base/protocols/syslog/spicy-events.zeek

Events generated by the Syslog analyzer.

Summary

Events

syslog_message: event

Generated for monitored Syslog messages.

Detailed Interface

Events

syslog_message
Type

event (c: connection, facility: count, severity: count, msg: string)

Generated for monitored Syslog messages.

See Wikipedia for more information about the Syslog protocol.

Parameters
  • c – The connection record for the underlying transport-layer session/flow.

  • facility – The “facility” included in the message.

  • severity – The “severity” included in the message.

  • msg – The message logged.

Note

Zeek currently parses only UDP syslog traffic.