base/protocols/sip/main.zeek¶
-
SIP
¶
Implements base functionality for SIP analysis. The logging model is to log request/response pairs and all relevant metadata together in a single record.
Namespace: | SIP |
---|---|
Imports: | base/protocols/conn/removal-hooks.zeek, base/utils/files.zeek, base/utils/numbers.zeek |
Summary¶
Runtime Options¶
SIP::sip_methods : set &redef |
A list of SIP methods. |
Types¶
SIP::Info : record |
The record type which contains the fields of the SIP log. |
SIP::State : record |
Redefinitions¶
Log::ID : enum |
|||
connection : record |
|
||
likely_server_ports : set &redef |
Events¶
SIP::log_sip : event |
Event that can be handled to access the SIP record as it is sent on to the logging framework. |
Hooks¶
SIP::finalize_sip : Conn::RemovalHook |
SIP finalization hook. |
SIP::log_policy : Log::PolicyHook |
Detailed Interface¶
Runtime Options¶
Types¶
-
SIP::Info
¶ Type: - ts:
time
&log
Timestamp for when the request happened.
- uid:
string
&log
Unique ID for the connection.
- id:
conn_id
&log
The connection’s 4-tuple of endpoint addresses/ports.
- trans_depth:
count
&log
Represents the pipelined depth into the connection of this request/response transaction.
- method:
string
&log
&optional
Verb used in the SIP request (INVITE, REGISTER etc.).
- uri:
string
&log
&optional
URI used in the request.
- date:
string
&log
&optional
Contents of the Date: header from the client
- request_from:
string
&log
&optional
Contents of the request From: header Note: The tag= value that’s usually appended to the sender is stripped off and not logged.
- request_to:
string
&log
&optional
Contents of the To: header
- response_from:
string
&log
&optional
Contents of the response From: header Note: The
tag=
value that’s usually appended to the sender is stripped off and not logged.- response_to:
string
&log
&optional
Contents of the response To: header
- reply_to:
string
&log
&optional
Contents of the Reply-To: header
- call_id:
string
&log
&optional
Contents of the Call-ID: header from the client
- seq:
string
&log
&optional
Contents of the CSeq: header from the client
- subject:
string
&log
&optional
Contents of the Subject: header from the client
- request_path:
vector
ofstring
&log
&optional
The client message transmission path, as extracted from the headers.
- response_path:
vector
ofstring
&log
&optional
The server message transmission path, as extracted from the headers.
- user_agent:
string
&log
&optional
Contents of the User-Agent: header from the client
- status_code:
count
&log
&optional
Status code returned by the server.
- status_msg:
string
&log
&optional
Status message returned by the server.
- warning:
string
&log
&optional
Contents of the Warning: header
- request_body_len:
count
&log
&optional
Contents of the Content-Length: header from the client
- response_body_len:
count
&log
&optional
Contents of the Content-Length: header from the server
- content_type:
string
&log
&optional
Contents of the Content-Type: header from the server
The record type which contains the fields of the SIP log.
- ts:
Events¶
Hooks¶
-
SIP::finalize_sip
¶ Type: Conn::RemovalHook
SIP finalization hook. Remaining SIP info may get logged when it’s called.
-
SIP::log_policy
¶ Type: Log::PolicyHook