Zeek Logo
master (git/master)

Table of Contents

  • About Zeek
    • What Is Zeek?
    • Why Zeek?
    • History
    • Architecture
  • Monitoring With Zeek
    • Detection and Response Workflow
    • Instrumentation and Collection
    • Storage and Review
  • Get Started
    • Installing Zeek
      • Docker Images
      • Binary Packages
        • Linux
        • macOS
        • FreeBSD
        • OpenBSD
      • Building from Source
        • Required Dependencies
        • Optional Dependencies
        • Retrieving the Sources
        • Configuring and Building
        • Cross Compiling
      • Configuring the Run-Time Environment
    • Quick Start Guide
      • Managing Zeek with ZeekControl
        • A Minimal Starting Configuration
        • Browsing Log Files
        • Filesystem Walkthrough
      • Zeek as a Command-Line Utility
        • Monitoring Live Traffic
        • Reading Packet Capture (pcap) Files
        • Tracing Events
        • Telling Zeek Which Scripts to Load
        • Local Site Customization
        • Running Zeek Without Installing
      • Next Steps
    • Zeek Cluster Setup
      • Cluster Architecture
        • Architecture
        • Frontend Options
      • Cluster Configuration
        • Preparing to Setup a Cluster
        • Basic Cluster Configuration
        • PF_RING Cluster Configuration
  • Zeek Log Formats and Inspection
    • Working with a Sample Trace
    • Zeek TSV Format Logs
    • Zeek TSV Format and awk
    • Zeek TSV Format and zeek-cut
    • Zeek JSON Format Logs
    • Zeek JSON Format and jq
    • Conclusion
  • Zeek Logs
    • conn.log
      • Inspecting the conn.log
      • Understanding the Second conn.log Entry
      • Understanding the First conn.log Entry
      • The uid and Other Fields
      • Conclusion
    • dns.log
      • Inspecting the dns.log
      • Understanding the Second dns.log Entry
      • Understanding the First dns.log Entry
      • The uid and Other Fields
      • Conclusion
    • http.log
      • Inspecting the http.log
      • Understanding the http.log Entry
      • Reviewing the Original Traffic
      • Conclusion
    • files.log
      • Inspecting the conn.log
      • Inspecting the http.log
      • Inspecting the files.log
      • Inspecting the Extracted File
      • Conclusion
    • ftp.log
      • Finding the ftp.log
      • Reconstructing the FTP Control Channel
      • Inspecting the ftp.log
      • Finding the Data Channel
      • Conclusion
    • ssl.log
      • Reviewing TLS Versions Seen on the Network
      • Preparing to Inspect the ssl.log
      • Inspecting the ssl.log When TLS 1.2 Applies
      • Inspecting the ssl.log When TLS 1.3 Applies
      • Inspecting the ssl.log When ESNI/ECH Applies
      • Leveraging JA3 and JA3S
      • Conclusion
    • x509.log
      • Inspecting the x509.log When TLS 1.2 Applies
      • Inspecting the x509.log When TLS 1.3 Applies
      • Conclusion
    • smtp.log
      • Inspecting SMTP Traffic
      • Inspecting the smtp.log
      • Inspecting Extracted Files
      • Inspecting Zeek Logs for Traffic to Port 465 TCP
      • Inspecting Zeek Logs for Traffic to Port 587 TCP
      • Other Email Protocols: IMAP over TLS
      • Other Email Protocols: POP over TLS
      • Conclusion
    • ssh.log
      • Lateral Movement
      • Failed Lateral Movement
      • Outbound Movement
      • Inbound Movement
      • Failed Movement
      • Conclusion
    • pe.log
      • Starting with conn.log
      • Continuing with http.log
      • Continuing with files.log
      • Continuing with pe.log
      • Reviewing the Extracted Binary
      • Conclusion
    • dhcp.log
      • DORA via Tcpdump
      • DORA via Tcpdump Verbose Mode
      • Acknowledgement via tshark
      • Zeek’s Rendition of DORA
      • Two UIDs
      • Enumerating DHCP Servers
      • Conclusion
    • ntp.log
      • NTP via tcpdump
      • NTP via tcpdump and tshark
      • NTP via Zeek
      • Identifying NTP Servers
      • Conclusion
    • SMB Logs (plus DCE-RPC, Kerberos, NTLM)
      • Introduction
      • Leveraging BZAR
      • Running the net user Command
        • notice.log
        • dce_rpc.log
        • kerberos.log and smb_mapping.log
      • Connecting to a SMB Share and Uploading a File
        • conn.log
        • notice.log
        • extract_files/, files.log, and pe.log, and VirusTotal
        • kerberos.log, smb_mapping.log, and smb_files.log
      • Connecting to a SMB Share and Downloading a File
        • conn.log
        • files.log and pe.log
        • kerberos.log, smb_mapping.log, and smb_files.log
      • Scheduling Mimikatz via the At Service
        • conn.log
        • smb_files.log
        • files.log
      • Reviewing the Packet Capture with tshark
      • Using PsExec to Retrieve a File from a Target
        • conn.log
        • notice.log
        • dce_rpc.log
        • kerberos.log
        • smb_mapping.log
        • smb_files.log
        • extract_files/, files.log, and pe.log, and VirusTotal
        • ntlm.log
      • Conclusion
    • irc.log
      • Reconstructing an IRC Session
      • Port 6667 conn.log
      • Port 6667 irc.log
      • Port 6697 conn.log
      • Port 6697 ssl.log and x509.log
      • Port 31337 conn.log
      • Port 31337 irc.log
      • Botnet IRC Traffic
      • Conclusion
    • rdp.log
      • conn.log
      • rdp.log
      • ssl.log and x509.log
      • Running the Test
      • Conclusion
    • traceroute.log
      • traceroute.log
      • Conclusion
    • tunnel.log
      • Teredo
        • tcpdump and tshark
        • conn.log
        • tunnel.log
      • IP in IP
        • tcpdump and tshark
        • conn.log
        • tunnel.log
      • IP over IP via GRE
        • tcpdump and tshark
        • conn.log
        • tunnel.log
      • IPv4 in PPP in GRE in IPv4 in IPv6
        • tcpdump and tshark
        • conn.log
        • tunnel.log
        • dns.log
      • Conclusion
    • dpd.log
      • One Specific Example
        • tcpdump and tshark
        • conn.log
        • ssl.log
        • dpd.log
      • Decoding 21588
      • Assorted Examples
      • Conclusion
    • known_*.log and software.log
      • known_certs.log
      • known_hosts.log
      • known_services.log
      • software.log
      • Conclusion
    • weird.log and notice.log
      • weird.log
      • notice.log
      • Investigating a weird.log and notice.log Entry
      • Conclusion
    • capture_loss.log and reporter.log
      • capture_loss.log
      • reporter.log
      • Conclusion
  • Introduction to Scripting
    • The Basics
      • Understanding Scripts
      • The Event Queue and Event Handlers
      • The Connection Record Data Type
      • Data Types and Data Structures
        • Scope
        • Data Structures
        • Data Types Revisited
        • Record Data Type
      • Custom Logging
      • Raising Notices
    • Finding Potential Usage Errors
    • Event Groups
      • Attribute Based Event Group
      • Module Based Event Group
    • JavaScript
      • Preamble
      • Built-in Plugin
      • Hello World
      • Types
        • Record values
        • Table values
        • Set and vector values
        • Any and zeek.as()
        • Debugging
      • Examples
        • HTTP API
        • More
      • TypeScript
  • Frameworks
    • Broker Communication Framework
      • Cluster Layout / API
        • Layout / Topology
      • Data Management/Sharing Strategies
        • Data Stores
        • Data Partitioning
      • Broker Framework Examples
        • Topic Naming Conventions
        • Connecting to Peers
        • Remote Events
        • Remote Logging
        • Distributed Data Stores
      • Cluster Framework Examples
        • A Reminder About Events and Module Namespaces
        • Manager Sending Events To Workers
        • Worker Sending Events To Manager
        • Worker Sending Events To All Workers
        • Worker Distributing Events Uniformly Across Proxies
      • Broker-backed Zeek Tables for Data Synchronization and Persistence
    • Cluster Framework
      • Zeek’s Cluster Components
        • Manager
        • Worker
        • Proxy
        • Logger
      • Running a Zeek Cluster
        • Zeek Cluster Setup
        • General Usage and Deployment
      • Developing Scripts/Heuristics
        • The Need to Move Data and Events Across Different Nodes
        • Cluster Topics
        • Publishing Events Across the Cluster
        • Distributing Events Uniformly Across Proxies
        • A Cluster Script Walkthrough
      • Conclusion
    • Configuration Framework
      • Introduction
      • Declaring Options
      • Changing Options
        • Config File Formatting
      • Change Handlers
        • When Change Handlers Trigger
    • File Analysis Framework
      • Supported Protocols
      • File Lifecycle Events
      • File Type Identification
      • Adding Analysis
        • Per-file analyzer registration
        • Generic analyzer registration
        • Protocol-specific state
        • Examples
      • Input Framework Integration
    • GeoLocation
      • Install libmaxminddb
      • GeoLite2-City Database Installation
      • Testing
      • Usage
      • Example
    • Input Framework
      • Reading Data into Tables
        • Asynchronous processing
        • Sets instead of tables
        • Re-reading and streaming data
        • Receiving change events
        • Filtering data during import
        • Broken input data
      • Reading Data to Events
      • Data Readers
        • The ASCII Reader
        • The Benchmark Reader
        • The Binary Reader
        • The Raw Reader
        • The SQLite Reader
    • Intelligence Framework
      • Introduction
      • Quick Start
      • Architecture
        • Loading Intelligence
        • Seen Data
        • Intelligence Matches
    • Logging Framework
      • Terminology
      • Streams
        • Add Fields to a Log
        • Define a Logging Event
        • Disable a Stream
      • Filters
        • Rename a Log File
        • Change the Logging Directory
        • Add an Additional Output File
        • Determine Log Path Dynamically
        • Filtering Log Records
        • Log Rotation and Post-Processing
        • Other Features
      • Writers
        • ASCII Writer
        • SQLite Writer
        • None Writer
    • Management Framework
      • Quickstart
      • Architecture and Terminology
        • Controller
        • Instance
        • Agent
        • Cluster nodes
        • Client
      • A Visual Example
      • Goals and Relationship to ZeekControl
      • Running Controller and Agent
        • Joint launch
        • Separate controller and agent instances
        • Controller and agent instances on separate systems
        • Multiple instances
        • Controller and agent naming
        • Firewalling and encryption
        • Additional framework configuration
      • Node Operation and Outputs
      • Log Management
      • The zeek-client CLI
        • Standalone installation
        • Compatibility
        • Configuration
        • Auto-complete
      • Common cluster management tasks
        • Checking connected agents
        • Defining a cluster configuration
        • Staging and deploying configurations
        • Retrieving configurations
        • Showing the current instance nodes
        • Showing current global identifier values
        • Restarting cluster nodes
    • NetControl Framework
      • NetControl Architecture
      • NetControl API
        • High-level NetControl API
        • Rule API
        • Interacting with Rules
        • Catch and Release
      • NetControl Plugins
        • Using the existing plugins
        • Writing plugins
    • Notice Framework
      • Overview
      • Processing Notices
        • Notice Policy
        • Notice Policy Shortcuts
      • Raising Notices
      • Automated Suppression
      • Extending Notice Framework
        • Configuring Notice Emails
      • Cluster Considerations
      • The Weird Log
    • Packet Analysis
      • The Flow of Packets
      • Packet Analyzer Configuration
      • Packet Analyzer API
    • Signature Framework
      • Basics
      • Signature Language for Network Traffic
        • Conditions
        • Actions
      • Signature Language for File Content
        • Conditions
        • Actions
      • Things to keep in mind when writing signatures
      • Options
      • So, how about using Snort signatures with Zeek?
    • Summary Statistics
      • Overview
      • Terminology
      • Examples
        • Printing the number of connections
        • Toy scan detection
    • Supervisor Framework
      • Simple Example
      • Supervised Cluster Example
      • Internal Architecture
      • Node Revival
    • Telemetry Framework
      • Metric Types
      • Examples
        • Counting Log Writes per Stream
        • Table sizes
        • Connection Durations as Histogram
        • Exporting the Zeek Version
      • Metrics Export
        • Cluster Considerations
        • Zeek Log
        • Native Prometheus Export
    • TLS Decryption
      • Capturing and decrypting a trace file
        • Capturing a trace file with keys
        • Decrypting a trace file
      • Decrypting live traffic
      • TLS Decryption API
  • Popular Customizations
    • Log Enrichment
      • Community ID
    • Log Writers
      • Kafka
    • Logging
      • JSON Streaming Logs
      • Long Connections
    • Profiling and Debugging
      • jemalloc profiling
  • Troubleshooting
    • Memory Leaks and State Growth
      • Jemalloc Memory Profiling
        • ZeekControl Integration
    • CPU Profiling
      • Perf and Flame Graphs
    • Metrics and Stats
      • Telemetry Framework and Prometheus
      • stats.log
      • prof.log
  • Script Reference
    • Operators
      • Relational operators
      • Logical operators
      • Arithmetic operators
      • Bitwise operators
      • Set operators
      • Assignment operators
      • Record field operators
      • Pattern operators
      • Type casting
      • Other operators
    • Types
      • bool
        • Type Conversions
      • int
        • Type Conversions
      • count
        • Type Conversions
      • double
        • Type Conversions
      • time
        • Type Conversions
      • interval
        • Type Conversions
      • string
        • Type Conversions
      • pattern
        • Type Conversions
      • port
        • Type Conversions
      • addr
        • Type Conversions
      • subnet
        • Type Conversions
      • enum
        • Type Conversions
      • table
        • Declaration and initialization
        • Insertion and removal
        • Lookup and iteration
        • Additional operations
      • set
        • Declaration and initialization
        • Insertion and removal
        • Lookup and iteration
        • Set operations
        • Additional operations
      • vector
        • Declaration and initialization
        • Insertion
        • Lookup and iteration
        • Vectorized operations
        • Additional operations
      • record
      • function
        • Anonymous functions and their closures
        • Default values
        • Asynchronous functions
      • event
      • hook
      • file
      • opaque
      • any
      • void
    • Attributes
      • &redef
      • &priority
      • &log
      • &optional
      • &default
      • &default_insert
      • &add_func
      • &delete_func
      • &expire_func
      • &read_expire
      • &write_expire
      • &create_expire
      • &on_change
      • &raw_output
      • &error_handler
      • &type_column
      • &backend
      • &broker_store
      • &broker_allow_complex_type
      • &ordered
      • &deprecated
      • &is_assigned
      • &is_used
      • &group
    • Declarations and Statements
      • Declarations
        • module
        • export
        • global
        • const
        • option
        • type
        • redef
        • Callables
      • Statements
        • add
        • break
        • delete
        • event
        • fallthrough
        • for
        • if
        • local
        • next
        • print
        • return
        • schedule
        • switch
        • when
        • while
        • Compound Statement
        • Null Statement
    • Directives
      • @DIR
      • @FILENAME
      • @deprecated
      • @load
      • @load-plugin
      • @load-sigs
      • @unload
      • @prefixes
      • @if
      • @ifdef
      • @ifndef
      • @else
      • @endif
      • @DEBUG
    • Log Files
      • Network Protocols
      • Files
      • NetControl
      • Detection
      • Network Observations
      • Miscellaneous
      • Zeek Diagnostics
    • Notices
    • Packet Analyzers
      • Zeek::ARP
        • Components
        • Events
      • Zeek::AYIYA
        • Components
      • Zeek::Ethernet
        • Components
      • Zeek::FDDI
        • Components
      • Zeek::Geneve
        • Components
        • Events
      • Zeek::GRE
        • Components
      • Zeek::GTPv1
        • Components
        • Events
        • Functions
      • Zeek::IEEE802_11
        • Components
      • Zeek::IEEE802_11_Radio
        • Components
      • Zeek::IP
        • Components
      • Zeek::IPTunnel
        • Components
      • Zeek::LinuxSLL
        • Components
      • Zeek::LinuxSLL2
        • Components
      • Zeek::LLC
        • Components
      • Zeek::MPLS
        • Components
      • Zeek::NFLog
        • Components
      • Zeek::NOVELL_802_3
        • Components
      • Zeek::Null
        • Components
      • Zeek::PBB
        • Components
      • Zeek::PPP
        • Components
      • Zeek::PPPoE
        • Components
      • Zeek::PPPSerial
        • Components
      • Zeek::Root
        • Components
      • Zeek::Skip
        • Components
      • Zeek::SNAP
        • Components
      • Zeek::Teredo
        • Components
        • Events
        • Functions
      • Zeek::VLAN
        • Components
      • Zeek::VNTag
        • Components
      • Zeek::VXLAN
        • Components
        • Events
    • Protocol Analyzers
      • Zeek::BitTorrent
        • Components
        • Events
      • Zeek::ConnSize
        • Components
        • Events
        • Functions
      • Zeek::DCE_RPC
        • Components
        • Options/Constants
        • Types
        • Events
      • Zeek::DHCP
        • Components
        • Types
        • Events
      • Zeek::DNP3
        • Components
        • Events
      • Zeek::DNS
        • Components
        • Events
      • Zeek::File
        • Components
        • Events
      • Zeek::Finger
        • Components
        • Events
      • Zeek::FTP
        • Components
        • Types
        • Events
        • Functions
      • Zeek::Gnutella
        • Components
        • Events
      • Zeek::GSSAPI
        • Components
        • Events
      • Zeek::HTTP
        • Components
        • Events
        • Functions
      • Zeek::Ident
        • Components
        • Events
      • Zeek::IMAP
        • Components
        • Events
      • Zeek::IRC
        • Components
        • Events
      • Zeek::KRB
        • Components
        • Options/Constants
        • Types
        • Events
      • Zeek::Login
        • Components
        • Events
        • Functions
      • Zeek::MIME
        • Components
        • Events
      • Zeek::Modbus
        • Components
        • Events
      • Zeek::MQTT
        • Components
        • Types
        • Events
      • Zeek::MySQL
        • Components
        • Events
      • Zeek::NCP
        • Components
        • Options/Constants
        • Events
      • Zeek::NetBIOS
        • Components
        • Events
        • Functions
      • Zeek::NTLM
        • Components
        • Types
        • Events
      • Zeek::NTP
        • Components
        • Types
        • Events
      • Zeek::PIA
        • Components
      • Zeek::POP3
        • Components
        • Events
      • Zeek::RADIUS
        • Components
        • Types
        • Events
      • Zeek::RDP
        • Components
        • Types
        • Events
      • Zeek::RFB
        • Components
        • Events
      • Zeek::RPC
        • Components
        • Events
      • Zeek::SIP
        • Components
        • Events
      • Zeek::SMB
        • Components
        • Options/Constants
        • Types
        • Events
      • Zeek::SMTP
        • Components
        • Events
        • Functions
      • Zeek::SNMP
        • Components
        • Types
        • Events
      • Zeek::SOCKS
        • Components
        • Events
      • Zeek::Spicy
      • Zeek::SSH
        • Components
        • Types
        • Events
      • Zeek::SSL
        • Components
        • Options/Constants
        • Types
        • Events
        • Functions
      • Zeek::Syslog
        • Components
        • Events
      • Zeek::TCP
        • Components
        • Types
        • Events
        • Functions
      • Zeek::XMPP
        • Components
        • Events
      • Zeek::ZIP
        • Components
    • File Analyzers
      • Zeek::FileDataEvent
        • Components
      • Zeek::FileEntropy
        • Components
        • Events
      • Zeek::FileExtract
        • Components
        • Events
        • Functions
      • Zeek::FileHash
        • Components
        • Events
      • Zeek::PE
        • Components
        • Events
      • Zeek::X509
        • Components
        • Types
        • Events
        • Functions
    • Zeek Package Index
    • Zeek Script Index
      • base/init-bare.zeek
        • Summary
        • Detailed Interface
      • base/bif/const.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/types.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/zeek.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/communityid.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/stats.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/reporter.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/strings.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/option.bif.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/supervisor/api.zeek
        • Summary
        • Detailed Interface
      • base/bif/supervisor.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/packet_analysis.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/CPP-load.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SNMP.types.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_KRB.types.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/event.bif.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/main.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/analyzer/main.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/packet-filter/utils.zeek
        • Summary
        • Detailed Interface
      • base/bif/analyzer.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/file_analysis.bif.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/root/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/root/main.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/ip/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/ip/main.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/skip/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/skip/main.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/ethernet/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/ethernet/main.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/fddi/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/fddi/main.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/ieee802_11/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/ieee802_11/main.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/ieee802_11_radio/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/ieee802_11_radio/main.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/linux_sll/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/linux_sll/main.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/linux_sll2/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/linux_sll2/main.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/nflog/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/nflog/main.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/null/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/null/main.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/ppp/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/ppp/main.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/ppp_serial/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/ppp_serial/main.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/pppoe/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/pppoe/main.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/vlan/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/vlan/main.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/mpls/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/mpls/main.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/pbb/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/pbb/main.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/vntag/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/vntag/main.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/udp/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/udp/main.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/tcp/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/tcp/main.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/icmp/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/icmp/main.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/llc/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/llc/main.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/novell_802_3/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/novell_802_3/main.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/snap/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/snap/main.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/gre/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/gre/main.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/iptunnel/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/iptunnel/main.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/ayiya/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/ayiya/main.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/geneve/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/geneve/main.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/vxlan/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/vxlan/main.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/teredo/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/teredo/main.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_Teredo.functions.bif.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/gtpv1/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/gtpv1/main.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_GTPv1.functions.bif.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/spicy/init-bare.zeek
        • Summary
        • Detailed Interface
      • builtin-plugins/__preload__.zeek
        • Summary
        • Detailed Interface
      • base/init-frameworks-and-bifs.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/logging/__load__.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/logging/main.zeek
        • Summary
        • Detailed Interface
      • base/bif/logging.bif.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/logging/postprocessors/__load__.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/logging/postprocessors/scp.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/logging/postprocessors/sftp.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/logging/writers/ascii.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/logging/writers/sqlite.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/logging/writers/none.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/broker/__load__.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/broker/main.zeek
        • Summary
        • Detailed Interface
      • base/bif/comm.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/messaging.bif.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/broker/store.zeek
        • Summary
        • Detailed Interface
      • base/bif/data.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/store.bif.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/broker/log.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/supervisor/__load__.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/supervisor/control.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/supervisor/main.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/input/__load__.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/input/main.zeek
        • Summary
        • Detailed Interface
      • base/bif/input.bif.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/input/readers/ascii.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/input/readers/raw.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/input/readers/benchmark.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/input/readers/binary.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/input/readers/config.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/input/readers/sqlite.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/cluster/__load__.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/cluster/main.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/control/__load__.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/control/main.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/cluster/pools.zeek
        • Summary
        • Detailed Interface
      • base/utils/hash_hrw.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/config/__load__.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/config/main.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/config/input.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/config/weird.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/analyzer/__load__.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/analyzer/dpd.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/analyzer/logging.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/files/__load__.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/files/main.zeek
        • Summary
        • Detailed Interface
      • base/utils/site.zeek
        • Summary
        • Detailed Interface
      • base/utils/patterns.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/files/magic/__load__.zeek
        • Summary
        • Detailed Interface
      • base/bif/__load__.zeek
        • Summary
        • Detailed Interface
      • base/bif/telemetry.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/zeekygen.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/pcap.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/bloom-filter.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/cardinality-counter.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/top-k.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/spicy.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/__load__.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_BitTorrent.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_ConnSize.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_ConnSize.functions.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_DCE_RPC.consts.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_DCE_RPC.types.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_DCE_RPC.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_DHCP.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_DHCP.types.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_DNP3.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_DNS.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_File.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_FTP.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_FTP.functions.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_Gnutella.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_GSSAPI.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_HTTP.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_HTTP.functions.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_Ident.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_IMAP.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_IRC.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_KRB.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_Login.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_Login.functions.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_MIME.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_Modbus.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_MQTT.types.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_MQTT.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_MySQL.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_NCP.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_NCP.consts.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_NetBIOS.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_NetBIOS.functions.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_NTLM.types.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_NTLM.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_NTP.types.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_NTP.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_POP3.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_RADIUS.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_RDP.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_RDP.types.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_RFB.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_RPC.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SIP.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.smb1_com_check_directory.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.smb1_com_close.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.smb1_com_create_directory.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.smb1_com_echo.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.smb1_com_logoff_andx.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.smb1_com_negotiate.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.smb1_com_nt_create_andx.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.smb1_com_nt_cancel.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.smb1_com_query_information.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.smb1_com_read_andx.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.smb1_com_session_setup_andx.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.smb1_com_transaction.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.smb1_com_transaction_secondary.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.smb1_com_transaction2.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.smb1_com_transaction2_secondary.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.smb1_com_tree_connect_andx.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.smb1_com_tree_disconnect.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.smb1_com_write_andx.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.smb1_events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.smb2_com_close.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.smb2_com_create.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.smb2_com_negotiate.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.smb2_com_read.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.smb2_com_session_setup.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.smb2_com_set_info.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.smb2_com_tree_connect.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.smb2_com_tree_disconnect.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.smb2_com_write.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.smb2_com_transform_header.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.smb2_events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.consts.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.types.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMTP.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMTP.functions.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SNMP.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SOCKS.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SSH.types.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SSH.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SSL.types.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SSL.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SSL.functions.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SSL.consts.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_TCP.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_TCP.types.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_TCP.functions.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_XMPP.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_ARP.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_UDP.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_ICMP.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_Geneve.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_VXLAN.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_Teredo.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_GTPv1.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_FileEntropy.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_FileExtract.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_FileExtract.functions.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_FileHash.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_PE.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_X509.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_X509.types.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_X509.functions.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_X509.ocsp_events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_AsciiReader.ascii.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_BenchmarkReader.benchmark.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_BinaryReader.binary.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_ConfigReader.config.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_RawReader.raw.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SQLiteReader.sqlite.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_AsciiWriter.ascii.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_NoneWriter.none.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SQLiteWriter.sqlite.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_AF_Packet.af_packet.bif.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/spicy/init-framework.zeek
        • Summary
        • Detailed Interface
      • base/misc/version.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/reporter/__load__.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/reporter/main.zeek
        • Summary
        • Detailed Interface
      • base/utils/strings.zeek
        • Summary
        • Detailed Interface
      • base/init-default.zeek
        • Summary
        • Detailed Interface
      • base/utils/active-http.zeek
        • Summary
        • Detailed Interface
      • base/utils/exec.zeek
        • Summary
        • Detailed Interface
      • base/utils/addrs.zeek
        • Summary
        • Detailed Interface
      • base/utils/backtrace.zeek
        • Summary
        • Detailed Interface
      • base/utils/conn-ids.zeek
        • Summary
        • Detailed Interface
      • base/utils/dir.zeek
        • Summary
        • Detailed Interface
      • base/utils/paths.zeek
        • Summary
        • Detailed Interface
      • base/utils/directions-and-hosts.zeek
        • Summary
        • Detailed Interface
      • base/utils/email.zeek
        • Summary
        • Detailed Interface
      • base/utils/files.zeek
        • Summary
        • Detailed Interface
      • base/utils/geoip-distance.zeek
        • Summary
        • Detailed Interface
      • base/utils/numbers.zeek
        • Summary
        • Detailed Interface
      • base/utils/queue.zeek
        • Summary
        • Detailed Interface
      • base/utils/thresholds.zeek
        • Summary
        • Detailed Interface
      • base/utils/time.zeek
        • Summary
        • Detailed Interface
      • base/utils/urls.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/notice/__load__.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/notice/main.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/notice/weird.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/notice/actions/email_admin.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/notice/actions/page.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/notice/actions/add-geodata.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/notice/actions/pp-alarms.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/signatures/__load__.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/signatures/main.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/packet-filter/__load__.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/packet-filter/main.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/packet-filter/netstats.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/software/__load__.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/software/main.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/intel/__load__.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/intel/main.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/intel/files.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/intel/input.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/sumstats/__load__.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/sumstats/main.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/sumstats/plugins/__load__.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/sumstats/plugins/average.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/sumstats/plugins/hll_unique.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/sumstats/plugins/last.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/sumstats/plugins/max.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/sumstats/plugins/min.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/sumstats/plugins/sample.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/sumstats/plugins/std-dev.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/sumstats/plugins/variance.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/sumstats/plugins/sum.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/sumstats/plugins/topk.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/sumstats/plugins/unique.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/sumstats/non-cluster.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/tunnels/__load__.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/tunnels/main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/conn/removal-hooks.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/openflow/__load__.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/openflow/consts.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/openflow/types.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/openflow/main.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/openflow/plugins/__load__.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/openflow/plugins/ryu.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/openflow/plugins/log.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/openflow/plugins/broker.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/openflow/non-cluster.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/netcontrol/__load__.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/netcontrol/types.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/netcontrol/main.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/netcontrol/plugin.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/netcontrol/plugins/__load__.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/netcontrol/plugins/debug.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/netcontrol/plugins/openflow.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/netcontrol/plugins/packetfilter.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/netcontrol/plugins/broker.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/netcontrol/plugins/acld.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/netcontrol/drop.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/netcontrol/shunt.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/netcontrol/non-cluster.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/telemetry/__load__.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/telemetry/main.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/spicy/__load__.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/spicy/main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/conn/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/conn/main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/conn/contents.zeek
        • Summary
        • Detailed Interface
      • base/protocols/conn/inactivity.zeek
        • Summary
        • Detailed Interface
      • base/protocols/conn/polling.zeek
        • Summary
        • Detailed Interface
      • base/protocols/conn/thresholds.zeek
        • Summary
        • Detailed Interface
      • base/protocols/dce-rpc/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/dce-rpc/consts.zeek
        • Summary
        • Detailed Interface
      • base/protocols/dce-rpc/main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/dhcp/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/dhcp/consts.zeek
        • Summary
        • Detailed Interface
      • base/protocols/dhcp/main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/dnp3/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/dnp3/main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/dnp3/consts.zeek
        • Summary
        • Detailed Interface
      • base/protocols/dns/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/dns/consts.zeek
        • Summary
        • Detailed Interface
      • base/protocols/dns/main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/finger/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/finger/spicy-events.zeek
        • Summary
        • Detailed Interface
      • base/protocols/finger/main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/ftp/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/ftp/utils-commands.zeek
        • Summary
        • Detailed Interface
      • base/protocols/ftp/info.zeek
        • Summary
        • Detailed Interface
      • base/protocols/ftp/main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/ftp/utils.zeek
        • Summary
        • Detailed Interface
      • base/protocols/ftp/files.zeek
        • Summary
        • Detailed Interface
      • base/protocols/ftp/gridftp.zeek
        • Summary
        • Detailed Interface
      • base/protocols/ssl/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/ssl/consts.zeek
        • Summary
        • Detailed Interface
      • base/protocols/ssl/main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/ssl/mozilla-ca-list.zeek
        • Summary
        • Detailed Interface
      • base/protocols/ssl/ct-list.zeek
        • Summary
        • Detailed Interface
      • base/protocols/ssl/files.zeek
        • Summary
        • Detailed Interface
      • base/files/x509/__load__.zeek
        • Summary
        • Detailed Interface
      • base/files/x509/main.zeek
        • Summary
        • Detailed Interface
      • base/files/hash/__load__.zeek
        • Summary
        • Detailed Interface
      • base/files/hash/main.zeek
        • Summary
        • Detailed Interface
      • base/files/x509/certificate-event-cache.zeek
        • Summary
        • Detailed Interface
      • base/files/x509/log-ocsp.zeek
        • Summary
        • Detailed Interface
      • base/protocols/http/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/http/main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/http/entities.zeek
        • Summary
        • Detailed Interface
      • base/protocols/http/utils.zeek
        • Summary
        • Detailed Interface
      • base/protocols/http/files.zeek
        • Summary
        • Detailed Interface
      • base/protocols/imap/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/imap/main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/irc/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/irc/main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/irc/dcc-send.zeek
        • Summary
        • Detailed Interface
      • base/protocols/irc/files.zeek
        • Summary
        • Detailed Interface
      • base/protocols/krb/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/krb/main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/krb/consts.zeek
        • Summary
        • Detailed Interface
      • base/protocols/krb/files.zeek
        • Summary
        • Detailed Interface
      • base/protocols/modbus/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/modbus/consts.zeek
        • Summary
        • Detailed Interface
      • base/protocols/modbus/main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/mqtt/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/mqtt/consts.zeek
        • Summary
        • Detailed Interface
      • base/protocols/mqtt/main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/mysql/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/mysql/main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/mysql/consts.zeek
        • Summary
        • Detailed Interface
      • base/protocols/ntlm/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/ntlm/main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/ntp/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/ntp/main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/ntp/consts.zeek
        • Summary
        • Detailed Interface
      • base/protocols/pop3/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/radius/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/radius/main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/radius/consts.zeek
        • Summary
        • Detailed Interface
      • base/protocols/rdp/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/rdp/consts.zeek
        • Summary
        • Detailed Interface
      • base/protocols/rdp/main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/rfb/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/rfb/main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/sip/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/sip/main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/snmp/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/snmp/main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/smb/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/smb/consts.zeek
        • Summary
        • Detailed Interface
      • base/protocols/smb/const-dos-error.zeek
        • Summary
        • Detailed Interface
      • base/protocols/smb/const-nt-status.zeek
        • Summary
        • Detailed Interface
      • base/protocols/smb/main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/smb/smb1-main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/smb/smb2-main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/smb/files.zeek
        • Summary
        • Detailed Interface
      • base/protocols/smtp/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/smtp/main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/smtp/entities.zeek
        • Summary
        • Detailed Interface
      • base/protocols/smtp/files.zeek
        • Summary
        • Detailed Interface
      • base/protocols/socks/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/socks/consts.zeek
        • Summary
        • Detailed Interface
      • base/protocols/socks/main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/ssh/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/ssh/main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/syslog/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/syslog/spicy-events.zeek
        • Summary
        • Detailed Interface
      • base/protocols/syslog/consts.zeek
        • Summary
        • Detailed Interface
      • base/protocols/syslog/main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/tunnels/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/xmpp/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/xmpp/main.zeek
        • Summary
        • Detailed Interface
      • base/files/pe/__load__.zeek
        • Summary
        • Detailed Interface
      • base/files/pe/consts.zeek
        • Summary
        • Detailed Interface
      • base/files/pe/main.zeek
        • Summary
        • Detailed Interface
      • base/files/extract/__load__.zeek
        • Summary
        • Detailed Interface
      • base/files/extract/main.zeek
        • Summary
        • Detailed Interface
      • base/misc/find-checksum-offloading.zeek
        • Summary
        • Detailed Interface
      • base/misc/find-filtered-trace.zeek
        • Summary
        • Detailed Interface
      • base/misc/installation.zeek
        • Summary
        • Detailed Interface
      • builtin-plugins/__load__.zeek
        • Summary
        • Detailed Interface
      • builtin-plugins/Zeek_AF_Packet/__load__.zeek
        • Summary
        • Detailed Interface
      • builtin-plugins/Zeek_AF_Packet/init.zeek
        • Summary
        • Detailed Interface
      • zeekygen/__load__.zeek
        • Summary
        • Detailed Interface
      • test-all-policy.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/cluster/experimental.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/management/agent/__load__.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/management/agent/api.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/management/types.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/management/agent/boot.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/management/agent/config.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/management/__load__.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/management/config.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/management/log.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/management/persistence.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/management/request.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/management/util.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/management/controller/config.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/management/controller/__load__.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/management/controller/api.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/management/controller/boot.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/management/node/api.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/management/node/config.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/management/supervisor/__load__.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/management/supervisor/main.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/management/supervisor/api.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/management/supervisor/config.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/dpd/detect-protocols.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/dpd/packet-segment-logging.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/intel/do_notice.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/intel/do_expire.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/intel/whitelist.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/intel/removal.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/intel/seen/__load__.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/intel/seen/conn-established.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/intel/seen/where-locations.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/intel/seen/dns.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/intel/seen/file-hashes.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/intel/seen/file-names.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/intel/seen/http-headers.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/intel/seen/http-url.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/intel/seen/pubkey-hashes.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/intel/seen/ssl.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/intel/seen/smb-filenames.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/intel/seen/smtp.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/intel/seen/smtp-url-extraction.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/intel/seen/x509.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/netcontrol/catch-and-release.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/files/detect-MHR.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/files/hash-all-files.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/files/entropy-test-all-files.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/notice/__load__.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/notice/extend-email/hostnames.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/notice/actions/drop.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/notice/community-id.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/conn/community-id-logging.zeek
        • Summary
        • Detailed Interface
      • policy/files/x509/disable-certificate-events-known-certs.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/packet-filter/shunt.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/software/version-changes.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/software/vulnerable.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/software/windows-version-detection.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/telemetry/prometheus.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/telemetry/log.zeek
        • Summary
        • Detailed Interface
      • policy/integration/collective-intel/__load__.zeek
        • Summary
        • Detailed Interface
      • policy/integration/collective-intel/main.zeek
        • Summary
        • Detailed Interface
      • policy/misc/capture-loss.zeek
        • Summary
        • Detailed Interface
      • policy/misc/detect-traceroute/__load__.zeek
        • Summary
        • Detailed Interface
      • policy/misc/detect-traceroute/main.zeek
        • Summary
        • Detailed Interface
      • policy/misc/load-balancing.zeek
        • Summary
        • Detailed Interface
      • policy/misc/loaded-scripts.zeek
        • Summary
        • Detailed Interface
      • policy/misc/profiling.zeek
        • Summary
        • Detailed Interface
      • policy/misc/stats.zeek
        • Summary
        • Detailed Interface
      • policy/misc/weird-stats.zeek
        • Summary
        • Detailed Interface
      • policy/misc/trim-trace-file.zeek
        • Summary
        • Detailed Interface
      • policy/misc/unknown-protocols.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/conn/known-hosts.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/conn/known-services.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/conn/mac-logging.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/conn/vlan-logging.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/conn/weirds.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/dhcp/msg-orig.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/dhcp/software.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/dhcp/sub-opts.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/dns/auth-addl.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/dns/detect-external-names.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/dns/log-original-query-case.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/ftp/detect-bruteforcing.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/ftp/detect.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/ftp/software.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/http/detect-sqli.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/http/detect-webapps.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/http/header-names.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/http/software-browser-plugins.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/http/software.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/http/var-extraction-cookies.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/http/var-extraction-uri.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/krb/ticket-logging.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/modbus/known-masters-slaves.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/modbus/track-memmap.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/mysql/software.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/rdp/indicate_ssl.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/smb/log-cmds.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/smtp/blocklists.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/smtp/detect-suspicious-orig.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/smtp/entities-excerpt.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/smtp/software.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/ssh/detect-bruteforcing.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/ssh/geo-data.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/ssh/interesting-hostnames.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/ssh/software.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/ssl/certificate-request-info.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/ssl/decryption.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/ssl/expiring-certs.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/ssl/heartbleed.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/ssl/known-certs.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/ssl/log-certs-base64.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/ssl/ssl-log-ext.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/ssl/log-hostcerts-only.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/ssl/validate-certs.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/ssl/validate-ocsp.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/ssl/validate-sct.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/ssl/weak-keys.zeek
        • Summary
        • Detailed Interface
      • policy/tuning/__load__.zeek
        • Summary
        • Detailed Interface
      • policy/tuning/defaults/__load__.zeek
        • Summary
        • Detailed Interface
      • policy/tuning/defaults/packet-fragments.zeek
        • Summary
        • Detailed Interface
      • policy/tuning/defaults/warnings.zeek
        • Summary
        • Detailed Interface
      • policy/tuning/defaults/extracted_file_limits.zeek
        • Summary
        • Detailed Interface
      • policy/tuning/json-logs.zeek
        • Summary
        • Detailed Interface
      • policy/tuning/track-all-assets.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/cluster/nodes-experimental/manager.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/control/controllee.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/control/controller.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/management/agent/main.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/management/controller/main.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/management/node/__load__.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/management/node/main.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/files/extract-all-files.zeek
        • Summary
        • Detailed Interface
      • policy/misc/dump-events.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/conn/speculative-service.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/spicy/resource-usage.zeek
        • Summary
        • Detailed Interface
      • zeekygen/example.zeek
        • Summary
        • Detailed Interface
    • Zeekygen Example Script
      • Summary
        • Redefinable Options
        • State Variables
        • Types
        • Redefinitions
        • Events
        • Functions
      • Detailed Interface
        • Redefinable Options
        • State Variables
        • Types
        • Events
        • Functions
  • Developer Guides
    • Writing Plugins
      • Quick Start
      • Plugin Directory Layout
      • init-plugin
      • Activating a Plugin
      • Plugin Components
      • Testing Plugins
      • Debugging Plugins
      • Building Plugins Statically
    • Writing Analyzers with Spicy
      • Installation
      • Getting Started
      • Tutorial
        • Compiling the Analyzer
        • Activating the Analyzer
        • Defining Events
        • Detour: Zeek vs. TFTP
        • Zeek Script
        • Creating a Zeek Package
      • Reference
        • Interface Definitions (“evt files”)
        • Compiling Analyzers
        • Controlling Zeek from Spicy
        • Dynamic Protocol Detection (DPD)
        • Configuration
        • Debugging
      • Terminology
    • Documentation Guide
      • Markup Format, Style, and Conventions
      • Source-Tree Organization
      • Generating Zeekygen Reference Docs
      • Local Previewing (How To Build)
      • Hosting
    • Contributor’s Guide
      • General Contribution Process
      • Coding Style and Conventions
      • General Documentation Structure/Process
      • Documentation Style and Conventions
      • Checking for Memory Errors and Leaks
    • Maintainer’s Guide
      • Release Process
  • Subcomponents
  • Acknowledgements
Index
Zeek
  • Zeek Logs
  • Edit on GitHub

Zeek Logs

  • conn.log
  • dns.log
  • http.log
  • files.log
  • ftp.log
  • ssl.log
  • x509.log
  • smtp.log
  • ssh.log
  • pe.log
  • dhcp.log
  • ntp.log
  • SMB Logs (plus DCE-RPC, Kerberos, NTLM)
  • irc.log
  • rdp.log
  • traceroute.log
  • tunnel.log
  • dpd.log
  • known_*.log and software.log
  • weird.log and notice.log
  • capture_loss.log and reporter.log
Previous Next

© Copyright 2019-2021, The Zeek Project. Revision 5522d6da. Last updated on September 22, 2023.

Built with Sphinx using a theme provided by Read the Docs.
Read the Docs v: master (git/master)
Versions
master
v6.0.1
v6.0.0
v5.2.2
v5.2.0
v5.1.3
v5.1.2
v5.1.1
v5.1.0
v5.0.10
v5.0.9
v5.0.8
v5.0.7
v5.0.6
v5.0.5
v5.0.4
v5.0.3
v5.0.2
v5.0.1
v5.0.0
v4.2.2
v4.1.1
v4.0.9
v3.2.3
v3.1.4
v3.0.14
lts
current
Downloads
html
On Read the Docs
Project Home
Builds