main.zeek

Redis

Namespace:: Redis
Imports:: base/frameworks/signatures, base/protocols/conn/removal-hooks.zeek, base/protocols/redis/spicy-events.zeek

Summary

Runtime Options

Redis::max_pending_commands: count &redef

Redefinable Options

Redis::ports: set &redef

The ports to register Redis for.

State Variables

`Redis::enter_subscribed_mode`: `set`
`Redis::exit_subscribed_mode`: `set`
`Redis::no_response_commands`: `set`

Types

`Redis::Info`: `record`	Record type containing the column fields of the Redis log.
`Redis::NoReplyRange`: `record`	Which numbered commands should not expect a reply due to CLIENT REPLY commands.
`Redis::RESPVersion`: `enum`
`Redis::State`: `record`

Redefinitions

Log::ID: enum

Log stream identifier.

Redis::LOG

connection: record

New Fields:

connection

redis: Redis::Info &optional

redis_state: Redis::State &optional

Hooks

`Redis::finalize_redis`: `Conn::RemovalHook`
`Redis::log_policy`: `Log::PolicyHook`	A default logging policy hook for the stream.

Detailed Interface

Runtime Options

Redis::max_pending_commands 

Type:: count
Attributes:: &redef
Default:: 10000

Redefinable Options

Redis::ports 

Type:

set [port]

Attributes:

&redef

Default:

{
   6379/tcp
}

The ports to register Redis for.

State Variables

Redis::enter_subscribed_mode 

Type:

set [Redis::RedisCommand]

Default:

{
   Redis::RedisCommand_PSUBSCRIBE,
   Redis::RedisCommand_SSUBSCRIBE,
   Redis::RedisCommand_SUBSCRIBE
}

Redis::exit_subscribed_mode 

Type:

set [Redis::RedisCommand]

Default:

{
   Redis::RedisCommand_RESET,
   Redis::RedisCommand_QUIT
}

Redis::no_response_commands 

Type:

set [Redis::RedisCommand]

Default:

{
   Redis::RedisCommand_SSUBSCRIBE,
   Redis::RedisCommand_SUBSCRIBE,
   Redis::RedisCommand_PUNSUBSCRIBE,
   Redis::RedisCommand_SUNSUBSCRIBE,
   Redis::RedisCommand_UNSUBSCRIBE,
   Redis::RedisCommand_PSUBSCRIBE
}

Types

Redis::Info 

Type:

record

Fields:

ts: time &log: Timestamp for when the activity happened.

uid: string &log: Unique ID for the connection.

id: conn_id &log: The connection’s 4-tuple of endpoint addresses/ports.

cmd: Redis::Command &log: The Redis command.

success: bool &log &optional: If the command was successful. Only set if the server responded.

reply: Redis::ReplyData &log &optional: The reply for the command.

Record type containing the column fields of the Redis log.

Redis::NoReplyRange 

Type:

record

Fields:

begin: count

end: count &optional

Which numbered commands should not expect a reply due to CLIENT REPLY commands. These commands may simply skip one, or they may turn off replies then later reenable them. Thus, the end of the interval is optional.

Redis::RESPVersion 

Type:

enum

Redis::RESP2

Redis::RESP3

Redis::State 

Type:

record

Fields:

pending: table [count] of Redis::Info: Pending commands.

current_command: count &default = 0 &optional: Current command in the pending queue.

current_reply: count &default = 0 &optional: Current reply in the pending queue.

no_reply_ranges: vector of Redis::NoReplyRange: Ranges where we do not expect a reply due to CLIENT REPLY commands. Each range is one or two elements, one meaning it’s unbounded, two meaning it begins at one and ends at the second.

skip_commands: set [count]: The command indexes (from current_command and current_reply) that will not get responses no matter what.

violation: bool &default = F &optional: We store if this analyzer had a violation to avoid logging if so. This should not be super necessary, but worth a shot.

subscribed_mode: bool &default = F &optional: If we are in “subscribed” mode

resp_version: Redis::RESPVersion &default = Redis::RESP2 &optional: The RESP version

Hooks

Redis::finalize_redis 

Type:: Conn::RemovalHook

Redis::log_policy 

Type:: Log::PolicyHook

A default logging policy hook for the stream.