base/bif/plugins/Zeek_Syslog.events.bif.zeek¶
-
GLOBAL¶
- Namespace
GLOBAL
Detailed Interface¶
Events¶
-
syslog_message¶ - Type
event(c:connection, facility:count, severity:count, msg:string)
Generated for monitored Syslog messages.
See Wikipedia for more information about the Syslog protocol.
- C
The connection record for the underlying transport-layer session/flow.
- Facility
The “facility” included in the message.
- Severity
The “severity” included in the message.
- Msg
The message logged.
Note
Zeek currently parses only UDP syslog traffic. Support for TCP syslog will be added soon.