base/protocols/sip/main.zeek¶
-
SIP
¶
Implements base functionality for SIP analysis. The logging model is to log request/response pairs and all relevant metadata together in a single record.
- Namespace
SIP
- Imports
base/protocols/conn/removal-hooks.zeek, base/utils/files.zeek, base/utils/numbers.zeek
Summary¶
Runtime Options¶
A list of SIP methods. |
Types¶
The record type which contains the fields of the SIP log. |
|
Redefinitions¶
|
|
Events¶
Event that can be handled to access the SIP record as it is sent on to the logging framework. |
Hooks¶
SIP finalization hook. |
|
Detailed Interface¶
Runtime Options¶
Types¶
-
SIP::Info
¶ - Type
-
- ts:
time
&log
Timestamp for when the request happened.
- uid:
string
&log
Unique ID for the connection.
- id:
conn_id
&log
The connection’s 4-tuple of endpoint addresses/ports.
- trans_depth:
count
&log
Represents the pipelined depth into the connection of this request/response transaction.
- method:
string
&log
&optional
Verb used in the SIP request (INVITE, REGISTER etc.).
- uri:
string
&log
&optional
URI used in the request.
- date:
string
&log
&optional
Contents of the Date: header from the client
- request_from:
string
&log
&optional
Contents of the request From: header Note: The tag= value that’s usually appended to the sender is stripped off and not logged.
- request_to:
string
&log
&optional
Contents of the To: header
- response_from:
string
&log
&optional
Contents of the response From: header Note: The
tag=
value that’s usually appended to the sender is stripped off and not logged.- response_to:
string
&log
&optional
Contents of the response To: header
- reply_to:
string
&log
&optional
Contents of the Reply-To: header
- call_id:
string
&log
&optional
Contents of the Call-ID: header from the client
- seq:
string
&log
&optional
Contents of the CSeq: header from the client
- subject:
string
&log
&optional
Contents of the Subject: header from the client
- request_path:
vector
ofstring
&log
&optional
The client message transmission path, as extracted from the headers.
- response_path:
vector
ofstring
&log
&optional
The server message transmission path, as extracted from the headers.
- user_agent:
string
&log
&optional
Contents of the User-Agent: header from the client
- status_code:
count
&log
&optional
Status code returned by the server.
- status_msg:
string
&log
&optional
Status message returned by the server.
- warning:
string
&log
&optional
Contents of the Warning: header
- request_body_len:
count
&log
&optional
Contents of the Content-Length: header from the client
- response_body_len:
count
&log
&optional
Contents of the Content-Length: header from the server
- content_type:
string
&log
&optional
Contents of the Content-Type: header from the server
- ts:
The record type which contains the fields of the SIP log.