssl/__load__.zeek
base/protocols/ssl/consts.zeek
base/protocols/ssl/main.zeek
base/protocols/ssl/mozilla-ca-list.zeek
base/protocols/ssl/ct-list.zeek
base/protocols/ssl/files.zeek
base/files/x509/__load__.zeek
base/files/x509/main.zeek
base/files/hash/__load__.zeek
base/files/hash/main.zeek
base/files/x509/certificate-event-cache.zeek
base/files/x509/log-ocsp.zeek
base/protocols/http/__load__.zeek
base/protocols/http/main.zeek
base/protocols/http/entities.zeek
base/protocols/http/utils.zeek
base/protocols/http/files.zeek
base/protocols/imap/__load__.zeek
base/protocols/imap/main.zeek
base/protocols/irc/__load__.zeek
base/protocols/irc/main.zeek
base/protocols/irc/dcc-send.zeek
base/protocols/irc/files.zeek
base/protocols/krb/__load__.zeek
base/protocols/krb/main.zeek
base/protocols/krb/consts.zeek
base/protocols/krb/files.zeek
base/protocols/modbus/__load__.zeek
base/protocols/modbus/consts.zeek
base/protocols/modbus/main.zeek
base/protocols/mqtt/__load__.zeek
base/protocols/mqtt/consts.zeek
base/protocols/mqtt/main.zeek
base/protocols/mysql/__load__.zeek
base/protocols/mysql/main.zeek
base/protocols/mysql/consts.zeek
base/protocols/ntlm/__load__.zeek
base/protocols/ntlm/main.zeek
base/protocols/ntp/__load__.zeek
base/protocols/ntp/main.zeek
base/protocols/ntp/consts.zeek
base/protocols/pop3/__load__.zeek
base/protocols/radius/__load__.zeek
base/protocols/radius/main.zeek
base/protocols/radius/consts.zeek
base/protocols/rdp/__load__.zeek
base/protocols/rdp/consts.zeek
base/protocols/rdp/main.zeek
base/protocols/rfb/__load__.zeek
base/protocols/rfb/main.zeek
base/protocols/sip/__load__.zeek
base/protocols/sip/main.zeek
base/protocols/snmp/__load__.zeek
base/protocols/snmp/main.zeek
base/protocols/smb/__load__.zeek
base/protocols/smb/consts.zeek
base/protocols/smb/const-dos-error.zeek
base/protocols/smb/const-nt-status.zeek
base/protocols/smb/main.zeek
base/protocols/smb/smb1-main.zeek
base/protocols/smb/smb2-main.zeek
base/protocols/smb/files.zeek
base/protocols/smtp/__load__.zeek
base/protocols/smtp/main.zeek
base/protocols/smtp/entities.zeek
base/protocols/smtp/files.zeek
base/protocols/socks/__load__.zeek
base/protocols/socks/consts.zeek
base/protocols/socks/main.zeek
base/protocols/ssh/__load__.zeek
base/protocols/ssh/main.zeek
base/protocols/syslog/__load__.zeek
base/protocols/syslog/spicy-events.zeek
base/protocols/syslog/consts.zeek
base/protocols/syslog/main.zeek
base/protocols/tunnels/__load__.zeek
base/protocols/xmpp/__load__.zeek
base/protocols/xmpp/main.zeek
base/files/pe/__load__.zeek
base/files/pe/consts.zeek
base/files/pe/main.zeek
base/files/extract/__load__.zeek
base/files/extract/main.zeek
base/misc/find-checksum-offloading.zeek
base/misc/find-filtered-trace.zeek
base/misc/installation.zeek
builtin-plugins/__load__.zeek
builtin-plugins/Zeek_AF_Packet/__load__.zeek
builtin-plugins/Zeek_AF_Packet/init.zeek
zeekygen/__load__.zeek
test-all-policy.zeek
policy/frameworks/management/agent/__load__.zeek
policy/frameworks/management/agent/api.zeek
policy/frameworks/management/types.zeek
policy/frameworks/management/agent/boot.zeek
policy/frameworks/management/agent/config.zeek
policy/frameworks/management/__load__.zeek
policy/frameworks/management/config.zeek
policy/frameworks/management/log.zeek
policy/frameworks/management/persistence.zeek
policy/frameworks/management/request.zeek
policy/frameworks/management/util.zeek
policy/frameworks/management/controller/config.zeek
policy/frameworks/management/controller/__load__.zeek
policy/frameworks/management/controller/api.zeek
policy/frameworks/management/controller/boot.zeek
policy/frameworks/management/node/api.zeek
policy/frameworks/management/node/config.zeek
policy/frameworks/management/supervisor/__load__.zeek
policy/frameworks/management/supervisor/main.zeek
policy/frameworks/management/supervisor/api.zeek
policy/frameworks/management/supervisor/config.zeek
policy/frameworks/dpd/detect-protocols.zeek
policy/frameworks/dpd/packet-segment-logging.zeek
policy/frameworks/intel/do_notice.zeek
policy/frameworks/intel/do_expire.zeek
policy/frameworks/intel/whitelist.zeek
policy/frameworks/intel/removal.zeek
policy/frameworks/intel/seen/__load__.zeek
policy/frameworks/intel/seen/conn-established.zeek
policy/frameworks/intel/seen/where-locations.zeek
policy/frameworks/intel/seen/dns.zeek
policy/frameworks/intel/seen/file-hashes.zeek
policy/frameworks/intel/seen/file-names.zeek
policy/frameworks/intel/seen/http-headers.zeek
policy/frameworks/intel/seen/http-url.zeek
policy/frameworks/intel/seen/pubkey-hashes.zeek
policy/frameworks/intel/seen/ssl.zeek
policy/frameworks/intel/seen/smb-filenames.zeek
policy/frameworks/intel/seen/smtp.zeek
policy/frameworks/intel/seen/smtp-url-extraction.zeek
policy/frameworks/intel/seen/x509.zeek
policy/frameworks/netcontrol/catch-and-release.zeek
policy/frameworks/files/deprecated-txhosts-rxhosts-connuids.zeek
policy/frameworks/files/detect-MHR.zeek
policy/frameworks/files/hash-all-files.zeek
policy/frameworks/files/entropy-test-all-files.zeek
policy/frameworks/notice/__load__.zeek
policy/frameworks/notice/extend-email/hostnames.zeek
policy/frameworks/notice/actions/drop.zeek
policy/files/x509/disable-certificate-events-known-certs.zeek
policy/frameworks/packet-filter/shunt.zeek
policy/frameworks/software/version-changes.zeek
policy/frameworks/software/vulnerable.zeek
policy/frameworks/software/windows-version-detection.zeek
policy/frameworks/telemetry/log.zeek
policy/integration/collective-intel/__load__.zeek
policy/integration/collective-intel/main.zeek
policy/misc/capture-loss.zeek
policy/misc/detect-traceroute/__load__.zeek
policy/misc/detect-traceroute/main.zeek
policy/misc/load-balancing.zeek
policy/misc/loaded-scripts.zeek
policy/misc/profiling.zeek
policy/misc/scan.zeek
policy/misc/stats.zeek
policy/misc/weird-stats.zeek
policy/misc/trim-trace-file.zeek
policy/misc/unknown-protocols.zeek
policy/protocols/conn/known-hosts.zeek
policy/protocols/conn/known-services.zeek
policy/protocols/conn/mac-logging.zeek
policy/protocols/conn/vlan-logging.zeek
policy/protocols/conn/weirds.zeek
policy/protocols/dhcp/msg-orig.zeek
policy/protocols/dhcp/software.zeek
policy/protocols/dhcp/sub-opts.zeek
policy/protocols/dns/auth-addl.zeek
policy/protocols/dns/detect-external-names.zeek
policy/protocols/dns/log-original-query-case.zeek
policy/protocols/ftp/detect-bruteforcing.zeek
policy/protocols/ftp/detect.zeek
policy/protocols/ftp/software.zeek
policy/protocols/http/detect-sqli.zeek
policy/protocols/http/detect-webapps.zeek
policy/protocols/http/header-names.zeek
policy/protocols/http/software-browser-plugins.zeek
policy/protocols/http/software.zeek
policy/protocols/http/var-extraction-cookies.zeek
policy/protocols/http/var-extraction-uri.zeek
policy/protocols/krb/ticket-logging.zeek
policy/protocols/modbus/known-masters-slaves.zeek
policy/protocols/modbus/track-memmap.zeek
policy/protocols/mysql/software.zeek
policy/protocols/rdp/indicate_ssl.zeek
policy/protocols/smb/log-cmds.zeek
policy/protocols/smtp/blocklists.zeek
policy/protocols/smtp/detect-suspicious-orig.zeek
policy/protocols/smtp/entities-excerpt.zeek
policy/protocols/smtp/software.zeek
policy/protocols/ssh/detect-bruteforcing.zeek
policy/protocols/ssh/geo-data.zeek
policy/protocols/ssh/interesting-hostnames.zeek
policy/protocols/ssh/software.zeek
policy/protocols/ssl/decryption.zeek
policy/protocols/ssl/expiring-certs.zeek
policy/protocols/ssl/heartbleed.zeek
policy/protocols/ssl/known-certs.zeek
policy/protocols/ssl/log-certs-base64.zeek
policy/protocols/ssl/ssl-log-ext.zeek
policy/protocols/ssl/log-hostcerts-only.zeek
policy/protocols/ssl/validate-certs.zeek
policy/protocols/ssl/validate-ocsp.zeek
policy/protocols/ssl/validate-sct.zeek
policy/protocols/ssl/weak-keys.zeek
policy/tuning/__load__.zeek
policy/tuning/defaults/__load__.zeek
policy/tuning/defaults/packet-fragments.zeek
policy/tuning/defaults/warnings.zeek
policy/tuning/defaults/extracted_file_limits.zeek
policy/tuning/json-logs.zeek
policy/tuning/track-all-assets.zeek
policy/protocols/mqtt/__load__.zeek
policy/frameworks/control/controllee.zeek
policy/frameworks/control/controller.zeek
policy/frameworks/management/agent/main.zeek
policy/frameworks/management/controller/main.zeek
policy/frameworks/management/node/__load__.zeek
policy/frameworks/management/node/main.zeek
policy/frameworks/files/extract-all-files.zeek
policy/misc/dump-events.zeek
policy/protocols/conn/speculative-service.zeek
zeekygen/example.zeek
Zeekygen Example Script
Developer Guides
Subcomponents
Acknowledgements
Index
Zeek
Script Reference
Zeek Script Index
base/protocols/syslog/spicy-events.zeek
base/protocols/syslog/spicy-events.zeek
¶
Events generated by the Syslog analyzer.
Summary
¶
Detailed Interface
¶
Read the Docs
v: current (v5.2.2)
Versions
master
v5.2.2
v5.2.1
v5.2.0
v5.1.3
v5.1.2
v5.1.1
v5.1.0
v5.0.9
v5.0.8
v5.0.7
v5.0.6
v5.0.5
v5.0.4
v5.0.3
v5.0.2
v5.0.1
v5.0.0
v4.2.2
v4.1.1
v4.0.9
v3.2.3
v3.1.4
v3.0.14
lts
devel
current
Downloads
html
On Read the Docs
Project Home
Builds