base/protocols/socks/main.zeek¶
-
SOCKS
¶
- Namespace
SOCKS
- Imports
base/frameworks/tunnels, base/protocols/conn/removal-hooks.zeek, base/protocols/socks/consts.zeek
Summary¶
Runtime Options¶
Whether passwords are captured or not. |
Types¶
The record type which contains the fields of the SOCKS log. |
Redefinitions¶
|
|
Events¶
Event that can be handled to access the SOCKS record as it is sent on to the logging framework. |
Hooks¶
SOCKS finalization hook. |
|
Detailed Interface¶
Runtime Options¶
Types¶
-
SOCKS::Info
¶ - Type
-
- ts:
time
&log
Time when the proxy connection was first detected.
- uid:
string
&log
Unique ID for the tunnel - may correspond to connection uid or be non-existent.
- id:
conn_id
&log
The connection’s 4-tuple of endpoint addresses/ports.
- version:
count
&log
Protocol version of SOCKS.
- user:
string
&log
&optional
Username used to request a login to the proxy.
- password:
string
&log
&optional
Password used to request a login to the proxy.
- status:
string
&log
&optional
Server status for the attempt at using the proxy.
- request:
SOCKS::Address
&log
&optional
Client requested SOCKS address. Could be an address, a name or both.
- request_p:
port
&log
&optional
Client requested port.
- bound:
SOCKS::Address
&log
&optional
Server bound address. Could be an address, a name or both.
- bound_p:
port
&log
&optional
Server bound port.
- capture_password:
bool
&default
=SOCKS::default_capture_password
&optional
Determines if the password will be captured for this request.
- ts:
The record type which contains the fields of the SOCKS log.
Events¶
-
SOCKS::log_socks
¶ - Type
event
(rec:SOCKS::Info
)
Event that can be handled to access the SOCKS record as it is sent on to the logging framework.