policy/frameworks/analyzer/deprecated-dpd-log.zeek

DPD

Creates the now deprecated dpd.logfile.

Namespace:

DPD

Summary

Types

DPD::Info: record

The record type defining the columns to log in the DPD logging stream.

Redefinitions

Log::ID: enum	Add the DPD logging stream identifier. DPD::LOG
connection: record	New Fields: connection dpd: DPD::Info &optional service_violation: set [string] &default = {  } &optional The set of services (analyzers) for which Zeek has observed a violation after the same service had previously been confirmed.

Hooks

DPD::log_policy: Log::PolicyHook

A default logging policy hook for the stream.

Detailed Interface

Types

DPD::Info

Type:

record

Fields:

ts: time &log

Timestamp for when protocol analysis failed.

uid: string &log

Connection unique ID.

id: conn_id &log

Connection ID containing the 4-tuple which identifies endpoints.

proto: transport_proto &log

Transport protocol for the violation.

analyzer: string &log

The analyzer that generated the violation.

failure_reason: string &log

The textual reason for the analysis failure.

packet_segment: string &optional &log

(present if policy/frameworks/dpd/packet-segment-logging.zeek is loaded)

A chunk of the payload that most likely resulted in the analyzer violation.

The record type defining the columns to log in the DPD logging stream.

Hooks

DPD::log_policy

Type:

Log::PolicyHook

A default logging policy hook for the stream.