mirror of
https://github.com/zeek/zeek.git
synced 2025-10-04 07:38:19 +00:00
More updates to log files page: descriptions
This commit is contained in:
Jeannette Dopheide
parent
401ec39ce2
commit
14940c2d89
2 changed files with 109 additions and 34 deletions
|
|
@ -5,6 +5,7 @@ Script Reference
|
|||
.. toctree::
|
||||
:maxdepth: 1
|
||||
|
||||
log-files
|
||||
notices
|
||||
proto-analyzers
|
||||
file-analyzers
|
||||
|
|
@ -12,5 +13,5 @@ Script Reference
|
|||
packages
|
||||
scripts
|
||||
Broxygen Example Script </scripts/broxygen/example.bro>
|
||||
list-of-log-files
|
||||
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -1,38 +1,112 @@
|
|||
=================
|
||||
List of Log Files
|
||||
=================
|
||||
=========
|
||||
Log Files
|
||||
=========
|
||||
|
||||
As a monitoring tool, Bro records a detailed view of the traffic inspected
|
||||
and the events generated in a series of relevant log files. These files can
|
||||
later be reviewed for monitoring, auditing and troubleshooting purposes.
|
||||
|
||||
Listed below are the log files generated by Bro, a brief description of the
|
||||
log file, and links to descriptions of some of the fields for each log type.
|
||||
Listed below are the log files generated by Bro, including a brief description
|
||||
of the log file and links to descriptions of some of the fields for each log type.
|
||||
|
||||
+-----------------+---------------------------------------+------------------------------+
|
||||
| Log File | Description | Field Descriptions |
|
||||
+=================+=======================================+==============================+
|
||||
| http.log | Shows all HTTP requests and replies | :bro:type:`HTTP::Info` |
|
||||
+-----------------+---------------------------------------+------------------------------+
|
||||
| ftp.log | Records FTP activity | :bro:type:`FTP::Info` |
|
||||
+-----------------+---------------------------------------+------------------------------+
|
||||
| ssl.log | Records SSL sessions including | :bro:type:`SSL::Info` |
|
||||
| | certificates used | |
|
||||
+-----------------+---------------------------------------+------------------------------+
|
||||
| known_certs.log | Includes SSL certificates used | :bro:type:`Known::CertsInfo` |
|
||||
+-----------------+---------------------------------------+------------------------------+
|
||||
| smtp.log | Summarizes SMTP traffic on a network | :bro:type:`SMTP::Info` |
|
||||
+-----------------+---------------------------------------+------------------------------+
|
||||
| dns.log | Shows all DNS activity on a network | :bro:type:`DNS::Info` |
|
||||
+-----------------+---------------------------------------+------------------------------+
|
||||
| conn.log | Records all connections seen by Bro | :bro:type:`Conn::Info` |
|
||||
+-----------------+---------------------------------------+------------------------------+
|
||||
| dpd.log | Shows network activity on | :bro:type:`DPD::Info` |
|
||||
| | non-standard ports | |
|
||||
+-----------------+---------------------------------------+------------------------------+
|
||||
| files.log | Records information about all files | :bro:type:`Files::Info` |
|
||||
| | transmitted over the network | |
|
||||
+-----------------+---------------------------------------+------------------------------+
|
||||
| weird.log | Records unexpected protocol-level | :bro:type:`Weird::Info` |
|
||||
| | activity | |
|
||||
+-----------------+---------------------------------------+------------------------------+
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| Log File | Description | Field Descriptions |
|
||||
+============================+=======================================+=================================+
|
||||
| app_stats.log | Info about web apps in use on network | :bro:type:`AppStats::Info` |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| barnyard2.log | Alerts received from Barnyard2 | :bro:type:`Barnyard2::Info` |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| capture_loss.log | Packet loss rate | :bro:type:`CaptureLoss::Info` |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| cluster.log | Cluster messages | :bro:type:`Cluster::Info` |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| communication.log | Connections to remote Bro or Broccoli | :bro:type:`Communication::Info` |
|
||||
| | instances | |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| conn.log | Connection info | :bro:type:`Conn::Info` |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| dhcp.log | DHCP leases | :bro:type:`DHCP::Info` |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| dnp3.log | Requests and replies using DNP3 | :bro:type:`DNP3::Info` |
|
||||
| | protocol | |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| dns.log | DNS activity | :bro:type:`DNS::Info` |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| dpd.log | Network activity on non-standard | :bro:type:`DPD::Info` |
|
||||
| | ports | |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| files.log | Info about files transmitted over the | :bro:type:`Files::Info` |
|
||||
| | network | |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| ftp.log | FTP activity | :bro:type:`FTP::Info` |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| http.log | HTTP requests and replies | :bro:type:`HTTP::Info` |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| intel.log | Details about the intelligence | :bro:type:`Intel::Info` |
|
||||
| | framework | |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| irc.log | IRC commands and responses | :bro:type:`IRC::Info` |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| known_certs.log | SSL certificates used | :bro:type:`Known::CertsInfo` |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| known_devices.log | MAC addresses of devices on the | :bro:type:`Known::DevicesInfo` |
|
||||
| | network | |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| known_hosts.log | Daily record of completed TCP | :bro:type:`Known::HostsInfo` |
|
||||
| | handshakes | |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| known_modbus.log | Modbus masters and workers | :bro:type:`Known::ModbusInfo` |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| known_services.log | Tracks services and protocols used | :bro:type:`Known::ServicesInfo` |
|
||||
| | during a session | |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| loaded_scripts.log | Shows all scripts loaded by Bro | :bro:type:`LoadedScripts::Info` |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| modbus.log | Modbus protocol data | :bro:type:`Modbus::Info` |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| modbus_register_change.log | <add description here> | <add link here> |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| notice.log | Bro notices | :bro:type:`Notice::Info` |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| notice_alarm.log | The alarm stream | :bro:type:`Notice::Info` |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| packetfilter.log | Status of packet filters | :bro:type:`PacketFilter::Info` |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| radius.log | RADIUS authentication attempts | :bro:type:`RADIUS::Info` |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| reporter.log | Records error messages, location, | :bro:type:`Reporter::Info` |
|
||||
| | and severity | |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| signatures.log | Tracks signatures used on TCP | :bro:type:`Signatures::Info` |
|
||||
| | connections | |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| smtp.log | SMTP traffic on a network | :bro:type:`SMTP::Info` |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| snmp.log | SNMP traffic on a network | :bro:type:`SNMP::Info` |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| socks.log | SOCKS proxy requests | :bro:type:`SOCKS::Info` |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| software.log | Software being used on the network | :bro:type:`Software::Info` |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| ssh.log | SSH connections | :bro:type:`SSH::Info` |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| ssl.log | SSL/TLS handshake info | :bro:type:`SSL::Info` |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| stats.log | Shows log memory/packet/lag | :bro:type:`Stats::Info` |
|
||||
| | statistics | |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| syslog.log | Syslog messages and data | :bro:type:`Syslog::Info` |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| traceroute.log | Address and protocol data of a given | :bro:type:`Traceroute::Info` |
|
||||
| | traceroute | |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| tunnel.log | Tunnel data | :bro:type:`Tunnel::Info` |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| unified2.log | Interprets Snort's unified output | :bro:type:`Unified2::Info` |
|
||||
| | format | |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| weird.log | Records unexpected protocol-level | :bro:type:`Weird::Info` |
|
||||
| | activity | |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| x509.log | Tracks X.509 certificates | :bro:type:`X509::Info` |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue