mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
Broke down logs into grouped sections based on use & origin
This commit is contained in:
parent
e402a224d8
commit
16c70a5179
1 changed files with 65 additions and 40 deletions
|
@ -7,15 +7,15 @@ and the events generated in a series of relevant log files. These files can
|
|||
later be reviewed for monitoring, auditing and troubleshooting purposes.
|
||||
|
||||
Listed below are the log files generated by Bro, including a brief description
|
||||
of the log file and links to descriptions of some of the fields for each log type.
|
||||
of the log file and links to descriptions of some of the fields for each log
|
||||
type.
|
||||
|
||||
Bro Diagnostics
|
||||
---------------
|
||||
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| Log File | Description | Field Descriptions |
|
||||
+============================+=======================================+=================================+
|
||||
| app_stats.log | Info about web apps in use on network | :bro:type:`AppStats::Info` |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| barnyard2.log | Alerts received from Barnyard2 | :bro:type:`Barnyard2::Info` |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| capture_loss.log | Packet loss rate | :bro:type:`CaptureLoss::Info` |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| cluster.log | Cluster messages | :bro:type:`Cluster::Info` |
|
||||
|
@ -23,6 +23,55 @@ of the log file and links to descriptions of some of the fields for each log typ
|
|||
| communication.log | Connections to remote Bro or Broccoli | :bro:type:`Communication::Info` |
|
||||
| | instances | |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| intel.log | Details about the intelligence | :bro:type:`Intel::Info` |
|
||||
| | framework | |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| loaded_scripts.log | Shows all scripts loaded by Bro | :bro:type:`LoadedScripts::Info` |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| notice.log | Bro notices | :bro:type:`Notice::Info` |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| notice_alarm.log | The alarm stream | :bro:enum:`Notice::ACTION_ALARM`|
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| packetfilter.log | Status of packet filters | :bro:type:`PacketFilter::Info` |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| reporter.log | Records error messages, location, | :bro:type:`Reporter::Info` |
|
||||
| | and severity | |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| stats.log | Shows log memory/packet/lag | :bro:type:`Stats::Info` |
|
||||
| | statistics | |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| unified2.log | Interprets Snort's unified output | :bro:type:`Unified2::Info` |
|
||||
| | format | |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
|
||||
Known_* Logs
|
||||
------------
|
||||
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| Log File | Description | Field Descriptions |
|
||||
+============================+=======================================+=================================+
|
||||
| known_certs.log | SSL certificates used | :bro:type:`Known::CertsInfo` |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| known_devices.log | MAC addresses of devices on the | :bro:type:`Known::DevicesInfo` |
|
||||
| | network | |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| known_hosts.log | Daily record of completed TCP | :bro:type:`Known::HostsInfo` |
|
||||
| | handshakes | |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| known_modbus.log | Modbus masters and workers | :bro:type:`Known::ModbusInfo` |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| known_services.log | Tracks services and protocols used | :bro:type:`Known::ServicesInfo` |
|
||||
| | during a session | |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
|
||||
Network Activity
|
||||
----------------
|
||||
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| Log File | Description | Field Descriptions |
|
||||
+============================+=======================================+=================================+
|
||||
| barnyard2.log | Alerts received from Barnyard2 | :bro:type:`Barnyard2::Info` |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| conn.log | Connection info | :bro:type:`Conn::Info` |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| dhcp.log | DHCP leases | :bro:type:`DHCP::Info` |
|
||||
|
@ -42,41 +91,14 @@ of the log file and links to descriptions of some of the fields for each log typ
|
|||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| http.log | HTTP requests and replies | :bro:type:`HTTP::Info` |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| intel.log | Details about the intelligence | :bro:type:`Intel::Info` |
|
||||
| | framework | |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| irc.log | IRC commands and responses | :bro:type:`IRC::Info` |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| known_certs.log | SSL certificates used | :bro:type:`Known::CertsInfo` |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| known_devices.log | MAC addresses of devices on the | :bro:type:`Known::DevicesInfo` |
|
||||
| | network | |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| known_hosts.log | Daily record of completed TCP | :bro:type:`Known::HostsInfo` |
|
||||
| | handshakes | |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| known_modbus.log | Modbus masters and workers | :bro:type:`Known::ModbusInfo` |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| known_services.log | Tracks services and protocols used | :bro:type:`Known::ServicesInfo` |
|
||||
| | during a session | |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| loaded_scripts.log | Shows all scripts loaded by Bro | :bro:type:`LoadedScripts::Info` |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| modbus.log | Modbus protocol data | :bro:type:`Modbus::Info` |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| modbus_register_change.log | Tracks changes to holding registers | :bro:type:`Modbus::MemmapInfo` |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| notice.log | Bro notices | :bro:type:`Notice::Info` |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| notice_alarm.log | The alarm stream | :bro:type:`Notice::Info` |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| packetfilter.log | Status of packet filters | :bro:type:`PacketFilter::Info` |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| radius.log | RADIUS authentication attempts | :bro:type:`RADIUS::Info` |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| reporter.log | Records error messages, location, | :bro:type:`Reporter::Info` |
|
||||
| | and severity | |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| signatures.log | Tracks signatures used on TCP | :bro:type:`Signatures::Info` |
|
||||
| | connections | |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
|
@ -86,15 +108,10 @@ of the log file and links to descriptions of some of the fields for each log typ
|
|||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| socks.log | SOCKS proxy requests | :bro:type:`SOCKS::Info` |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| software.log | Software being used on the network | :bro:type:`Software::Info` |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| ssh.log | SSH connections | :bro:type:`SSH::Info` |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| ssl.log | SSL/TLS handshake info | :bro:type:`SSL::Info` |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| stats.log | Shows log memory/packet/lag | :bro:type:`Stats::Info` |
|
||||
| | statistics | |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| syslog.log | Syslog messages and data | :bro:type:`Syslog::Info` |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| traceroute.log | Address and protocol data of a given | :bro:type:`Traceroute::Info` |
|
||||
|
@ -102,11 +119,19 @@ of the log file and links to descriptions of some of the fields for each log typ
|
|||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| tunnel.log | Tunnel data | :bro:type:`Tunnel::Info` |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| unified2.log | Interprets Snort's unified output | :bro:type:`Unified2::Info` |
|
||||
| | format | |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| weird.log | Records unexpected protocol-level | :bro:type:`Weird::Info` |
|
||||
| | activity | |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| x509.log | Tracks X.509 certificates | :bro:type:`X509::Info` |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
|
||||
Software Asset Tracking
|
||||
-----------------------
|
||||
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| Log File | Description | Field Descriptions |
|
||||
+============================+=======================================+=================================+
|
||||
| app_stats.log | Info about web apps in use on network | :bro:type:`AppStats::Info` |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
| software.log | Software being used on the network | :bro:type:`Software::Info` |
|
||||
+----------------------------+---------------------------------------+---------------------------------+
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue