base/protocols/syslog/main.zeek

Syslog

Core script support for logging syslog messages. This script represents one syslog message as one logged record.

Namespace

Syslog

Imports

base/protocols/syslog/consts.zeek

Summary

Types

Syslog::Info: record

The record type which contains the fields of the syslog log.

Redefinitions

Log::ID: enum

connection: record

New Fields

connection

syslog: Syslog::Info &optional

likely_server_ports: set &redef

Hooks

Syslog::log_policy: Log::PolicyHook

Detailed Interface

Types

Syslog::Info
Type

record

ts: time &log

Timestamp when the syslog message was seen.

uid: string &log

Unique ID for the connection.

id: conn_id &log

The connection’s 4-tuple of endpoint addresses/ports.

proto: transport_proto &log

Protocol over which the message was seen.

facility: string &log

Syslog facility for the message.

severity: string &log

Syslog severity for the message.

message: string &log

The plain text message.

The record type which contains the fields of the syslog log.

Hooks

Syslog::log_policy
Type

Log::PolicyHook