base/bif/reporter.bif.zeek

GLOBAL
Reporter

The reporter built-in functions allow for the scripting layer to generate messages of varying severity. If no event handlers exist for reporter messages, the messages are output to stderr. If event handlers do exist, it’s assumed they take care of determining how/where to output the messages.

See base/frameworks/reporter/main.zeek for a convenient reporter message logging framework.

Namespaces:GLOBAL, Reporter

Summary

Functions

Reporter::conn_weird: function Generates a “conn” weird.
Reporter::error: function Generates a non-fatal error indicative of a definite problem that should be addressed.
Reporter::fatal: function Generates a fatal error on stderr and terminates program execution.
Reporter::fatal_error_with_core: function Generates a fatal error on stderr and terminates program execution after dumping a core file
Reporter::file_weird: function Generates a “file” weird.
Reporter::flow_weird: function Generates a “flow” weird.
Reporter::get_weird_sampling_duration: function Gets the current weird sampling duration.
Reporter::get_weird_sampling_global_list: function Gets the weird sampling global list
Reporter::get_weird_sampling_rate: function Gets the current weird sampling rate.
Reporter::get_weird_sampling_threshold: function Gets the current weird sampling threshold
Reporter::get_weird_sampling_whitelist: function Gets the weird sampling whitelist
Reporter::info: function Generates an informational message.
Reporter::net_weird: function Generates a “net” weird.
Reporter::set_weird_sampling_duration: function Sets the current weird sampling duration.
Reporter::set_weird_sampling_global_list: function Sets the weird sampling global list
Reporter::set_weird_sampling_rate: function Sets the weird sampling rate.
Reporter::set_weird_sampling_threshold: function Sets the current weird sampling threshold
Reporter::set_weird_sampling_whitelist: function Sets the weird sampling whitelist
Reporter::warning: function Generates a message that warns of a potential problem.

Detailed Interface

Functions

Reporter::conn_weird
Type:function (name: string, c: connection, addl: string &default = "" &optional) : bool

Generates a “conn” weird.

Name:the name of the weird.
C:the connection associated with the weird.
Addl:additional information to accompany the weird.
Returns:Always true.
Reporter::error
Type:function (msg: string) : bool

Generates a non-fatal error indicative of a definite problem that should be addressed. Program execution does not terminate.

Msg:The error message to report.
Returns:Always true.

See also: reporter_error

Reporter::fatal
Type:function (msg: string) : bool

Generates a fatal error on stderr and terminates program execution.

Msg:The error message to report.
Returns:Always true.
Reporter::fatal_error_with_core
Type:function (msg: string) : bool

Generates a fatal error on stderr and terminates program execution after dumping a core file

Msg:The error message to report.
Returns:Always true.
Reporter::file_weird
Type:function (name: string, f: fa_file, addl: string &default = "" &optional) : bool

Generates a “file” weird.

Name:the name of the weird.
F:the file associated with the weird.
Addl:additional information to accompany the weird.
Returns:true if the file was still valid, else false.
Reporter::flow_weird
Type:function (name: string, orig: addr, resp: addr) : bool

Generates a “flow” weird.

Name:the name of the weird.
Orig:the originator host associated with the weird.
Resp:the responder host associated with the weird.
Returns:Always true.
Reporter::get_weird_sampling_duration
Type:function () : interval

Gets the current weird sampling duration.

Returns:weird sampling duration.
Reporter::get_weird_sampling_global_list
Type:function () : string_set

Gets the weird sampling global list

Returns:Current weird sampling global list
Reporter::get_weird_sampling_rate
Type:function () : count

Gets the current weird sampling rate.

Returns:weird sampling rate.
Reporter::get_weird_sampling_threshold
Type:function () : count

Gets the current weird sampling threshold

Returns:current weird sampling threshold.
Reporter::get_weird_sampling_whitelist
Type:function () : string_set

Gets the weird sampling whitelist

Returns:Current weird sampling whitelist
Reporter::info
Type:function (msg: string) : bool

Generates an informational message.

Msg:The informational message to report.
Returns:Always true.

See also: reporter_info

Reporter::net_weird
Type:function (name: string) : bool

Generates a “net” weird.

Name:the name of the weird.
Returns:Always true.
Reporter::set_weird_sampling_duration
Type:function (weird_sampling_duration: interval) : bool

Sets the current weird sampling duration. Please note that this will not delete already running timers.

Weird_sampling_duration:
 New weird sampling duration.
Returns:always returns True
Reporter::set_weird_sampling_global_list
Type:function (weird_sampling_global_list: string_set) : bool

Sets the weird sampling global list

Global_list:New weird sampling rate.
Returns:Always true.
Reporter::set_weird_sampling_rate
Type:function (weird_sampling_rate: count) : bool

Sets the weird sampling rate.

Weird_sampling_rate:
 New weird sampling rate.
Returns:Always returns true.
Reporter::set_weird_sampling_threshold
Type:function (weird_sampling_threshold: count) : bool

Sets the current weird sampling threshold

Threshold:New weird sampling threshold.
Returns:Always returns true;
Reporter::set_weird_sampling_whitelist
Type:function (weird_sampling_whitelist: string_set) : bool

Sets the weird sampling whitelist

Whitelist:New weird sampling rate.
Returns:Always true.
Reporter::warning
Type:function (msg: string) : bool

Generates a message that warns of a potential problem.

Msg:The warning message to report.
Returns:Always true.

See also: reporter_warning