base/bif/plugins/Zeek_Syslog.events.bif.zeek

GLOBAL

Namespace:GLOBAL

Summary

Events

syslog_message: event

Generated for monitored Syslog messages.

Detailed Interface

Events

syslog_message

Type:event (c: connection, facility: count, severity: count, msg: string)

Generated for monitored Syslog messages.

See Wikipedia for more information about the Syslog protocol.

C:The connection record for the underlying transport-layer session/flow. Facility:The “facility” included in the message. Severity:The “severity” included in the message. Msg:The message logged.

Note

Zeek currently parses only UDP syslog traffic. Support for TCP syslog will be added soon.