Zeek_Ident.events.bif.zeek

GLOBAL

Namespace: GLOBAL

Summary

Events

`ident_error`: `event`	Generated for Ident error replies.
`ident_reply`: `event`	Generated for Ident replies.
`ident_request`: `event`	Generated for Ident requests.

Detailed Interface

Events

ident_error

Type: event (c: connection, lport: port, rport: port, line: string)

Generated for Ident error replies.

See Wikipedia for more information about the Ident protocol.

Parameters

c – The connection.
lport – The corresponding request’s local port.
rport – The corresponding request’s remote port.
line – The error description returned by the reply.

Todo

Zeek’s current default configuration does not activate the protocol analyzer that generates this event; the corresponding script has not yet been ported. To still enable this event, one needs to register a port for it or add a DPD payload signature.

ident_reply

Type: event (c: connection, lport: port, rport: port, user_id: string, system: string)

Generated for Ident replies.

See Wikipedia for more information about the Ident protocol.

Parameters

c – The connection.
lport – The corresponding request’s local port.
rport – The corresponding request’s remote port.
user_id – The user id returned by the reply.
system – The operating system returned by the reply.

Todo

Zeek’s current default configuration does not activate the protocol analyzer that generates this event; the corresponding script has not yet been ported. To still enable this event, one needs to register a port for it or add a DPD payload signature.

ident_request

Type: event (c: connection, lport: port, rport: port)

Generated for Ident requests.

See Wikipedia for more information about the Ident protocol.

Parameters

c – The connection.
lport – The request’s local port.
rport – The request’s remote port.