reporter.bif.zeek¶

GLOBAL¶

Reporter¶

The reporter built-in functions allow for the scripting layer to generate messages of varying severity. If no event handlers exist for reporter messages, the messages are output to stderr. If event handlers do exist, it’s assumed they take care of determining how/where to output the messages.

See base/frameworks/reporter/main.zeek for a convenient reporter message logging framework.

Namespaces:	GLOBAL, Reporter

Summary¶

Functions¶

`Reporter::conn_weird`: `function`	Generates a “conn” weird.
`Reporter::error`: `function`	Generates a non-fatal error indicative of a definite problem that should be addressed.
`Reporter::fatal`: `function`	Generates a fatal error on stderr and terminates program execution.
`Reporter::fatal_error_with_core`: `function`	Generates a fatal error on stderr and terminates program execution after dumping a core file
`Reporter::file_weird`: `function`	Generates a “file” weird.
`Reporter::flow_weird`: `function`	Generates a “flow” weird.
`Reporter::get_weird_sampling_duration`: `function`	Gets the current weird sampling duration.
`Reporter::get_weird_sampling_rate`: `function`	Gets the current weird sampling rate.
`Reporter::get_weird_sampling_threshold`: `function`	Gets the current weird sampling threshold
`Reporter::get_weird_sampling_whitelist`: `function`	Gets the weird sampling whitelist
`Reporter::info`: `function`	Generates an informational message.
`Reporter::net_weird`: `function`	Generates a “net” weird.
`Reporter::set_weird_sampling_duration`: `function`	Sets the current weird sampling duration.
`Reporter::set_weird_sampling_rate`: `function`	Sets the weird sampling rate.
`Reporter::set_weird_sampling_threshold`: `function`	Sets the current weird sampling threshold
`Reporter::set_weird_sampling_whitelist`: `function`	Sets the weird sampling whitelist
`Reporter::warning`: `function`	Generates a message that warns of a potential problem.

Detailed Interface¶

Functions¶

Reporter::conn_weird¶

Type:	`function` (name: `string`, c: `connection`, addl: `string` `&default` = `""` `&optional`) : `bool`

Generates a “conn” weird.

Name:	the name of the weird.
C:	the connection associated with the weird.
Addl:	additional information to accompany the weird.
Returns:	Always true.

Reporter::error¶

Type:	`function` (msg: `string`) : `bool`

Generates a non-fatal error indicative of a definite problem that should be addressed. Program execution does not terminate.

Msg:	The error message to report.
Returns:	Always true.

See also: reporter_error

Reporter::fatal¶

Type:	`function` (msg: `string`) : `bool`

Generates a fatal error on stderr and terminates program execution.

Msg:	The error message to report.
Returns:	Always true.

Reporter::fatal_error_with_core¶

Type:	`function` (msg: `string`) : `bool`

Generates a fatal error on stderr and terminates program execution after dumping a core file

Msg:	The error message to report.
Returns:	Always true.

Reporter::file_weird¶

Type:	`function` (name: `string`, f: `fa_file`, addl: `string` `&default` = `""` `&optional`) : `bool`

Generates a “file” weird.

Name:	the name of the weird.
F:	the file associated with the weird.
Addl:	additional information to accompany the weird.
Returns:	true if the file was still valid, else false.

Reporter::flow_weird¶

Type:	`function` (name: `string`, orig: `addr`, resp: `addr`) : `bool`

Generates a “flow” weird.

Name:	the name of the weird.
Orig:	the originator host associated with the weird.
Resp:	the responder host associated with the weird.
Returns:	Always true.

Reporter::get_weird_sampling_duration¶

Type:	`function` () : `interval`

Gets the current weird sampling duration.

Returns:	weird sampling duration.

Reporter::get_weird_sampling_rate¶

Type:	`function` () : `count`

Gets the current weird sampling rate.

Returns:	weird sampling rate.

Reporter::get_weird_sampling_threshold¶

Type:	`function` () : `count`

Gets the current weird sampling threshold

Returns:	current weird sampling threshold.

Reporter::get_weird_sampling_whitelist¶

Type:	`function` () : `string_set`

Gets the weird sampling whitelist

Returns:	Current weird sampling whitelist

Reporter::info¶

Type:	`function` (msg: `string`) : `bool`

Generates an informational message.

Msg:	The informational message to report.
Returns:	Always true.

See also: reporter_info

Reporter::net_weird¶

Type:	`function` (name: `string`) : `bool`

Generates a “net” weird.

Name:	the name of the weird.
Returns:	Always true.

Reporter::set_weird_sampling_duration¶

Type:	`function` (weird_sampling_duration: `interval`) : `bool`

Sets the current weird sampling duration. Please note that this will not delete already running timers.

Weird_sampling_duration:
	New weird sampling duration.
Returns:	always returns True

Reporter::set_weird_sampling_rate¶

Type:	`function` (weird_sampling_rate: `count`) : `bool`

Sets the weird sampling rate.

Weird_sampling_rate:
	New weird sampling rate.
Returns:	Always returns true.

Reporter::set_weird_sampling_threshold¶

Type:	`function` (weird_sampling_threshold: `count`) : `bool`

Sets the current weird sampling threshold

Threshold:	New weird sampling threshold.
Returns:	Always returns true;

Reporter::set_weird_sampling_whitelist¶

Type:	`function` (weird_sampling_whitelist: `string_set`) : `bool`

Sets the weird sampling whitelist

Whitelist:	New weird sampling rate.
Returns:	Always true.

Reporter::warning¶

Type:	`function` (msg: `string`) : `bool`

Generates a message that warns of a potential problem.

Msg:	The warning message to report.
Returns:	Always true.