base/protocols/irc/main.zeek

IRC

Implements the core IRC analysis support. The logging model is to log IRC commands along with the associated response and some additional metadata about the connection if it’s available.

Namespace

IRC

Summary

Types

IRC::Info: record

Redefinitions

Log::ID: enum

connection: record

New Fields

connection

irc: IRC::Info &optional

IRC session information.

likely_server_ports: set &redef

Events

IRC::irc_log: event

Event that can be handled to access the IRC record as it is sent on to the logging framework.

Hooks

IRC::log_policy: Log::PolicyHook

Detailed Interface

Types

IRC::Info
Type

record

ts: time &log

Timestamp when the command was seen.

uid: string &log

Unique ID for the connection.

id: conn_id &log

The connection’s 4-tuple of endpoint addresses/ports.

nick: string &log &optional

Nickname given for the connection.

user: string &log &optional

Username given for the connection.

command: string &log &optional

Command given by the client.

value: string &log &optional

Value for the command given by the client.

addl: string &log &optional

Any additional data for the command.

dcc_file_name: string &log &optional

(present if base/protocols/irc/dcc-send.zeek is loaded)

DCC filename requested.

dcc_file_size: count &log &optional

(present if base/protocols/irc/dcc-send.zeek is loaded)

Size of the DCC transfer as indicated by the sender.

dcc_mime_type: string &log &optional

(present if base/protocols/irc/dcc-send.zeek is loaded)

Sniffed mime type of the file.

fuid: string &log &optional

(present if base/protocols/irc/files.zeek is loaded)

File unique ID.

Events

IRC::irc_log
Type

event (rec: IRC::Info)

Event that can be handled to access the IRC record as it is sent on to the logging framework.

Hooks

IRC::log_policy
Type

Log::PolicyHook