base/bif/plugins/Zeek_Ident.events.bif.zeek¶
-
GLOBAL
¶
Namespace: | GLOBAL |
---|
Summary¶
Events¶
ident_error : event |
Generated for Ident error replies. |
ident_reply : event |
Generated for Ident replies. |
ident_request : event |
Generated for Ident requests. |
Detailed Interface¶
Events¶
-
ident_error
¶ Type: event
(c:connection
, lport:port
, rport:port
, line:string
)Generated for Ident error replies.
See Wikipedia for more information about the Ident protocol.
C: The connection. Lport: The corresponding request’s local port. Rport: The corresponding request’s remote port. Line: The error description returned by the reply. See also:
ident_reply
,ident_request
Todo
Zeek’s current default configuration does not activate the protocol analyzer that generates this event; the corresponding script has not yet been ported. To still enable this event, one needs to register a port for it or add a DPD payload signature.
-
ident_reply
¶ Type: event
(c:connection
, lport:port
, rport:port
, user_id:string
, system:string
)Generated for Ident replies.
See Wikipedia for more information about the Ident protocol.
C: The connection. Lport: The corresponding request’s local port. Rport: The corresponding request’s remote port. User_id: The user id returned by the reply. System: The operating system returned by the reply. See also:
ident_error
,ident_request
Todo
Zeek’s current default configuration does not activate the protocol analyzer that generates this event; the corresponding script has not yet been ported. To still enable this event, one needs to register a port for it or add a DPD payload signature.
-
ident_request
¶ Type: event
(c:connection
, lport:port
, rport:port
)Generated for Ident requests.
See Wikipedia for more information about the Ident protocol.
C: The connection. Lport: The request’s local port. Rport: The request’s remote port. See also:
ident_error
,ident_reply
Todo
Zeek’s current default configuration does not activate the protocol analyzer that generates this event; the corresponding script has not yet been ported. To still enable this event, one needs to register a port for it or add a DPD payload signature.