base/protocols/socks/main.zeek

SOCKS
Namespace:SOCKS
Imports:base/frameworks/tunnels, base/protocols/socks/consts.zeek

Summary

Runtime Options

SOCKS::default_capture_password: bool &redef Whether passwords are captured or not.

Types

SOCKS::Info: record The record type which contains the fields of the SOCKS log.

Events

SOCKS::log_socks: event Event that can be handled to access the SOCKS record as it is sent on to the logging framework.

Detailed Interface

Runtime Options

SOCKS::default_capture_password
Type:bool
Attributes:&redef
Default:F

Whether passwords are captured or not.

Types

SOCKS::Info
Type:

record

ts: time &log

Time when the proxy connection was first detected.

uid: string &log

Unique ID for the tunnel - may correspond to connection uid or be non-existent.

id: conn_id &log

The connection’s 4-tuple of endpoint addresses/ports.

version: count &log

Protocol version of SOCKS.

user: string &log &optional

Username used to request a login to the proxy.

password: string &log &optional

Password used to request a login to the proxy.

status: string &log &optional

Server status for the attempt at using the proxy.

request: SOCKS::Address &log &optional

Client requested SOCKS address. Could be an address, a name or both.

request_p: port &log &optional

Client requested port.

bound: SOCKS::Address &log &optional

Server bound address. Could be an address, a name or both.

bound_p: port &log &optional

Server bound port.

capture_password: bool &default = SOCKS::default_capture_password &optional

Determines if the password will be captured for this request.

The record type which contains the fields of the SOCKS log.

Events

SOCKS::log_socks
Type:event (rec: SOCKS::Info)

Event that can be handled to access the SOCKS record as it is sent on to the logging framework.