base/protocols/syslog/main.zeek¶

Syslog¶

Core script support for logging syslog messages. This script represents one syslog message as one logged record.

Namespace: Syslog
Imports: base/protocols/syslog/consts.zeek

Summary¶

Types¶

Syslog::Info: record

The record type which contains the fields of the syslog log.

Redefinitions¶

`Log::ID`: `enum`	`Syslog::LOG`
`connection`: `record`	New Fields `connection` syslog: `Syslog::Info` `&optional`
`likely_server_ports`: `set` `&redef`

Hooks¶

Syslog::log_policy: Log::PolicyHook

Detailed Interface¶

Types¶

Syslog::Info ¶

Type

ts: time &log: Timestamp when the syslog message was seen.
uid: string &log: Unique ID for the connection.
id: conn_id &log: The connection’s 4-tuple of endpoint addresses/ports.
proto: transport_proto &log: Protocol over which the message was seen.
facility: string &log: Syslog facility for the message.
severity: string &log: Syslog severity for the message.
message: string &log: The plain text message.

The record type which contains the fields of the syslog log.

Hooks¶

Syslog::log_policy ¶

Type: Log::PolicyHook

Read the Docs v: master (git/master)

Versions: master; v4.1.1; v4.1.0; v4.0.4; v4.0.3; v4.0.2; v4.0.1; v4.0.0; v4.0.0-rc3; v4.0.0-rc2; v4.0.0-rc1; v3.2.3; v3.2.2; v3.2.1; v3.2.0; v3.2.0-rc1; v3.1.4; v3.1.3; v3.1.2; v3.1.1; v3.1.0; v3.1.0-rc; v3.0.14; v3.0.13; v3.0.12; v3.0.11; v3.0.10; v3.0.9; v3.0.8; v3.0.7; v3.0.6; v3.0.5; v3.0.4; v3.0.3; v3.0.2; v3.0.1; v3.0.0; lts; devel; current

Downloads: html

On Read the Docs: Project Home; Builds