base/protocols/syslog/main.bro

Syslog

Core script support for logging syslog messages. This script represents one syslog message as one logged record.

Namespace:Syslog
Imports:base/protocols/syslog/consts.bro

Summary

Types

Syslog::Info: record The record type which contains the fields of the syslog log.

Detailed Interface

Types

Syslog::Info
Type:

record

ts: time &log

Timestamp when the syslog message was seen.

uid: string &log

Unique ID for the connection.

id: conn_id &log

The connection’s 4-tuple of endpoint addresses/ports.

proto: transport_proto &log

Protocol over which the message was seen.

facility: string &log

Syslog facility for the message.

severity: string &log

Syslog severity for the message.

message: string &log

The plain text message.

The record type which contains the fields of the syslog log.