base/bif/reporter.bif.zeek

GLOBAL
Reporter

The reporter built-in functions allow for the scripting layer to generate messages of varying severity. If no event handlers exist for reporter messages, the messages are output to stderr. If event handlers do exist, it’s assumed they take care of determining how/where to output the messages.

See base/frameworks/reporter/main.zeek for a convenient reporter message logging framework.

Namespaces

GLOBAL, Reporter

Summary

Functions

Reporter::conn_weird: function

Generates a “conn” weird.

Reporter::error: function

Generates a usually non-fatal error indicative of a definite problem that should be addressed.

Reporter::fatal: function

Generates a fatal error on stderr and terminates program execution.

Reporter::fatal_error_with_core: function

Generates a fatal error on stderr and terminates program execution after dumping a core file

Reporter::file_weird: function

Generates a “file” weird.

Reporter::flow_weird: function

Generates a “flow” weird.

Reporter::get_weird_sampling_duration: function

Gets the current weird sampling duration.

Reporter::get_weird_sampling_global_list: function

Gets the weird sampling global list

Reporter::get_weird_sampling_rate: function

Gets the current weird sampling rate.

Reporter::get_weird_sampling_threshold: function

Gets the current weird sampling threshold

Reporter::get_weird_sampling_whitelist: function

Gets the weird sampling whitelist

Reporter::info: function

Generates an informational message.

Reporter::net_weird: function

Generates a “net” weird.

Reporter::set_weird_sampling_duration: function

Sets the current weird sampling duration.

Reporter::set_weird_sampling_global_list: function

Sets the weird sampling global list

Reporter::set_weird_sampling_rate: function

Sets the weird sampling rate.

Reporter::set_weird_sampling_threshold: function

Sets the current weird sampling threshold

Reporter::set_weird_sampling_whitelist: function

Sets the weird sampling whitelist

Reporter::warning: function

Generates a message that warns of a potential problem.

Detailed Interface

Functions

Reporter::conn_weird
Type

function (name: string, c: connection, addl: string &default = "" &optional, source: string &default = "" &optional) : bool

Generates a “conn” weird.

Parameters
  • name – the name of the weird.

  • c – the connection associated with the weird.

  • addl – additional information to accompany the weird.

Returns

Always true.

Reporter::error
Type

function (msg: string) : bool

Generates a usually non-fatal error indicative of a definite problem that should be addressed. Program execution does not terminate unless the error is reported during initialization (e.g., zeek_init).

Parameters

msg – The error message to report.

Returns

Always true.

See also: reporter_error

Reporter::fatal
Type

function (msg: string) : bool

Generates a fatal error on stderr and terminates program execution.

Parameters

msg – The error message to report.

Returns

Always true.

Reporter::fatal_error_with_core
Type

function (msg: string) : bool

Generates a fatal error on stderr and terminates program execution after dumping a core file

Parameters

msg – The error message to report.

Returns

Always true.

Reporter::file_weird
Type

function (name: string, f: fa_file, addl: string &default = "" &optional, source: string &default = "" &optional) : bool

Generates a “file” weird.

Parameters
  • name – the name of the weird.

  • f – the file associated with the weird.

  • addl – additional information to accompany the weird.

Returns

true if the file was still valid, else false.

Reporter::flow_weird
Type

function (name: string, orig: addr, resp: addr, addl: string &default = "" &optional, source: string &default = "" &optional) : bool

Generates a “flow” weird.

Parameters
  • name – the name of the weird.

  • orig – the originator host associated with the weird.

  • resp – the responder host associated with the weird.

Returns

Always true.

Reporter::get_weird_sampling_duration
Type

function () : interval

Gets the current weird sampling duration.

Returns

weird sampling duration.

Reporter::get_weird_sampling_global_list
Type

function () : string_set

Gets the weird sampling global list

Returns

Current weird sampling global list

Reporter::get_weird_sampling_rate
Type

function () : count

Gets the current weird sampling rate.

Returns

weird sampling rate.

Reporter::get_weird_sampling_threshold
Type

function () : count

Gets the current weird sampling threshold

Returns

current weird sampling threshold.

Reporter::get_weird_sampling_whitelist
Type

function () : string_set

Gets the weird sampling whitelist

Returns

Current weird sampling whitelist

Reporter::info
Type

function (msg: string) : bool

Generates an informational message.

Parameters

msg – The informational message to report.

Returns

Always true.

See also: reporter_info

Reporter::net_weird
Type

function (name: string, addl: string &default = "" &optional, source: string &default = "" &optional) : bool

Generates a “net” weird.

Parameters

name – the name of the weird.

Returns

Always true.

Reporter::set_weird_sampling_duration
Type

function (weird_sampling_duration: interval) : bool

Sets the current weird sampling duration. Please note that this will not delete already running timers.

Parameters

weird_sampling_duration – New weird sampling duration.

Returns

always returns True

Reporter::set_weird_sampling_global_list
Type

function (weird_sampling_global_list: string_set) : bool

Sets the weird sampling global list

Parameters

global_list – New weird sampling rate.

Returns

Always true.

Reporter::set_weird_sampling_rate
Type

function (weird_sampling_rate: count) : bool

Sets the weird sampling rate.

Parameters

weird_sampling_rate – New weird sampling rate.

Returns

Always returns true.

Reporter::set_weird_sampling_threshold
Type

function (weird_sampling_threshold: count) : bool

Sets the current weird sampling threshold

Parameters

threshold – New weird sampling threshold.

Returns

Always returns true;

Reporter::set_weird_sampling_whitelist
Type

function (weird_sampling_whitelist: string_set) : bool

Sets the weird sampling whitelist

Parameters

whitelist – New weird sampling rate.

Returns

Always true.

Reporter::warning
Type

function (msg: string) : bool

Generates a message that warns of a potential problem.

Parameters

msg – The warning message to report.

Returns

Always true.

See also: reporter_warning