base/protocols/socks/main.zeek
- SOCKS
- Namespace
SOCKS
- Imports
base/frameworks/tunnels, base/protocols/conn/removal-hooks.zeek, base/protocols/socks/consts.zeek
Summary
Runtime Options
Whether passwords are captured or not. |
Types
The record type which contains the fields of the SOCKS log. |
Redefinitions
|
|
Events
Event that can be handled to access the SOCKS record as it is sent on to the logging framework. |
Hooks
SOCKS finalization hook. |
|
Detailed Interface
Runtime Options
- SOCKS::default_capture_password
-
Whether passwords are captured or not.
Types
- SOCKS::Info
- Type
-
- ts:
time&log Time when the proxy connection was first detected.
- uid:
string&log Unique ID for the tunnel - may correspond to connection uid or be nonexistent.
- id:
conn_id&log The connection’s 4-tuple of endpoint addresses/ports.
- version:
count&log Protocol version of SOCKS.
- user:
string&log&optional Username used to request a login to the proxy.
- password:
string&log&optional Password used to request a login to the proxy.
- status:
string&log&optional Server status for the attempt at using the proxy.
- request:
SOCKS::Address&log&optional Client requested SOCKS address. Could be an address, a name or both.
- request_p:
port&log&optional Client requested port.
- bound:
SOCKS::Address&log&optional Server bound address. Could be an address, a name or both.
- bound_p:
port&log&optional Server bound port.
- capture_password:
bool&default=SOCKS::default_capture_password&optional Determines if the password will be captured for this request.
- ts:
The record type which contains the fields of the SOCKS log.
Events
- SOCKS::log_socks
- Type
event(rec:SOCKS::Info)
Event that can be handled to access the SOCKS record as it is sent on to the logging framework.
Hooks
- SOCKS::finalize_socks
- Type
SOCKS finalization hook. Remaining SOCKS info may get logged when it’s called.