Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-04 07:38:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Change doc/ subdir into a git submodule

Browse source 
The docs now live at https://github.com/zeek/zeek-docs
This commit is contained in:
Jon Siwek 2019-01-17 14:09:29 -06:00
parent 0d685efbf5
commit 2ff746fea7
693 changed files with 26 additions and 105609 deletions
Download patch file Download diff file Expand all files Collapse all files

14
doc/scripts/base/frameworks/logging/__load__.bro.rst
View file

@ -1,14 +0,0 @@
:tocdepth: 3
base/frameworks/logging/__load__.bro
====================================
:Imports: :doc:`base/frameworks/logging/main.bro </scripts/base/frameworks/logging/main.bro>`, :doc:`base/frameworks/logging/postprocessors </scripts/base/frameworks/logging/postprocessors/index>`, :doc:`base/frameworks/logging/writers/ascii.bro </scripts/base/frameworks/logging/writers/ascii.bro>`, :doc:`base/frameworks/logging/writers/none.bro </scripts/base/frameworks/logging/writers/none.bro>`, :doc:`base/frameworks/logging/writers/sqlite.bro </scripts/base/frameworks/logging/writers/sqlite.bro>`
Summary
~~~~~~~
Detailed Interface
~~~~~~~~~~~~~~~~~~

87
doc/scripts/base/frameworks/logging/index.rst
View file

@ -1,87 +0,0 @@
:orphan:
Package: base/frameworks/logging
================================
The logging framework provides a flexible key-value based logging interface.
:doc:`/scripts/base/frameworks/logging/__load__.bro`
:doc:`/scripts/base/frameworks/logging/main.bro`
The Bro logging interface.
See :doc:`/frameworks/logging` for an introduction to Bro's
logging framework.
:doc:`/scripts/base/frameworks/logging/postprocessors/__load__.bro`
:doc:`/scripts/base/frameworks/logging/postprocessors/scp.bro`
This script defines a postprocessing function that can be applied
to a logging filter in order to automatically SCP (secure copy)
a log stream (or a subset of it) to a remote host at configurable
rotation time intervals. Generally, to use this functionality
you must handle the :bro:id:`bro_init` event and do the following
in your handler:
1) Create a new :bro:type:`Log::Filter` record that defines a name/path,
rotation interval, and set the ``postprocessor`` to
:bro:id:`Log::scp_postprocessor`.
2) Add the filter to a logging stream using :bro:id:`Log::add_filter`.
3) Add a table entry to :bro:id:`Log::scp_destinations` for the filter's
writer/path pair which defines a set of :bro:type:`Log::SCPDestination`
records.
:doc:`/scripts/base/frameworks/logging/postprocessors/sftp.bro`
This script defines a postprocessing function that can be applied
to a logging filter in order to automatically SFTP
a log stream (or a subset of it) to a remote host at configurable
rotation time intervals. Generally, to use this functionality
you must handle the :bro:id:`bro_init` event and do the following
in your handler:
1) Create a new :bro:type:`Log::Filter` record that defines a name/path,
rotation interval, and set the ``postprocessor`` to
:bro:id:`Log::sftp_postprocessor`.
2) Add the filter to a logging stream using :bro:id:`Log::add_filter`.
3) Add a table entry to :bro:id:`Log::sftp_destinations` for the filter's
writer/path pair which defines a set of :bro:type:`Log::SFTPDestination`
records.
:doc:`/scripts/base/frameworks/logging/writers/ascii.bro`
Interface for the ASCII log writer. Redefinable options are available
to tweak the output format of ASCII logs.
The ASCII writer currently supports one writer-specific per-filter config
option: setting ``tsv`` to the string ``T`` turns the output into
"tab-separated-value" mode where only a single header row with the column
names is printed out as meta information, with no "# fields" prepended; no
other meta data gets included in that mode. Example filter using this::
local f: Log::Filter = [$name = "my-filter",
$writer = Log::WRITER_ASCII,
$config = table(["tsv"] = "T")];
:doc:`/scripts/base/frameworks/logging/writers/sqlite.bro`
Interface for the SQLite log writer. Redefinable options are available
to tweak the output format of the SQLite reader.
See :doc:`/frameworks/logging-input-sqlite` for an introduction on how to
use the SQLite log writer.
The SQL writer currently supports one writer-specific filter option via
``config``: setting ``tablename`` sets the name of the table that is used
or created in the SQLite database. An example for this is given in the
introduction mentioned above.
:doc:`/scripts/base/frameworks/logging/writers/none.bro`
Interface for the None log writer. This writer is mainly for debugging.

1111
doc/scripts/base/frameworks/logging/main.bro.rst
View file

File diff suppressed because it is too large Load diff

14
doc/scripts/base/frameworks/logging/postprocessors/__load__.bro.rst
View file

@ -1,14 +0,0 @@
:tocdepth: 3
base/frameworks/logging/postprocessors/__load__.bro
===================================================
:Imports: :doc:`base/frameworks/logging/postprocessors/scp.bro </scripts/base/frameworks/logging/postprocessors/scp.bro>`, :doc:`base/frameworks/logging/postprocessors/sftp.bro </scripts/base/frameworks/logging/postprocessors/sftp.bro>`
Summary
~~~~~~~
Detailed Interface
~~~~~~~~~~~~~~~~~~

44
doc/scripts/base/frameworks/logging/postprocessors/index.rst
View file

@ -1,44 +0,0 @@
:orphan:
Package: base/frameworks/logging/postprocessors
===============================================
Support for postprocessors in the logging framework.
:doc:`/scripts/base/frameworks/logging/postprocessors/__load__.bro`
:doc:`/scripts/base/frameworks/logging/postprocessors/scp.bro`
This script defines a postprocessing function that can be applied
to a logging filter in order to automatically SCP (secure copy)
a log stream (or a subset of it) to a remote host at configurable
rotation time intervals. Generally, to use this functionality
you must handle the :bro:id:`bro_init` event and do the following
in your handler:
1) Create a new :bro:type:`Log::Filter` record that defines a name/path,
rotation interval, and set the ``postprocessor`` to
:bro:id:`Log::scp_postprocessor`.
2) Add the filter to a logging stream using :bro:id:`Log::add_filter`.
3) Add a table entry to :bro:id:`Log::scp_destinations` for the filter's
writer/path pair which defines a set of :bro:type:`Log::SCPDestination`
records.
:doc:`/scripts/base/frameworks/logging/postprocessors/sftp.bro`
This script defines a postprocessing function that can be applied
to a logging filter in order to automatically SFTP
a log stream (or a subset of it) to a remote host at configurable
rotation time intervals. Generally, to use this functionality
you must handle the :bro:id:`bro_init` event and do the following
in your handler:
1) Create a new :bro:type:`Log::Filter` record that defines a name/path,
rotation interval, and set the ``postprocessor`` to
:bro:id:`Log::sftp_postprocessor`.
2) Add the filter to a logging stream using :bro:id:`Log::add_filter`.
3) Add a table entry to :bro:id:`Log::sftp_destinations` for the filter's
writer/path pair which defines a set of :bro:type:`Log::SFTPDestination`
records.

121
doc/scripts/base/frameworks/logging/postprocessors/scp.bro.rst
View file

@ -1,121 +0,0 @@
:tocdepth: 3
base/frameworks/logging/postprocessors/scp.bro
==============================================
.. bro:namespace:: Log
This script defines a postprocessing function that can be applied
to a logging filter in order to automatically SCP (secure copy)
a log stream (or a subset of it) to a remote host at configurable
rotation time intervals. Generally, to use this functionality
you must handle the :bro:id:`bro_init` event and do the following
in your handler:
1) Create a new :bro:type:`Log::Filter` record that defines a name/path,
rotation interval, and set the ``postprocessor`` to
:bro:id:`Log::scp_postprocessor`.
2) Add the filter to a logging stream using :bro:id:`Log::add_filter`.
3) Add a table entry to :bro:id:`Log::scp_destinations` for the filter's
writer/path pair which defines a set of :bro:type:`Log::SCPDestination`
records.
:Namespace: Log
Summary
~~~~~~~
Redefinable Options
###################
============================================================================== ================================================================
:bro:id:`Log::scp_rotation_date_format`: :bro:type:`string` :bro:attr:`&redef` Default naming format for timestamps embedded into log filenames
that use the SCP rotator.
============================================================================== ================================================================
State Variables
###############
================================================== =======================================================================
:bro:id:`Log::scp_destinations`: :bro:type:`table` A table indexed by a particular log writer and filter path, that yields
a set of remote destinations.
================================================== =======================================================================
Types
#####
=================================================== =====================================================================
:bro:type:`Log::SCPDestination`: :bro:type:`record` A container that describes the remote destination for the SCP command
argument as ``user@host:path``.
=================================================== =====================================================================
Functions
#########
====================================================== ===========================================================
:bro:id:`Log::scp_postprocessor`: :bro:type:`function` Secure-copies the rotated log to all the remote hosts
defined in :bro:id:`Log::scp_destinations` and then deletes
the local copy of the rotated log.
====================================================== ===========================================================
Detailed Interface
~~~~~~~~~~~~~~~~~~
Redefinable Options
###################
.. bro:id:: Log::scp_rotation_date_format
:Type: :bro:type:`string`
:Attributes: :bro:attr:`&redef`
:Default: ``"%Y-%m-%d-%H-%M-%S"``
Default naming format for timestamps embedded into log filenames
that use the SCP rotator.
State Variables
###############
.. bro:id:: Log::scp_destinations
:Type: :bro:type:`table` [:bro:type:`Log::Writer`, :bro:type:`string`] of :bro:type:`set` [:bro:type:`Log::SCPDestination`]
:Default: ``{}``
A table indexed by a particular log writer and filter path, that yields
a set of remote destinations. The :bro:id:`Log::scp_postprocessor`
function queries this table upon log rotation and performs a secure
copy of the rotated log to each destination in the set. This
table can be modified at run-time.
Types
#####
.. bro:type:: Log::SCPDestination
:Type: :bro:type:`record`
user: :bro:type:`string`
The remote user to log in as. A trust mechanism should be
pre-established.
host: :bro:type:`string`
The remote host to which to transfer logs.
path: :bro:type:`string`
The path/directory on the remote host to send logs.
A container that describes the remote destination for the SCP command
argument as ``user@host:path``.
Functions
#########
.. bro:id:: Log::scp_postprocessor
:Type: :bro:type:`function` (info: :bro:type:`Log::RotationInfo`) : :bro:type:`bool`
Secure-copies the rotated log to all the remote hosts
defined in :bro:id:`Log::scp_destinations` and then deletes
the local copy of the rotated log. It's not active when
reading from trace files.
:info: A record holding meta-information about the log file to be
postprocessed.
:returns: True if secure-copy system command was initiated or
if no destination was configured for the log as described
by *info*.

124
doc/scripts/base/frameworks/logging/postprocessors/sftp.bro.rst
View file

@ -1,124 +0,0 @@
:tocdepth: 3
base/frameworks/logging/postprocessors/sftp.bro
===============================================
.. bro:namespace:: Log
This script defines a postprocessing function that can be applied
to a logging filter in order to automatically SFTP
a log stream (or a subset of it) to a remote host at configurable
rotation time intervals. Generally, to use this functionality
you must handle the :bro:id:`bro_init` event and do the following
in your handler:
1) Create a new :bro:type:`Log::Filter` record that defines a name/path,
rotation interval, and set the ``postprocessor`` to
:bro:id:`Log::sftp_postprocessor`.
2) Add the filter to a logging stream using :bro:id:`Log::add_filter`.
3) Add a table entry to :bro:id:`Log::sftp_destinations` for the filter's
writer/path pair which defines a set of :bro:type:`Log::SFTPDestination`
records.
:Namespace: Log
Summary
~~~~~~~
Redefinable Options
###################
=============================================================================== ================================================================
:bro:id:`Log::sftp_rotation_date_format`: :bro:type:`string` :bro:attr:`&redef` Default naming format for timestamps embedded into log filenames
that use the SFTP rotator.
=============================================================================== ================================================================
State Variables
###############
=================================================== =======================================================================
:bro:id:`Log::sftp_destinations`: :bro:type:`table` A table indexed by a particular log writer and filter path, that yields
a set of remote destinations.
=================================================== =======================================================================
Types
#####
==================================================== =======================================================================
:bro:type:`Log::SFTPDestination`: :bro:type:`record` A container that describes the remote destination for the SFTP command,
comprised of the username, host, and path at which to upload the file.
==================================================== =======================================================================
Functions
#########
======================================================= ============================================================
:bro:id:`Log::sftp_postprocessor`: :bro:type:`function` Securely transfers the rotated log to all the remote hosts
defined in :bro:id:`Log::sftp_destinations` and then deletes
the local copy of the rotated log.
======================================================= ============================================================
Detailed Interface
~~~~~~~~~~~~~~~~~~
Redefinable Options
###################
.. bro:id:: Log::sftp_rotation_date_format
:Type: :bro:type:`string`
:Attributes: :bro:attr:`&redef`
:Default: ``"%Y-%m-%d-%H-%M-%S"``
Default naming format for timestamps embedded into log filenames
that use the SFTP rotator.
State Variables
###############
.. bro:id:: Log::sftp_destinations
:Type: :bro:type:`table` [:bro:type:`Log::Writer`, :bro:type:`string`] of :bro:type:`set` [:bro:type:`Log::SFTPDestination`]
:Default: ``{}``
A table indexed by a particular log writer and filter path, that yields
a set of remote destinations. The :bro:id:`Log::sftp_postprocessor`
function queries this table upon log rotation and performs a secure
transfer of the rotated log to each destination in the set. This
table can be modified at run-time.
Types
#####
.. bro:type:: Log::SFTPDestination
:Type: :bro:type:`record`
user: :bro:type:`string`
The remote user to log in as. A trust mechanism should be
pre-established.
host: :bro:type:`string`
The remote host to which to transfer logs.
host_port: :bro:type:`count` :bro:attr:`&default` = ``22`` :bro:attr:`&optional`
The port to connect to. Defaults to 22
path: :bro:type:`string`
The path/directory on the remote host to send logs.
A container that describes the remote destination for the SFTP command,
comprised of the username, host, and path at which to upload the file.
Functions
#########
.. bro:id:: Log::sftp_postprocessor
:Type: :bro:type:`function` (info: :bro:type:`Log::RotationInfo`) : :bro:type:`bool`
Securely transfers the rotated log to all the remote hosts
defined in :bro:id:`Log::sftp_destinations` and then deletes
the local copy of the rotated log. It's not active when
reading from trace files.
:info: A record holding meta-information about the log file to be
postprocessed.
:returns: True if sftp system command was initiated or
if no destination was configured for the log as described
by *info*.

162
doc/scripts/base/frameworks/logging/writers/ascii.bro.rst
View file

@ -1,162 +0,0 @@
:tocdepth: 3
base/frameworks/logging/writers/ascii.bro
=========================================
.. bro:namespace:: LogAscii
Interface for the ASCII log writer. Redefinable options are available
to tweak the output format of ASCII logs.
The ASCII writer currently supports one writer-specific per-filter config
option: setting ``tsv`` to the string ``T`` turns the output into
"tab-separated-value" mode where only a single header row with the column
names is printed out as meta information, with no "# fields" prepended; no
other meta data gets included in that mode. Example filter using this::
local f: Log::Filter = [$name = "my-filter",
$writer = Log::WRITER_ASCII,
$config = table(["tsv"] = "T")];
:Namespace: LogAscii
Summary
~~~~~~~
Redefinable Options
###################
========================================================================================= =====================================================================
:bro:id:`LogAscii::empty_field`: :bro:type:`string` :bro:attr:`&redef` String to use for empty fields.
:bro:id:`LogAscii::gzip_level`: :bro:type:`count` :bro:attr:`&redef` Define the gzip level to compress the logs.
:bro:id:`LogAscii::include_meta`: :bro:type:`bool` :bro:attr:`&redef` If true, include lines with log meta information such as column names
with types, the values of ASCII logging options that are in use, and
the time when the file was opened and closed (the latter at the end).
:bro:id:`LogAscii::json_timestamps`: :bro:type:`JSON::TimestampFormat` :bro:attr:`&redef` Format of timestamps when writing out JSON.
:bro:id:`LogAscii::meta_prefix`: :bro:type:`string` :bro:attr:`&redef` Prefix for lines with meta information.
:bro:id:`LogAscii::output_to_stdout`: :bro:type:`bool` :bro:attr:`&redef` If true, output everything to stdout rather than
into files.
:bro:id:`LogAscii::separator`: :bro:type:`string` :bro:attr:`&redef` Separator between fields.
:bro:id:`LogAscii::set_separator`: :bro:type:`string` :bro:attr:`&redef` Separator between set elements.
:bro:id:`LogAscii::unset_field`: :bro:type:`string` :bro:attr:`&redef` String to use for an unset &optional field.
:bro:id:`LogAscii::use_json`: :bro:type:`bool` :bro:attr:`&redef` If true, the default will be to write logs in a JSON format.
========================================================================================= =====================================================================
Redefinitions
#############
==================================================================================== =
:bro:id:`Log::default_rotation_postprocessors`: :bro:type:`table` :bro:attr:`&redef`
==================================================================================== =
Detailed Interface
~~~~~~~~~~~~~~~~~~
Redefinable Options
###################
.. bro:id:: LogAscii::empty_field
:Type: :bro:type:`string`
:Attributes: :bro:attr:`&redef`
:Default: ``"(empty)"``
String to use for empty fields. This should be different from
*unset_field* to make the output unambiguous.
This option is also available as a per-filter ``$config`` option.
.. bro:id:: LogAscii::gzip_level
:Type: :bro:type:`count`
:Attributes: :bro:attr:`&redef`
:Default: ``0``
Define the gzip level to compress the logs. If 0, then no gzip
compression is performed. Enabling compression also changes
the log file name extension to include ".gz".
This option is also available as a per-filter ``$config`` option.
.. bro:id:: LogAscii::include_meta
:Type: :bro:type:`bool`
:Attributes: :bro:attr:`&redef`
:Default: ``T``
If true, include lines with log meta information such as column names
with types, the values of ASCII logging options that are in use, and
the time when the file was opened and closed (the latter at the end).
If writing in JSON format, this is implicitly disabled.
.. bro:id:: LogAscii::json_timestamps
:Type: :bro:type:`JSON::TimestampFormat`
:Attributes: :bro:attr:`&redef`
:Default: ``JSON::TS_EPOCH``
Format of timestamps when writing out JSON. By default, the JSON
formatter will use double values for timestamps which represent the
number of seconds from the UNIX epoch.
This option is also available as a per-filter ``$config`` option.
.. bro:id:: LogAscii::meta_prefix
:Type: :bro:type:`string`
:Attributes: :bro:attr:`&redef`
:Default: ``"#"``
Prefix for lines with meta information.
This option is also available as a per-filter ``$config`` option.
.. bro:id:: LogAscii::output_to_stdout
:Type: :bro:type:`bool`
:Attributes: :bro:attr:`&redef`
:Default: ``F``
If true, output everything to stdout rather than
into files. This is primarily for debugging purposes.
This option is also available as a per-filter ``$config`` option.
.. bro:id:: LogAscii::separator
:Type: :bro:type:`string`
:Attributes: :bro:attr:`&redef`
:Default: ``"\x09"``
Separator between fields.
This option is also available as a per-filter ``$config`` option.
.. bro:id:: LogAscii::set_separator
:Type: :bro:type:`string`
:Attributes: :bro:attr:`&redef`
:Default: ``","``
Separator between set elements.
This option is also available as a per-filter ``$config`` option.
.. bro:id:: LogAscii::unset_field
:Type: :bro:type:`string`
:Attributes: :bro:attr:`&redef`
:Default: ``"-"``
String to use for an unset &optional field.
This option is also available as a per-filter ``$config`` option.
.. bro:id:: LogAscii::use_json
:Type: :bro:type:`bool`
:Attributes: :bro:attr:`&redef`
:Default: ``T``
If true, the default will be to write logs in a JSON format.
This option is also available as a per-filter ``$config`` option.

40
doc/scripts/base/frameworks/logging/writers/none.bro.rst
View file

@ -1,40 +0,0 @@
:tocdepth: 3
base/frameworks/logging/writers/none.bro
========================================
.. bro:namespace:: LogNone
Interface for the None log writer. This writer is mainly for debugging.
:Namespace: LogNone
Summary
~~~~~~~
Redefinable Options
###################
============================================================= ============================================================
:bro:id:`LogNone::debug`: :bro:type:`bool` :bro:attr:`&redef` If true, output debugging output that can be useful for unit
testing the logging framework.
============================================================= ============================================================
Redefinitions
#############
==================================================================================== =
:bro:id:`Log::default_rotation_postprocessors`: :bro:type:`table` :bro:attr:`&redef`
==================================================================================== =
Detailed Interface
~~~~~~~~~~~~~~~~~~
Redefinable Options
###################
.. bro:id:: LogNone::debug
:Type: :bro:type:`bool`
:Attributes: :bro:attr:`&redef`
:Default: ``F``
If true, output debugging output that can be useful for unit
testing the logging framework.

60
doc/scripts/base/frameworks/logging/writers/sqlite.bro.rst
View file

@ -1,60 +0,0 @@
:tocdepth: 3
base/frameworks/logging/writers/sqlite.bro
==========================================
.. bro:namespace:: LogSQLite
Interface for the SQLite log writer. Redefinable options are available
to tweak the output format of the SQLite reader.
See :doc:`/frameworks/logging-input-sqlite` for an introduction on how to
use the SQLite log writer.
The SQL writer currently supports one writer-specific filter option via
``config``: setting ``tablename`` sets the name of the table that is used
or created in the SQLite database. An example for this is given in the
introduction mentioned above.
:Namespace: LogSQLite
Summary
~~~~~~~
Redefinable Options
###################
========================================================================= ===========================================
:bro:id:`LogSQLite::empty_field`: :bro:type:`string` :bro:attr:`&redef` String to use for empty fields.
:bro:id:`LogSQLite::set_separator`: :bro:type:`string` :bro:attr:`&redef` Separator between set elements.
:bro:id:`LogSQLite::unset_field`: :bro:type:`string` :bro:attr:`&redef` String to use for an unset &optional field.
========================================================================= ===========================================
Detailed Interface
~~~~~~~~~~~~~~~~~~
Redefinable Options
###################
.. bro:id:: LogSQLite::empty_field
:Type: :bro:type:`string`
:Attributes: :bro:attr:`&redef`
:Default: ``"(empty)"``
String to use for empty fields. This should be different from
*unset_field* to make the output unambiguous.
.. bro:id:: LogSQLite::set_separator
:Type: :bro:type:`string`
:Attributes: :bro:attr:`&redef`
:Default: ``","``
Separator between set elements.
.. bro:id:: LogSQLite::unset_field
:Type: :bro:type:`string`
:Attributes: :bro:attr:`&redef`
:Default: ``"-"``
String to use for an unset &optional field.