base/bif/plugins/Bro_Syslog.events.bif.bro

GLOBAL
Namespace:GLOBAL

Summary

Events

syslog_message: event Generated for monitored Syslog messages.

Detailed Interface

Events

syslog_message
Type:event (c: connection, facility: count, severity: count, msg: string)

Generated for monitored Syslog messages.

See Wikipedia for more information about the Syslog protocol.

C:The connection record for the underlying transport-layer session/flow.
Facility:The “facility” included in the message.
Severity:The “severity” included in the message.
Msg:The message logged.

Note

Bro currently parses only UDP syslog traffic. Support for TCP syslog will be added soon.