base/protocols/syslog/main.zeek

Syslog

Core script support for logging syslog messages. This script represents one syslog message as one logged record.

Namespace:: Syslog
Imports:: base/protocols/syslog/consts.zeek

Summary

Redefinable Options

Syslog::ports: set &redef

Well-known ports for Syslog.

Types

Syslog::Info: record

The record type which contains the fields of the syslog log.

Redefinitions

`Log::ID`: `enum`	`Syslog::LOG`
`connection`: `record`	New Fields: `connection` syslog: `Syslog::Info` `&optional`

Hooks

Syslog::log_policy: Log::PolicyHook

Detailed Interface

Redefinable Options

Syslog::ports 

Type:

Attributes:

Default:

{
   514/udp
}

Well-known ports for Syslog.

Types

Syslog::Info 

Type:

Fields:

ts: time &log: Timestamp when the syslog message was seen.

uid: string &log: Unique ID for the connection.

id: conn_id &log: The connection’s 4-tuple of endpoint addresses/ports.

proto: transport_proto &log: Protocol over which the message was seen.

facility: string &log: Syslog facility for the message.

severity: string &log: Syslog severity for the message.

message: string &log: The plain text message.

The record type which contains the fields of the syslog log.

Hooks

Syslog::log_policy 

Type:: Log::PolicyHook