Zeek_Ident.events.bif.zeek¶

GLOBAL¶

Namespace: GLOBAL

Summary¶

Events¶

`ident_error`: `event`	Generated for Ident error replies.
`ident_reply`: `event`	Generated for Ident replies.
`ident_request`: `event`	Generated for Ident requests.

Detailed Interface¶

Events¶

ident_error¶

Type: event (c: connection, lport: port, rport: port, line: string)

Generated for Ident error replies.

See Wikipedia for more information about the Ident protocol.

Parameters

c – The connection.
lport – The corresponding request’s local port.
rport – The corresponding request’s remote port.
line – The error description returned by the reply.

Todo

Zeek’s current default configuration does not activate the protocol analyzer that generates this event; the corresponding script has not yet been ported. To still enable this event, one needs to register a port for it or add a DPD payload signature.

ident_reply¶

Type: event (c: connection, lport: port, rport: port, user_id: string, system: string)

Generated for Ident replies.

See Wikipedia for more information about the Ident protocol.

Parameters

c – The connection.
lport – The corresponding request’s local port.
rport – The corresponding request’s remote port.
user_id – The user id returned by the reply.
system – The operating system returned by the reply.

Todo

Zeek’s current default configuration does not activate the protocol analyzer that generates this event; the corresponding script has not yet been ported. To still enable this event, one needs to register a port for it or add a DPD payload signature.

ident_request¶

Type: event (c: connection, lport: port, rport: port)

Generated for Ident requests.

See Wikipedia for more information about the Ident protocol.

Parameters

c – The connection.
lport – The request’s local port.
rport – The request’s remote port.