GH-234: rename Broxygen to Zeexygen along with roles/directives

* All "Broxygen" usages have been replaced in
  code, documentation, filenames, etc.

* Sphinx roles/directives like ":bro:see" are now ":zeek:see"

* The "--broxygen" command-line option is now "--zeexygen"

scripts/base/frameworks/analyzer/main.zeek

@@ -5,7 +5,7 @@
 ##! particular analyzer for new connections.
 ##!
 ##! Protocol analyzers are identified by unique tags of type
-##! :bro:type:`Analyzer::Tag`, such as :bro:enum:`Analyzer::ANALYZER_HTTP`.
+##! :zeek:type:`Analyzer::Tag`, such as :zeek:enum:`Analyzer::ANALYZER_HTTP`.
 ##! These tags are defined internally by
 ##! the analyzers themselves, and documented in their analyzer-specific
 ##! description along with the events that they generate.
@@ -17,7 +17,7 @@ module Analyzer;
 export {
 	## If true, all available analyzers are initially disabled at startup.
 	## One can then selectively enable them with
-	## :bro:id:`Analyzer::enable_analyzer`.
+	## :zeek:id:`Analyzer::enable_analyzer`.
 	global disable_all = F &redef;
 
 	## Enables an analyzer. Once enabled, the analyzer may be used for analysis
@@ -109,7 +109,7 @@ export {
 
 	## Automatically creates a BPF filter for the specified protocol based
 	## on the data supplied for the protocol through the
-	## :bro:see:`Analyzer::register_for_ports` function.
+	## :zeek:see:`Analyzer::register_for_ports` function.
 	##
 	## tag: The analyzer tag.
 	##

scripts/base/frameworks/broker/main.zeek

@@ -10,19 +10,19 @@ export {
 	## Default interval to retry listening on a port if it's currently in
 	## use already.  Use of the BRO_DEFAULT_LISTEN_RETRY environment variable
 	## (set as a number of seconds) will override this option and also
-	## any values given to :bro:see:`Broker::listen`.
+	## any values given to :zeek:see:`Broker::listen`.
 	const default_listen_retry = 30sec &redef;
 
 	## Default address on which to listen.
 	##
-	## .. bro:see:: Broker::listen
+	## .. zeek:see:: Broker::listen
 	const default_listen_address = getenv("BRO_DEFAULT_LISTEN_ADDRESS") &redef;
 
 	## Default interval to retry connecting to a peer if it cannot be made to
 	## work initially, or if it ever becomes disconnected.  Use of the
 	## BRO_DEFAULT_CONNECT_RETRY environment variable (set as number of
 	## seconds) will override this option and also any values given to
-	## :bro:see:`Broker::peer`.
+	## :zeek:see:`Broker::peer`.
 	const default_connect_retry = 30sec &redef;
 
 	## If true, do not use SSL for network connections. By default, SSL will
@@ -47,7 +47,7 @@ export {
 	const ssl_certificate = "" &redef;
 
 	## Passphrase to decrypt the private key specified by
-	## :bro:see:`Broker::ssl_keyfile`. If set, Bro will require valid
+	## :zeek:see:`Broker::ssl_keyfile`. If set, Bro will require valid
 	## certificates for all peers.
 	const ssl_passphrase = "" &redef;
 
@@ -96,7 +96,7 @@ export {
 	## Forward all received messages to subscribing peers.
 	const forward_messages = F &redef;
 
-	## Whether calling :bro:see:`Broker::peer` will register the Broker
+	## Whether calling :zeek:see:`Broker::peer` will register the Broker
 	## system as an I/O source that will block the process from shutting
 	## down.  For example, set this to false when you are reading pcaps,
 	## but also want to initaiate a Broker peering and still shutdown after
@@ -107,7 +107,7 @@ export {
 	## id is appended when writing to a particular stream.
 	const default_log_topic_prefix = "bro/logs/" &redef;
 
-	## The default implementation for :bro:see:`Broker::log_topic`.
+	## The default implementation for :zeek:see:`Broker::log_topic`.
 	function default_log_topic(id: Log::ID, path: string): string
 		{
 		return default_log_topic_prefix + cat(id);
@@ -116,7 +116,7 @@ export {
 	## A function that will be called for each log entry to determine what
 	## broker topic string will be used for sending it to peers.  The
 	## default implementation will return a value based on
-	## :bro:see:`Broker::default_log_topic_prefix`.
+	## :zeek:see:`Broker::default_log_topic_prefix`.
 	##
 	## id: the ID associated with the log stream entry that will be sent.
 	##
@@ -232,7 +232,7 @@ export {
 	##
 	## Returns: the bound port or 0/? on failure.
 	##
-	## .. bro:see:: Broker::status
+	## .. zeek:see:: Broker::status
 	global listen: function(a: string &default = default_listen_address,
 	                        p: port &default = default_port,
 	                        retry: interval &default = default_listen_retry): port;
@@ -252,7 +252,7 @@ export {
 	##          it's a new peer. The actual connection may not be established
 	##          until a later point in time.
 	##
-	## .. bro:see:: Broker::status
+	## .. zeek:see:: Broker::status
 	global peer: function(a: string, p: port &default=default_port,
 	                      retry: interval &default=default_connect_retry): bool;
 
@@ -262,12 +262,12 @@ export {
 	## just means that we won't exchange any further information with it
 	## unless peering resumes later.
 	##
-	## a: the address used in previous successful call to :bro:see:`Broker::peer`.
+	## a: the address used in previous successful call to :zeek:see:`Broker::peer`.
 	##
-	## p: the port used in previous successful call to :bro:see:`Broker::peer`.
+	## p: the port used in previous successful call to :zeek:see:`Broker::peer`.
 	##
 	## Returns: true if the arguments match a previously successful call to
-	##          :bro:see:`Broker::peer`.
+	##          :zeek:see:`Broker::peer`.
 	##
 	## TODO: We do not have a function yet to terminate a connection.
 	global unpeer: function(a: string, p: port): bool;
@@ -298,7 +298,7 @@ export {
 
 	## Register interest in all peer event messages that use a certain topic
 	## prefix.  Note that subscriptions may not be altered immediately after
-	## calling (except during :bro:see:`zeek_init`).
+	## calling (except during :zeek:see:`zeek_init`).
 	##
 	## topic_prefix: a prefix to match against remote message topics.
 	##               e.g. an empty prefix matches everything and "a" matches
@@ -309,10 +309,10 @@ export {
 
 	## Unregister interest in all peer event messages that use a topic prefix.
 	## Note that subscriptions may not be altered immediately after calling
-	## (except during :bro:see:`zeek_init`).
+	## (except during :zeek:see:`zeek_init`).
 	##
 	## topic_prefix: a prefix previously supplied to a successful call to
-	##               :bro:see:`Broker::subscribe` or :bro:see:`Broker::forward`.
+	##               :zeek:see:`Broker::subscribe` or :zeek:see:`Broker::forward`.
 	##
 	## Returns: true if interest in the topic prefix is no longer advertised.
 	global unsubscribe: function(topic_prefix: string): bool;
@@ -320,8 +320,8 @@ export {
 	## Register a topic prefix subscription for events that should only be
 	## forwarded to any subscribing peers and not raise any event handlers
 	## on the receiving/forwarding node.  i.e. it's the same as
-	## :bro:see:`Broker::subscribe` except matching events are not raised
-	## on the receiver, just forwarded.  Use :bro:see:`Broker::unsubscribe`
+	## :zeek:see:`Broker::subscribe` except matching events are not raised
+	## on the receiver, just forwarded.  Use :zeek:see:`Broker::unsubscribe`
 	## with the same argument to undo this operation.
 	##
 	## topic_prefix: a prefix to match against remote message topics.
@@ -346,9 +346,9 @@ export {
 
 	## Stop automatically sending an event to peers upon local dispatch.
 	##
-	## topic: a topic originally given to :bro:see:`Broker::auto_publish`.
+	## topic: a topic originally given to :zeek:see:`Broker::auto_publish`.
 	##
-	## ev: an event originally given to :bro:see:`Broker::auto_publish`.
+	## ev: an event originally given to :zeek:see:`Broker::auto_publish`.
 	##
 	## Returns: true if automatic events will not occur for the topic/event
 	##          pair.

scripts/base/frameworks/broker/store.zeek

@@ -353,7 +353,7 @@ export {
 	##
 	## Returns: a set with the keys.  If you expect the keys to be of
 	##          non-uniform type, consider using
-	##          :bro:see:`Broker::set_iterator` to iterate over the result.
+	##          :zeek:see:`Broker::set_iterator` to iterate over the result.
 	global keys: function(h: opaque of Broker::Store): QueryResult;
 
 	## Deletes all of a store's content, it will be empty afterwards.

scripts/base/frameworks/cluster/__load__.zeek

@@ -17,7 +17,7 @@ redef Broker::log_topic = Cluster::rr_log_topic;
 # If this script isn't found anywhere, the cluster bombs out.
 # Loading the cluster framework requires that a script by this name exists
 # somewhere in the BROPATH.  The only thing in the file should be the
-# cluster definition in the :bro:id:`Cluster::nodes` variable.
+# cluster definition in the :zeek:id:`Cluster::nodes` variable.
 @load cluster-layout
 
 @if ( Cluster::node in Cluster::nodes )

scripts/base/frameworks/cluster/main.zeek

@@ -1,8 +1,8 @@
 ##! A framework for establishing and controlling a cluster of Bro instances.
 ##! In order to use the cluster framework, a script named
 ##! ``cluster-layout.zeek`` must exist somewhere in Bro's script search path
-##! which has a cluster definition of the :bro:id:`Cluster::nodes` variable.
-##! The ``CLUSTER_NODE`` environment variable or :bro:id:`Cluster::node`
+##! which has a cluster definition of the :zeek:id:`Cluster::nodes` variable.
+##! The ``CLUSTER_NODE`` environment variable or :zeek:id:`Cluster::node`
 ##! must also be sent and the cluster framework loaded as a package like
 ##! ``@load base/frameworks/cluster``.
 
@@ -44,23 +44,23 @@ export {
 	const nodeid_topic_prefix = "bro/cluster/nodeid/" &redef;
 
 	## Name of the node on which master data stores will be created if no other
-	## has already been specified by the user in :bro:see:`Cluster::stores`.
+	## has already been specified by the user in :zeek:see:`Cluster::stores`.
 	## An empty value means "use whatever name corresponds to the manager
 	## node".
 	const default_master_node = "" &redef;
 
 	## The type of data store backend that will be used for all data stores if
-	## no other has already been specified by the user in :bro:see:`Cluster::stores`.
+	## no other has already been specified by the user in :zeek:see:`Cluster::stores`.
 	const default_backend = Broker::MEMORY &redef;
 
 	## The type of persistent data store backend that will be used for all data
 	## stores if no other has already been specified by the user in
-	## :bro:see:`Cluster::stores`.  This will be used when script authors call
-	## :bro:see:`Cluster::create_store` with the *persistent* argument set true.
+	## :zeek:see:`Cluster::stores`.  This will be used when script authors call
+	## :zeek:see:`Cluster::create_store` with the *persistent* argument set true.
 	const default_persistent_backend = Broker::SQLITE &redef;
 
 	## Setting a default dir will, for persistent backends that have not
-	## been given an explicit file path via :bro:see:`Cluster::stores`,
+	## been given an explicit file path via :zeek:see:`Cluster::stores`,
 	## automatically create a path within this dir that is based on the name of
 	## the data store.
 	const default_store_dir = "" &redef;
@@ -81,21 +81,21 @@ export {
 		## Parameters used for configuring the backend.
 		options: Broker::BackendOptions &default=Broker::BackendOptions();
 		## A resync/reconnect interval to pass through to
-		## :bro:see:`Broker::create_clone`.
+		## :zeek:see:`Broker::create_clone`.
 		clone_resync_interval: interval &default=Broker::default_clone_resync_interval;
 		## A staleness duration to pass through to
-		## :bro:see:`Broker::create_clone`.
+		## :zeek:see:`Broker::create_clone`.
 		clone_stale_interval: interval &default=Broker::default_clone_stale_interval;
 		## A mutation buffer interval to pass through to
-		## :bro:see:`Broker::create_clone`.
+		## :zeek:see:`Broker::create_clone`.
 		clone_mutation_buffer_interval: interval &default=Broker::default_clone_mutation_buffer_interval;
 	};
 
 	## A table of cluster-enabled data stores that have been created, indexed
 	## by their name.  This table will be populated automatically by
-	## :bro:see:`Cluster::create_store`, but if you need to customize
+	## :zeek:see:`Cluster::create_store`, but if you need to customize
 	## the options related to a particular data store, you may redef this
-	## table.  Calls to :bro:see:`Cluster::create_store` will first check
+	## table.  Calls to :zeek:see:`Cluster::create_store` will first check
 	## the table for an entry of the same name and, if found, will use the
 	## predefined options there when setting up the store.
 	global stores: table[string] of StoreInfo &default=StoreInfo() &redef;
@@ -174,15 +174,15 @@ export {
 	## This function can be called at any time to determine if the cluster
 	## framework is being enabled for this run.
 	##
-	## Returns: True if :bro:id:`Cluster::node` has been set.
+	## Returns: True if :zeek:id:`Cluster::node` has been set.
 	global is_enabled: function(): bool;
 
 	## This function can be called at any time to determine what type of
 	## cluster node the current Bro instance is going to be acting as.
-	## If :bro:id:`Cluster::is_enabled` returns false, then
-	## :bro:enum:`Cluster::NONE` is returned.
+	## If :zeek:id:`Cluster::is_enabled` returns false, then
+	## :zeek:enum:`Cluster::NONE` is returned.
 	##
-	## Returns: The :bro:type:`Cluster::NodeType` the calling node acts as.
+	## Returns: The :zeek:type:`Cluster::NodeType` the calling node acts as.
 	global local_node_type: function(): NodeType;
 
 	## This gives the value for the number of workers currently connected to,
@@ -241,8 +241,8 @@ export {
 
 	## Retrieve the topic associated with a specific node in the cluster.
 	##
-	## id: the id of the cluster node (from :bro:see:`Broker::EndpointInfo`
-	##     or :bro:see:`Broker::node_id`.
+	## id: the id of the cluster node (from :zeek:see:`Broker::EndpointInfo`
+	##     or :zeek:see:`Broker::node_id`.
 	##
 	## Returns: a topic string that may used to send a message exclusively to
 	##          a given cluster node.

scripts/base/frameworks/cluster/pools.zeek

@@ -58,17 +58,17 @@ export {
 		alive_count: count &default = 0;
 	};
 
-	## The specification for :bro:see:`Cluster::proxy_pool`.
+	## The specification for :zeek:see:`Cluster::proxy_pool`.
 	global proxy_pool_spec: PoolSpec =
 		PoolSpec($topic = "bro/cluster/pool/proxy",
 				 $node_type = Cluster::PROXY) &redef;
 
-	## The specification for :bro:see:`Cluster::worker_pool`.
+	## The specification for :zeek:see:`Cluster::worker_pool`.
 	global worker_pool_spec: PoolSpec =
 		PoolSpec($topic = "bro/cluster/pool/worker",
 				 $node_type = Cluster::WORKER) &redef;
 
-	## The specification for :bro:see:`Cluster::logger_pool`.
+	## The specification for :zeek:see:`Cluster::logger_pool`.
 	global logger_pool_spec: PoolSpec =
 		PoolSpec($topic = "bro/cluster/pool/logger",
 				 $node_type = Cluster::LOGGER) &redef;
@@ -120,10 +120,10 @@ export {
 	global rr_topic: function(pool: Pool, key: string &default=""): string;
 
 	## Distributes log message topics among logger nodes via round-robin.
-	## This will be automatically assigned to :bro:see:`Broker::log_topic`
-	## if :bro:see:`Cluster::enable_round_robin_logging` is enabled.
+	## This will be automatically assigned to :zeek:see:`Broker::log_topic`
+	## if :zeek:see:`Cluster::enable_round_robin_logging` is enabled.
 	## If no logger nodes are active, then this will return the value
-	## of :bro:see:`Broker::default_log_topic`.
+	## of :zeek:see:`Broker::default_log_topic`.
 	global rr_log_topic: function(id: Log::ID, path: string): string;
 }
 
@@ -136,7 +136,7 @@ export {
 ## Returns: F if a node of the same name already exists in the pool, else T.
 global init_pool_node: function(pool: Pool, name: string): bool;
 
-## Mark a pool node as alive/online/available. :bro:see:`Cluster::hrw_topic`
+## Mark a pool node as alive/online/available. :zeek:see:`Cluster::hrw_topic`
 ## will distribute keys to nodes marked as alive.
 ##
 ## pool: the pool to which the node belongs.
@@ -146,7 +146,7 @@ global init_pool_node: function(pool: Pool, name: string): bool;
 ## Returns: F if the node does not exist in the pool, else T.
 global mark_pool_node_alive: function(pool: Pool, name: string): bool;
 
-## Mark a pool node as dead/offline/unavailable. :bro:see:`Cluster::hrw_topic`
+## Mark a pool node as dead/offline/unavailable. :zeek:see:`Cluster::hrw_topic`
 ## will not distribute keys to nodes marked as dead.
 ##
 ## pool: the pool to which the node belongs.

scripts/base/frameworks/cluster/setup-connections.zeek

@@ -1,5 +1,5 @@
 ##! This script establishes communication among all nodes in a cluster
-##! as defined by :bro:id:`Cluster::nodes`.
+##! as defined by :zeek:id:`Cluster::nodes`.
 
 @load ./main
 @load ./pools

scripts/base/frameworks/config/main.zeek

@@ -24,14 +24,14 @@ export {
 		location: string &optional &log;
 	};
 
-	## Event that can be handled to access the :bro:type:`Config::Info`
+	## Event that can be handled to access the :zeek:type:`Config::Info`
 	## record as it is sent on to the logging framework.
 	global log_config: event(rec: Info);
 
 	## This function is the config framework layer around the lower-level
-	## :bro:see:`Option::set` call. Config::set_value will set the configuration
+	## :zeek:see:`Option::set` call. Config::set_value will set the configuration
 	## value for all nodes in the cluster, no matter where it was called. Note
-	## that :bro:see:`Option::set` does not distribute configuration changes
+	## that :zeek:see:`Option::set` does not distribute configuration changes
 	## to other nodes.
 	##
 	## ID: The ID of the option to update.

scripts/base/frameworks/control/main.zeek

@@ -8,7 +8,7 @@ export {
 	## The topic prefix used for exchanging control messages via Broker.
 	const topic_prefix = "bro/control";
 
-	## Whether the controllee should call :bro:see:`Broker::listen`.
+	## Whether the controllee should call :zeek:see:`Broker::listen`.
 	## In a cluster, this isn't needed since the setup process calls it.
 	const controllee_listen = T &redef;
 
@@ -18,7 +18,7 @@ export {
 	## The port of the host that will be controlled.
 	const host_port = 0/tcp &redef;
 
-	## If :bro:id:`Control::host` is a non-global IPv6 address and
+	## If :zeek:id:`Control::host` is a non-global IPv6 address and
 	## requires a specific :rfc:`4007` ``zone_id``, it can be set here.
 	const zone_id = "" &redef;
 
@@ -45,7 +45,7 @@ export {
 	## Event for requesting the value of an ID (a variable).
 	global id_value_request: event(id: string);
 	## Event for returning the value of an ID after an
-	## :bro:id:`Control::id_value_request` event.
+	## :zeek:id:`Control::id_value_request` event.
 	global id_value_response: event(id: string, val: string);
 
 	## Requests the current communication status.
@@ -62,7 +62,7 @@ export {
 	## updated.
 	global configuration_update_request: event();
 	## This event is a wrapper and alias for the
-	## :bro:id:`Control::configuration_update_request` event.
+	## :zeek:id:`Control::configuration_update_request` event.
 	## This event is also a primary hooking point for the control framework.
 	global configuration_update: event();
 	## Message in response to a configuration update request.

scripts/base/frameworks/files/main.zeek

@@ -18,19 +18,19 @@ export {
 	type AnalyzerArgs: record {
 		## An event which will be generated for all new file contents,
 		## chunk-wise.  Used when *tag* (in the
-		## :bro:see:`Files::add_analyzer` function) is
-		## :bro:see:`Files::ANALYZER_DATA_EVENT`.
+		## :zeek:see:`Files::add_analyzer` function) is
+		## :zeek:see:`Files::ANALYZER_DATA_EVENT`.
 		chunk_event: event(f: fa_file, data: string, off: count) &optional;
 
 		## An event which will be generated for all new file contents,
 		## stream-wise.  Used when *tag* is
-		## :bro:see:`Files::ANALYZER_DATA_EVENT`.
+		## :zeek:see:`Files::ANALYZER_DATA_EVENT`.
 		stream_event: event(f: fa_file, data: string) &optional;
 	} &redef;
 
 	## Contains all metadata related to the analysis of a given file.
 	## For the most part, fields here are derived from ones of the same name
-	## in :bro:see:`fa_file`.
+	## in :zeek:see:`fa_file`.
 	type Info: record {
 		## The time when the file was first seen.
 		ts: time &log;
@@ -66,7 +66,7 @@ export {
 		analyzers: set[string] &default=string_set() &log;
 
 		## A mime type provided by the strongest file magic signature
-		## match against the *bof_buffer* field of :bro:see:`fa_file`,
+		## match against the *bof_buffer* field of :zeek:see:`fa_file`,
 		## or in the cases where no buffering of the beginning of file
 		## occurs, an initial guess of the mime type based on the first
 		## data seen.
@@ -82,7 +82,7 @@ export {
 
 		## If the source of this file is a network connection, this field
 		## indicates if the data originated from the local network or not as
-		## determined by the configured :bro:see:`Site::local_nets`.
+		## determined by the configured :zeek:see:`Site::local_nets`.
 		local_orig: bool &log &optional;
 
 		## If the source of this file is a network connection, this field
@@ -118,8 +118,8 @@ export {
 	const disable: table[Files::Tag] of bool = table() &redef;
 
 	## The salt concatenated to unique file handle strings generated by
-	## :bro:see:`get_file_handle` before hashing them in to a file id
-	## (the *id* field of :bro:see:`fa_file`).
+	## :zeek:see:`get_file_handle` before hashing them in to a file id
+	## (the *id* field of :zeek:see:`fa_file`).
 	## Provided to help mitigate the possibility of manipulating parts of
 	## network connections that factor in to the file handle in order to
 	## generate two handles that would hash to the same file id.
@@ -142,11 +142,11 @@ export {
 	## Returns: T if the file uid is known.
 	global file_exists: function(fuid: string): bool;
 
-	## Lookup an :bro:see:`fa_file` record with the file id.
+	## Lookup an :zeek:see:`fa_file` record with the file id.
 	##
 	## fuid: the file id.
 	##
-	## Returns: the associated :bro:see:`fa_file` record.
+	## Returns: the associated :zeek:see:`fa_file` record.
 	global lookup_file: function(fuid: string): fa_file;
 
 	## Allows the file reassembler to be used if it's necessary because the
@@ -169,10 +169,10 @@ export {
 	## max: Maximum allowed size of the reassembly buffer.
 	global set_reassembly_buffer_size: function(f: fa_file, max: count);
 
-	## Sets the *timeout_interval* field of :bro:see:`fa_file`, which is
+	## Sets the *timeout_interval* field of :zeek:see:`fa_file`, which is
 	## used to determine the length of inactivity that is allowed for a file
 	## before internal state related to it is cleaned up.  When used within
-	## a :bro:see:`file_timeout` handler, the analysis will delay timing out
+	## a :zeek:see:`file_timeout` handler, the analysis will delay timing out
 	## again for the period specified by *t*.
 	##
 	## f: the file.
@@ -255,7 +255,7 @@ export {
 	##
 	## tag: Tag for the protocol analyzer having a callback being registered.
 	##
-	## reg: A :bro:see:`Files::ProtoRegistration` record.
+	## reg: A :zeek:see:`Files::ProtoRegistration` record.
 	##
 	## Returns: true if the protocol being registered was not previously registered.
 	global register_protocol: function(tag: Analyzer::Tag, reg: ProtoRegistration): bool;

scripts/base/frameworks/input/main.zeek

@@ -193,7 +193,7 @@ export {
 		## Descriptive name that uniquely identifies the input source.
 		## Can be used to remove a stream at a later time.
 		## This will also be used for the unique *source* field of
-		## :bro:see:`fa_file`.  Most of the time, the best choice for this
+		## :zeek:see:`fa_file`.  Most of the time, the best choice for this
 		## field will be the same value as the *source* field.
 		name: string;
 

scripts/base/frameworks/intel/main.zeek

@@ -35,7 +35,7 @@ export {
 	## Set of intelligence data types.
 	type TypeSet: set[Type];
 
-	## Data about an :bro:type:`Intel::Item`.
+	## Data about an :zeek:type:`Intel::Item`.
 	type MetaData: record {
 		## An arbitrary string value representing the data source. This
 		## value is used as unique key to identify a metadata record in
@@ -75,7 +75,7 @@ export {
 		## The type of data that the indicator represents.
 		indicator_type:  Type          &log &optional;
 
-		## If the indicator type was :bro:enum:`Intel::ADDR`, then this
+		## If the indicator type was :zeek:enum:`Intel::ADDR`, then this
 		## field will be present.
 		host:            addr          &optional;
 
@@ -155,7 +155,7 @@ export {
 	global extend_match: hook(info: Info, s: Seen, items: set[Item]);
 
 	## The expiration timeout for intelligence items. Once an item expires, the
-	## :bro:id:`Intel::item_expired` hook is called. Reinsertion of an item 
+	## :zeek:id:`Intel::item_expired` hook is called. Reinsertion of an item 
 	## resets the timeout. A negative value disables expiration of intelligence 
 	## items.
 	const item_expiration = -1 min &redef;

scripts/base/frameworks/logging/main.zeek

@@ -176,7 +176,7 @@ export {
 		## easy to flood the disk by returning a new string for each
 		## connection.  Upon adding a filter to a stream, if neither
 		## ``path`` nor ``path_func`` is explicitly set by them, then
-		## :bro:see:`Log::default_path_func` is used.
+		## :zeek:see:`Log::default_path_func` is used.
 		##
 		## id: The ID associated with the log stream.
 		##
@@ -191,7 +191,7 @@ export {
 		##
 		## Returns: The path to be used for the filter, which will be
 		##          subject to the same automatic correction rules as
-		##          the *path* field of :bro:type:`Log::Filter` in the
+		##          the *path* field of :zeek:type:`Log::Filter` in the
 		##          case of conflicts with other filters trying to use
 		##          the same writer/path pair.
 		path_func: function(id: ID, path: string, rec: any): string &optional;
@@ -232,7 +232,7 @@ export {
 		interv: interval &default=default_rotation_interval;
 
 		## Callback function to trigger for rotated files. If not set, the
-		## default comes out of :bro:id:`Log::default_rotation_postprocessors`.
+		## default comes out of :zeek:id:`Log::default_rotation_postprocessors`.
 		postprocessor: function(info: RotationInfo) : bool &optional;
 
 		## A key/value table that will be passed on to the writer.
@@ -253,7 +253,7 @@ export {
 	## Returns: True if a new logging stream was successfully created and
 	##          a default filter added to it.
 	##
-	## .. bro:see:: Log::add_default_filter Log::remove_default_filter
+	## .. zeek:see:: Log::add_default_filter Log::remove_default_filter
 	global create_stream: function(id: ID, stream: Stream) : bool;
 
 	## Removes a logging stream completely, stopping all the threads.
@@ -262,7 +262,7 @@ export {
 	##
 	## Returns: True if the stream was successfully removed.
 	##
-	## .. bro:see:: Log::create_stream
+	## .. zeek:see:: Log::create_stream
 	global remove_stream: function(id: ID) : bool;
 
 	## Enables a previously disabled logging stream.  Disabled streams
@@ -273,7 +273,7 @@ export {
 	##
 	## Returns: True if the stream is re-enabled or was not previously disabled.
 	##
-	## .. bro:see:: Log::disable_stream
+	## .. zeek:see:: Log::disable_stream
 	global enable_stream: function(id: ID) : bool;
 
 	## Disables a currently enabled logging stream.  Disabled streams
@@ -284,7 +284,7 @@ export {
 	##
 	## Returns: True if the stream is now disabled or was already disabled.
 	##
-	## .. bro:see:: Log::enable_stream
+	## .. zeek:see:: Log::enable_stream
 	global disable_stream: function(id: ID) : bool;
 
 	## Adds a custom filter to an existing logging stream.  If a filter
@@ -299,7 +299,7 @@ export {
 	##          the filter was not added or the *filter* argument was not
 	##          the correct type.
 	##
-	## .. bro:see:: Log::remove_filter Log::add_default_filter
+	## .. zeek:see:: Log::remove_filter Log::add_default_filter
 	##    Log::remove_default_filter Log::get_filter Log::get_filter_names
 	global add_filter: function(id: ID, filter: Filter) : bool;
 
@@ -309,12 +309,12 @@ export {
 	##     remove a filter.
 	##
 	## name: A string to match against the ``name`` field of a
-	##       :bro:type:`Log::Filter` for identification purposes.
+	##       :zeek:type:`Log::Filter` for identification purposes.
 	##
 	## Returns: True if the logging stream's filter was removed or
 	##          if no filter associated with *name* was found.
 	##
-	## .. bro:see:: Log::remove_filter Log::add_default_filter
+	## .. zeek:see:: Log::remove_filter Log::add_default_filter
 	##    Log::remove_default_filter Log::get_filter Log::get_filter_names
 	global remove_filter: function(id: ID, name: string) : bool;
 
@@ -326,7 +326,7 @@ export {
 	##
 	## Returns: The set of filter names associated with the stream.
 	##
-	## ..bro:see:: Log::remove_filter Log::add_default_filter
+	## ..zeek:see:: Log::remove_filter Log::add_default_filter
 	##   Log::remove_default_filter Log::get_filter
 	global get_filter_names: function(id: ID) : set[string];
 
@@ -336,13 +336,13 @@ export {
 	##     obtain one of its filters.
 	##
 	## name: A string to match against the ``name`` field of a
-	##       :bro:type:`Log::Filter` for identification purposes.
+	##       :zeek:type:`Log::Filter` for identification purposes.
 	##
 	## Returns: A filter attached to the logging stream *id* matching
 	##          *name* or, if no matches are found returns the
-	##          :bro:id:`Log::no_filter` sentinel value.
+	##          :zeek:id:`Log::no_filter` sentinel value.
 	##
-	## .. bro:see:: Log::add_filter Log::remove_filter Log::add_default_filter
+	## .. zeek:see:: Log::add_filter Log::remove_filter Log::add_default_filter
 	##              Log::remove_default_filter Log::get_filter_names
 	global get_filter: function(id: ID, name: string) : Filter;
 
@@ -360,7 +360,7 @@ export {
 	##          to handle, or one of the stream's filters has an invalid
 	##          ``path_func``.
 	##
-	## .. bro:see:: Log::enable_stream Log::disable_stream
+	## .. zeek:see:: Log::enable_stream Log::disable_stream
 	global write: function(id: ID, columns: any) : bool;
 
 	## Sets the buffering status for all the writers of a given logging stream.
@@ -375,7 +375,7 @@ export {
 	## Returns: True if buffering status was set, false if the logging stream
 	##          does not exist.
 	##
-	## .. bro:see:: Log::flush
+	## .. zeek:see:: Log::flush
 	global set_buf: function(id: ID, buffered: bool): bool;
 
 	## Flushes any currently buffered output for all the writers of a given
@@ -388,50 +388,50 @@ export {
 	##          buffered data or if the logging stream is disabled,
 	##          false if the logging stream does not exist.
 	##
-	## .. bro:see:: Log::set_buf Log::enable_stream Log::disable_stream
+	## .. zeek:see:: Log::set_buf Log::enable_stream Log::disable_stream
 	global flush: function(id: ID): bool;
 
-	## Adds a default :bro:type:`Log::Filter` record with ``name`` field
+	## Adds a default :zeek:type:`Log::Filter` record with ``name`` field
 	## set as "default" to a given logging stream.
 	##
 	## id: The ID associated with a logging stream for which to add a default
 	##     filter.
 	##
-	## Returns: The status of a call to :bro:id:`Log::add_filter` using a
-	##          default :bro:type:`Log::Filter` argument with ``name`` field
+	## Returns: The status of a call to :zeek:id:`Log::add_filter` using a
+	##          default :zeek:type:`Log::Filter` argument with ``name`` field
 	##          set to "default".
 	##
-	## .. bro:see:: Log::add_filter Log::remove_filter
+	## .. zeek:see:: Log::add_filter Log::remove_filter
 	##    Log::remove_default_filter
 	global add_default_filter: function(id: ID) : bool;
 
-	## Removes the :bro:type:`Log::Filter` with ``name`` field equal to
+	## Removes the :zeek:type:`Log::Filter` with ``name`` field equal to
 	## "default".
 	##
 	## id: The ID associated with a logging stream from which to remove the
 	##     default filter.
 	##
-	## Returns: The status of a call to :bro:id:`Log::remove_filter` using
+	## Returns: The status of a call to :zeek:id:`Log::remove_filter` using
 	##          "default" as the argument.
 	##
-	## .. bro:see:: Log::add_filter Log::remove_filter Log::add_default_filter
+	## .. zeek:see:: Log::add_filter Log::remove_filter Log::add_default_filter
 	global remove_default_filter: function(id: ID) : bool;
 
-	## Runs a command given by :bro:id:`Log::default_rotation_postprocessor_cmd`
+	## Runs a command given by :zeek:id:`Log::default_rotation_postprocessor_cmd`
 	## on a rotated file.  Meant to be called from postprocessor functions
-	## that are added to :bro:id:`Log::default_rotation_postprocessors`.
+	## that are added to :zeek:id:`Log::default_rotation_postprocessors`.
 	##
 	## info: A record holding meta-information about the log being rotated.
 	##
 	## npath: The new path of the file (after already being rotated/processed
 	##        by writer-specific postprocessor as defined in
-	##        :bro:id:`Log::default_rotation_postprocessors`).
+	##        :zeek:id:`Log::default_rotation_postprocessors`).
 	##
-	## Returns: True when :bro:id:`Log::default_rotation_postprocessor_cmd`
+	## Returns: True when :zeek:id:`Log::default_rotation_postprocessor_cmd`
 	##          is empty or the system command given by it has been invoked
 	##          to postprocess a rotated log file.
 	##
-	## .. bro:see:: Log::default_rotation_date_format
+	## .. zeek:see:: Log::default_rotation_date_format
 	##    Log::default_rotation_postprocessor_cmd
 	##    Log::default_rotation_postprocessors
 	global run_rotation_postprocessor_cmd: function(info: RotationInfo, npath: string) : bool;

scripts/base/frameworks/logging/postprocessors/scp.zeek

@@ -2,22 +2,22 @@
 ##! to a logging filter in order to automatically SCP (secure copy)
 ##! a log stream (or a subset of it) to a remote host at configurable
 ##! rotation time intervals.  Generally, to use this functionality
-##! you must handle the :bro:id:`zeek_init` event and do the following
+##! you must handle the :zeek:id:`zeek_init` event and do the following
 ##! in your handler:
 ##!
-##! 1) Create a new :bro:type:`Log::Filter` record that defines a name/path,
+##! 1) Create a new :zeek:type:`Log::Filter` record that defines a name/path,
 ##!    rotation interval, and set the ``postprocessor`` to
-##!    :bro:id:`Log::scp_postprocessor`.
-##! 2) Add the filter to a logging stream using :bro:id:`Log::add_filter`.
-##! 3) Add a table entry to :bro:id:`Log::scp_destinations` for the filter's
-##!    writer/path pair which defines a set of :bro:type:`Log::SCPDestination`
+##!    :zeek:id:`Log::scp_postprocessor`.
+##! 2) Add the filter to a logging stream using :zeek:id:`Log::add_filter`.
+##! 3) Add a table entry to :zeek:id:`Log::scp_destinations` for the filter's
+##!    writer/path pair which defines a set of :zeek:type:`Log::SCPDestination`
 ##!    records.
 
 module Log;
 
 export {
 	## Secure-copies the rotated log to all the remote hosts
-	## defined in :bro:id:`Log::scp_destinations` and then deletes
+	## defined in :zeek:id:`Log::scp_destinations` and then deletes
 	## the local copy of the rotated log.  It's not active when
 	## reading from trace files.
 	##
@@ -42,7 +42,7 @@ export {
 	};
 
 	## A table indexed by a particular log writer and filter path, that yields
-	## a set of remote destinations.  The :bro:id:`Log::scp_postprocessor`
+	## a set of remote destinations.  The :zeek:id:`Log::scp_postprocessor`
 	## function queries this table upon log rotation and performs a secure
 	## copy of the rotated log to each destination in the set.  This
 	## table can be modified at run-time.

scripts/base/frameworks/logging/postprocessors/sftp.zeek

@@ -2,22 +2,22 @@
 ##! to a logging filter in order to automatically SFTP
 ##! a log stream (or a subset of it) to a remote host at configurable
 ##! rotation time intervals.  Generally, to use this functionality
-##! you must handle the :bro:id:`zeek_init` event and do the following
+##! you must handle the :zeek:id:`zeek_init` event and do the following
 ##! in your handler:
 ##!
-##! 1) Create a new :bro:type:`Log::Filter` record that defines a name/path,
+##! 1) Create a new :zeek:type:`Log::Filter` record that defines a name/path,
 ##!    rotation interval, and set the ``postprocessor`` to
-##!    :bro:id:`Log::sftp_postprocessor`.
-##! 2) Add the filter to a logging stream using :bro:id:`Log::add_filter`.
-##! 3) Add a table entry to :bro:id:`Log::sftp_destinations` for the filter's
-##!    writer/path pair which defines a set of :bro:type:`Log::SFTPDestination`
+##!    :zeek:id:`Log::sftp_postprocessor`.
+##! 2) Add the filter to a logging stream using :zeek:id:`Log::add_filter`.
+##! 3) Add a table entry to :zeek:id:`Log::sftp_destinations` for the filter's
+##!    writer/path pair which defines a set of :zeek:type:`Log::SFTPDestination`
 ##!    records.
 
 module Log;
 
 export {
 	## Securely transfers the rotated log to all the remote hosts
-	## defined in :bro:id:`Log::sftp_destinations` and then deletes
+	## defined in :zeek:id:`Log::sftp_destinations` and then deletes
 	## the local copy of the rotated log.  It's not active when
 	## reading from trace files.
 	##
@@ -44,7 +44,7 @@ export {
 	};
 
 	## A table indexed by a particular log writer and filter path, that yields
-	## a set of remote destinations.  The :bro:id:`Log::sftp_postprocessor`
+	## a set of remote destinations.  The :zeek:id:`Log::sftp_postprocessor`
 	## function queries this table upon log rotation and performs a secure
 	## transfer of the rotated log to each destination in the set.  This
 	## table can be modified at run-time.

scripts/base/frameworks/netcontrol/catch-and-release.zeek

@@ -80,7 +80,7 @@ export {
 	## again.
 	##
 	## In cluster mode, this function works on workers as well as the manager. On managers,
-	## the returned :bro:see:`NetControl::BlockInfo` record will not contain the block ID,
+	## the returned :zeek:see:`NetControl::BlockInfo` record will not contain the block ID,
 	## which will be assigned on the manager.
 	##
 	## a: The address to be dropped.
@@ -89,7 +89,7 @@ export {
 	##
 	## location: An optional string describing where the drop was triggered.
 	##
-	## Returns: The :bro:see:`NetControl::BlockInfo` record containing information about
+	## Returns: The :zeek:see:`NetControl::BlockInfo` record containing information about
 	##          the inserted block.
 	global drop_address_catch_release: function(a: addr, location: string &default="") : BlockInfo;
 
@@ -114,7 +114,7 @@ export {
 	## a: The address that was seen and should be re-dropped if it is being watched.
 	global catch_release_seen: function(a: addr);
 
-	## Get the :bro:see:`NetControl::BlockInfo` record for an address currently blocked by catch and release.
+	## Get the :zeek:see:`NetControl::BlockInfo` record for an address currently blocked by catch and release.
 	## If the address is unknown to catch and release, the watch_until time will be set to 0.
 	##
 	## In cluster mode, this function works on the manager and workers. On workers, the data will
@@ -123,7 +123,7 @@ export {
 	##
 	## a: The address to get information about.
 	##
-	## Returns: The :bro:see:`NetControl::BlockInfo` record containing information about
+	## Returns: The :zeek:see:`NetControl::BlockInfo` record containing information about
 	##          the inserted block.
 	global get_catch_release_info: function(a: addr) : BlockInfo;
 
@@ -132,7 +132,7 @@ export {
 	##
 	## a: The address that is no longer being managed.
 	##
-	## bi: The :bro:see:`NetControl::BlockInfo` record containing information about the block.
+	## bi: The :zeek:see:`NetControl::BlockInfo` record containing information about the block.
 	global catch_release_forgotten: event(a: addr, bi: BlockInfo);
 
 	## If true, catch_release_seen is called on the connection originator in new_connection,
@@ -148,7 +148,7 @@ export {
 	## effect.
 	const catch_release_intervals: vector of interval = vector(10min, 1hr, 24hrs, 7days) &redef;
 
-	## Event that can be handled to access the :bro:type:`NetControl::CatchReleaseInfo`
+	## Event that can be handled to access the :zeek:type:`NetControl::CatchReleaseInfo`
 	## record as it is sent on to the logging framework.
 	global log_netcontrol_catch_release: event(rec: CatchReleaseInfo);
 

scripts/base/frameworks/netcontrol/drop.zeek

@@ -50,7 +50,7 @@ export {
 	## r: The rule to be added.
 	global NetControl::drop_rule_policy: hook(r: Rule);
 
-	## Event that can be handled to access the :bro:type:`NetControl::ShuntInfo`
+	## Event that can be handled to access the :zeek:type:`NetControl::ShuntInfo`
 	## record as it is sent on to the logging framework.
 	global log_netcontrol_drop: event(rec: DropInfo);
 }

scripts/base/frameworks/netcontrol/main.zeek

@@ -98,7 +98,7 @@ export {
 	## Returns: Vector of inserted rules on success, empty list on failure.
 	global quarantine_host: function(infected: addr, dns: addr, quarantine: addr, t: interval, location: string &default="") : vector of string;
 
-	## Flushes all state by calling :bro:see:`NetControl::remove_rule` on all currently active rules.
+	## Flushes all state by calling :zeek:see:`NetControl::remove_rule` on all currently active rules.
 	global clear: function();
 
 	# ###
@@ -122,7 +122,7 @@ export {
 
 	## Removes a rule.
 	##
-	## id: The rule to remove, specified as the ID returned by :bro:see:`NetControl::add_rule`.
+	## id: The rule to remove, specified as the ID returned by :zeek:see:`NetControl::add_rule`.
 	##
 	## reason: Optional string argument giving information on why the rule was removed.
 	##
@@ -138,7 +138,7 @@ export {
 	## the rule has been added; if it is not removed from them by a separate mechanism,
 	## it will stay installed and not be removed later.
 	##
-	## id: The rule to delete, specified as the ID returned by :bro:see:`NetControl::add_rule`.
+	## id: The rule to delete, specified as the ID returned by :zeek:see:`NetControl::add_rule`.
 	##
 	## reason: Optional string argument giving information on why the rule was deleted.
 	##
@@ -321,7 +321,7 @@ export {
 		plugin: string		&log &optional;
 	};
 
-	## Event that can be handled to access the :bro:type:`NetControl::Info`
+	## Event that can be handled to access the :zeek:type:`NetControl::Info`
 	## record as it is sent on to the logging framework.
 	global log_netcontrol: event(rec: Info);
 }

scripts/base/frameworks/netcontrol/plugins/broker.zeek

@@ -9,7 +9,7 @@ module NetControl;
 @load base/frameworks/broker
 
 export {
-	## This record specifies the configuration that is passed to :bro:see:`NetControl::create_broker`.
+	## This record specifies the configuration that is passed to :zeek:see:`NetControl::create_broker`.
 	type BrokerConfig: record {
 		## The broker topic to send events to.
 		topic: string &optional;

scripts/base/frameworks/netcontrol/plugins/openflow.zeek

@@ -7,7 +7,7 @@
 module NetControl;
 
 export {
-	## This record specifies the configuration that is passed to :bro:see:`NetControl::create_openflow`.
+	## This record specifies the configuration that is passed to :zeek:see:`NetControl::create_openflow`.
 	type OfConfig: record {
 		monitor: bool &default=T; ##< Accept rules that target the monitor path.
 		forward: bool &default=T; ##< Accept rules that target the forward path.

scripts/base/frameworks/netcontrol/shunt.zeek

@@ -31,7 +31,7 @@ export {
 		location: string &log &optional;
 	};
 
-	## Event that can be handled to access the :bro:type:`NetControl::ShuntInfo`
+	## Event that can be handled to access the :zeek:type:`NetControl::ShuntInfo`
 	## record as it is sent on to the logging framework.
 	global log_netcontrol_shunt: event(rec: ShuntInfo);
 }

scripts/base/frameworks/netcontrol/types.zeek

@@ -1,6 +1,6 @@
 ##! This file defines the types that are used by the NetControl framework.
 ##!
-##! The most important type defined in this file is :bro:see:`NetControl::Rule`,
+##! The most important type defined in this file is :zeek:see:`NetControl::Rule`,
 ##! which is used to describe all rules that can be expressed by the NetControl framework. 
 
 module NetControl;
@@ -10,11 +10,11 @@ export {
 	option default_priority: int = +0;
 
 	## The default priority that is used when using the high-level functions to
-	## push whitelist entries to the backends (:bro:see:`NetControl::whitelist_address` and
-	## :bro:see:`NetControl::whitelist_subnet`).
+	## push whitelist entries to the backends (:zeek:see:`NetControl::whitelist_address` and
+	## :zeek:see:`NetControl::whitelist_subnet`).
 	##
 	## Note that this priority is not automatically used when manually creating rules
-	## that have a :bro:see:`NetControl::RuleType` of :bro:enum:`NetControl::WHITELIST`.
+	## that have a :zeek:see:`NetControl::RuleType` of :zeek:enum:`NetControl::WHITELIST`.
 	const whitelist_priority: int = +5 &redef;
 
 	## Type defining the entity that a rule applies to.
@@ -25,7 +25,7 @@ export {
 		MAC,		##< Activity involving a MAC address.
 	};
 
-	## Flow is used in :bro:type:`NetControl::Entity` together with :bro:enum:`NetControl::FLOW` to specify
+	## Flow is used in :zeek:type:`NetControl::Entity` together with :zeek:enum:`NetControl::FLOW` to specify
 	## a uni-directional flow that a rule applies to.
 	##
 	## If optional fields are not set, they are interpreted as wildcarded.
@@ -41,10 +41,10 @@ export {
 	## Type defining the entity a rule is operating on.
 	type Entity: record {
 		ty: EntityType;			##< Type of entity.
-		conn: conn_id &optional;	##< Used with :bro:enum:`NetControl::CONNECTION`.
-		flow: Flow &optional;	##< Used with :bro:enum:`NetControl::FLOW`.
-		ip: subnet &optional;		##< Used with :bro:enum:`NetControl::ADDRESS` to specifiy a CIDR subnet.
-		mac: string &optional;		##< Used with :bro:enum:`NetControl::MAC`.
+		conn: conn_id &optional;	##< Used with :zeek:enum:`NetControl::CONNECTION`.
+		flow: Flow &optional;	##< Used with :zeek:enum:`NetControl::FLOW`.
+		ip: subnet &optional;		##< Used with :zeek:enum:`NetControl::ADDRESS` to specifiy a CIDR subnet.
+		mac: string &optional;		##< Used with :zeek:enum:`NetControl::MAC`.
 	};
 
 	## Type defining the target of a rule.
@@ -59,7 +59,7 @@ export {
 	};
 
 	## Type of rules that the framework supports. Each type lists the extra
-	## :bro:type:`NetControl::Rule` fields it uses, if any.
+	## :zeek:type:`NetControl::Rule` fields it uses, if any.
 	##
 	## Plugins may extend this type to define their own.
 	type RuleType: enum {
@@ -108,8 +108,8 @@ export {
 		priority: int &default=default_priority;	##< Priority if multiple rules match an entity (larger value is higher priority).
 		location: string &optional;	##< Optional string describing where/what installed the rule.
 
-		out_port: count &optional;		##< Argument for :bro:enum:`NetControl::REDIRECT` rules.
-		mod: FlowMod &optional; ##< Argument for :bro:enum:`NetControl::MODIFY` rules.
+		out_port: count &optional;		##< Argument for :zeek:enum:`NetControl::REDIRECT` rules.
+		mod: FlowMod &optional; ##< Argument for :zeek:enum:`NetControl::MODIFY` rules.
 
 		id: string &default="";		##< Internally determined unique ID for this rule. Will be set when added.
 		cid: count &default=0;		##< Internally determined unique numeric ID for this rule. Set when added.

scripts/base/frameworks/notice/actions/add-geodata.zeek

@@ -13,7 +13,7 @@ module Notice;
 export {
 	redef enum Action += {
 		## Indicates that the notice should have geodata added for the
-		## "remote" host.  :bro:id:`Site::local_nets` must be defined
+		## "remote" host.  :zeek:id:`Site::local_nets` must be defined
 		## in order for this to work.
 		ACTION_ADD_GEODATA
 	};

scripts/base/frameworks/notice/actions/drop.zeek

@@ -8,7 +8,7 @@ module Notice;
 
 export {
 	redef enum Action += {
-		## Drops the address via :bro:see:`NetControl::drop_address_catch_release`.
+		## Drops the address via :zeek:see:`NetControl::drop_address_catch_release`.
 		ACTION_DROP
 	};
 

scripts/base/frameworks/notice/actions/email_admin.zeek

@@ -1,6 +1,6 @@
 ##! Adds a new notice action type which can be used to email notices
 ##! to the administrators of a particular address space as set by
-##! :bro:id:`Site::local_admins` if the notice contains a source
+##! :zeek:id:`Site::local_admins` if the notice contains a source
 ##! or destination address that lies within their space.
 
 @load ../main
@@ -12,7 +12,7 @@ export {
 	redef enum Action += {
 		## Indicate that the generated email should be addressed to the 
 		## appropriate email addresses as found by the
-		## :bro:id:`Site::get_emails` function based on the relevant 
+		## :zeek:id:`Site::get_emails` function based on the relevant 
 		## address or addresses indicated in the notice.
 		ACTION_EMAIL_ADMIN
 	};

scripts/base/frameworks/notice/actions/page.zeek

@@ -7,12 +7,12 @@ module Notice;
 export {
 	redef enum Action += {
 		## Indicates that the notice should be sent to the pager email
-		## address configured in the :bro:id:`Notice::mail_page_dest`
+		## address configured in the :zeek:id:`Notice::mail_page_dest`
 		## variable.
 		ACTION_PAGE
 	};
 	
-	## Email address to send notices with the :bro:enum:`Notice::ACTION_PAGE`
+	## Email address to send notices with the :zeek:enum:`Notice::ACTION_PAGE`
 	## action.
 	option mail_page_dest = "";
 }

scripts/base/frameworks/notice/actions/pp-alarms.zeek

@@ -12,7 +12,7 @@ export {
 	const pretty_print_alarms = T &redef;
 	
 	## Address to send the pretty-printed reports to. Default if not set is
-	## :bro:id:`Notice::mail_dest`.
+	## :zeek:id:`Notice::mail_dest`.
 	##
 	## Note that this is overridden by the BroControl MailAlarmsTo option.
 	const mail_dest_pretty_printed = "" &redef;

scripts/base/frameworks/notice/main.zeek

@@ -18,7 +18,7 @@ export {
 
 	## Scripts creating new notices need to redef this enum to add their
 	## own specific notice types which would then get used when they call
-	## the :bro:id:`NOTICE` function.  The convention is to give a general
+	## the :zeek:id:`NOTICE` function.  The convention is to give a general
 	## category along with the specific notice separating words with
 	## underscores and using leading capitals on each word except for
 	## abbreviations which are kept in all capitals. For example,
@@ -37,12 +37,12 @@ export {
 		## logging stream.
 		ACTION_LOG,
 		## Indicates that the notice should be sent to the email
-		## address(es) configured in the :bro:id:`Notice::mail_dest`
+		## address(es) configured in the :zeek:id:`Notice::mail_dest`
 		## variable.
 		ACTION_EMAIL,
 		## Indicates that the notice should be alarmed.  A readable
 		## ASCII version of the alarm log is emailed in bulk to the
-		## address(es) configured in :bro:id:`Notice::mail_dest`.
+		## address(es) configured in :zeek:id:`Notice::mail_dest`.
 		ACTION_ALARM,
 	};
 
@@ -50,7 +50,7 @@ export {
 	type ActionSet: set[Notice::Action];
 
 	## The notice framework is able to do automatic notice suppression by
-	## utilizing the *identifier* field in :bro:type:`Notice::Info` records.
+	## utilizing the *identifier* field in :zeek:type:`Notice::Info` records.
 	## Set this to "0secs" to completely disable automated notice
 	## suppression.
 	option default_suppression_interval = 1hrs;
@@ -103,18 +103,18 @@ export {
 		## *conn*, *iconn* or *p* is specified.
 		proto:          transport_proto &log &optional;
 
-		## The :bro:type:`Notice::Type` of the notice.
+		## The :zeek:type:`Notice::Type` of the notice.
 		note:           Type           &log;
 		## The human readable message for the notice.
 		msg:            string         &log &optional;
 		## The human readable sub-message.
 		sub:            string         &log &optional;
 
-		## Source address, if we don't have a :bro:type:`conn_id`.
+		## Source address, if we don't have a :zeek:type:`conn_id`.
 		src:            addr           &log &optional;
 		## Destination address.
 		dst:            addr           &log &optional;
-		## Associated port, if we don't have a :bro:type:`conn_id`.
+		## Associated port, if we don't have a :zeek:type:`conn_id`.
 		p:              port           &log &optional;
 		## Associated count, or perhaps a status code.
 		n:              count          &log &optional;
@@ -131,14 +131,14 @@ export {
 		## By adding chunks of text into this element, other scripts
 		## can expand on notices that are being emailed.  The normal
 		## way to add text is to extend the vector by handling the
-		## :bro:id:`Notice::notice` event and modifying the notice in
+		## :zeek:id:`Notice::notice` event and modifying the notice in
 		## place.
 		email_body_sections:  vector of string &optional;
 
 		## Adding a string "token" to this set will cause the notice
 		## framework's built-in emailing functionality to delay sending
 		## the email until either the token has been removed or the
-		## email has been delayed for :bro:id:`Notice::max_email_delay`.
+		## email has been delayed for :zeek:id:`Notice::max_email_delay`.
 		email_delay_tokens:   set[string] &optional;
 
 		## This field is to be provided when a notice is generated for
@@ -192,8 +192,8 @@ export {
 	## Note that this is overridden by the BroControl SendMail option.
 	option sendmail            = "/usr/sbin/sendmail";
 	## Email address to send notices with the
-	## :bro:enum:`Notice::ACTION_EMAIL` action or to send bulk alarm logs
-	## on rotation with :bro:enum:`Notice::ACTION_ALARM`.
+	## :zeek:enum:`Notice::ACTION_EMAIL` action or to send bulk alarm logs
+	## on rotation with :zeek:enum:`Notice::ACTION_ALARM`.
 	##
 	## Note that this is overridden by the BroControl MailTo option.
 	const mail_dest           = ""                   &redef;
@@ -212,18 +212,18 @@ export {
 	## The maximum amount of time a plugin can delay email from being sent.
 	const max_email_delay     = 15secs &redef;
 
-	## Contains a portion of :bro:see:`fa_file` that's also contained in
-	## :bro:see:`Notice::Info`.
+	## Contains a portion of :zeek:see:`fa_file` that's also contained in
+	## :zeek:see:`Notice::Info`.
 	type FileInfo: record {
 		fuid: string;            ##< File UID.
 		desc: string;            ##< File description from e.g.
-		                         ##< :bro:see:`Files::describe`.
+		                         ##< :zeek:see:`Files::describe`.
 		mime: string  &optional; ##< Strongest mime type match for file.
 		cid:  conn_id &optional; ##< Connection tuple over which file is sent.
 		cuid: string  &optional; ##< Connection UID over which file is sent.
 	};
 
-	## Creates a record containing a subset of a full :bro:see:`fa_file` record.
+	## Creates a record containing a subset of a full :zeek:see:`fa_file` record.
 	##
 	## f: record containing metadata about a file.
 	##
@@ -245,7 +245,7 @@ export {
 	global populate_file_info2: function(fi: Notice::FileInfo, n: Notice::Info);
 
 	## A log postprocessing function that implements emailing the contents
-	## of a log upon rotation to any configured :bro:id:`Notice::mail_dest`.
+	## of a log upon rotation to any configured :zeek:id:`Notice::mail_dest`.
 	## The rotated log is removed upon being sent.
 	##
 	## info: A record containing the rotated log file information.
@@ -254,9 +254,9 @@ export {
 	global log_mailing_postprocessor: function(info: Log::RotationInfo): bool;
 
 	## This is the event that is called as the entry point to the
-	## notice framework by the global :bro:id:`NOTICE` function.  By the
+	## notice framework by the global :zeek:id:`NOTICE` function.  By the
 	## time this event is generated, default values have already been
-	## filled out in the :bro:type:`Notice::Info` record and the notice
+	## filled out in the :zeek:type:`Notice::Info` record and the notice
 	## policy has also been applied.
 	##
 	## n: The record containing notice data.
@@ -268,7 +268,7 @@ export {
 	##
 	## suppress_for: length of time that this notice should be suppressed.
 	##
-	## note: The :bro:type:`Notice::Type` of the notice.
+	## note: The :zeek:type:`Notice::Type` of the notice.
 	##
 	## identifier: The identifier string of the notice that should be suppressed.
 	global begin_suppression: event(ts: time, suppress_for: interval, note: Type, identifier: string);
@@ -286,8 +286,8 @@ export {
 	global suppressed: event(n: Notice::Info);
 
 	## Call this function to send a notice in an email.  It is already used
-	## by default with the built in :bro:enum:`Notice::ACTION_EMAIL` and
-	## :bro:enum:`Notice::ACTION_PAGE` actions.
+	## by default with the built in :zeek:enum:`Notice::ACTION_EMAIL` and
+	## :zeek:enum:`Notice::ACTION_PAGE` actions.
 	##
 	## n: The record of notice data to email.
 	##
@@ -308,13 +308,13 @@ export {
 	##          appended.
 	global email_headers: function(subject_desc: string, dest: string): string;
 
-	## This event can be handled to access the :bro:type:`Notice::Info`
+	## This event can be handled to access the :zeek:type:`Notice::Info`
 	## record as it is sent on to the logging framework.
 	##
 	## rec: The record containing notice data before it is logged.
 	global log_notice: event(rec: Info);
 
-	## This is an internal wrapper for the global :bro:id:`NOTICE`
+	## This is an internal wrapper for the global :zeek:id:`NOTICE`
 	## function; disregard.
 	##
 	## n: The record of notice data.
@@ -598,7 +598,7 @@ function populate_file_info2(fi: Notice::FileInfo, n: Notice::Info)
 
 # This is run synchronously as a function before all of the other
 # notice related functions and events.  It also modifies the
-# :bro:type:`Notice::Info` record in place.
+# :zeek:type:`Notice::Info` record in place.
 function apply_policy(n: Notice::Info)
 	{
 	# Fill in some defaults.

scripts/base/frameworks/openflow/plugins/log.zeek

@@ -41,7 +41,7 @@ export {
 		flow_mod: ofp_flow_mod &log;
 	};
 
-	## Event that can be handled to access the :bro:type:`OpenFlow::Info`
+	## Event that can be handled to access the :zeek:type:`OpenFlow::Info`
 	## record as it is sent on to the logging framework.
 	global log_openflow: event(rec: Info);
 }

scripts/base/frameworks/packet-filter/main.zeek

@@ -2,7 +2,7 @@
 ##! Bro sets a capture filter that allows all traffic.  If a filter
 ##! is set on the command line, that filter takes precedence over the default
 ##! open filter and all filters defined in Bro scripts with the
-##! :bro:id:`capture_filters` and :bro:id:`restrict_filters` variables.
+##! :zeek:id:`capture_filters` and :zeek:id:`restrict_filters` variables.
 
 @load base/frameworks/notice
 @load base/frameworks/analyzer
@@ -48,7 +48,7 @@ export {
 	};
 
 	## The BPF filter that is used by default to define what traffic should
-	## be captured.  Filters defined in :bro:id:`restrict_filters` will
+	## be captured.  Filters defined in :zeek:id:`restrict_filters` will
 	## still be applied to reduce the captured traffic.
 	const default_capture_filter = "ip or not ip" &redef;
 
@@ -64,7 +64,7 @@ export {
 	## The maximum amount of time that you'd like to allow for BPF filters to compile.
 	## If this time is exceeded, compensation measures may be taken by the framework
 	## to reduce the filter size.  This threshold being crossed also results
-	## in the :bro:see:`PacketFilter::Too_Long_To_Compile_Filter` notice.
+	## in the :zeek:see:`PacketFilter::Too_Long_To_Compile_Filter` notice.
 	const max_filter_compile_time = 100msec &redef;
 
 	## Install a BPF filter to exclude some traffic.  The filter should

scripts/base/frameworks/packet-filter/utils.zeek

@@ -1,7 +1,7 @@
 module PacketFilter;
 
 export {
-	## Takes a :bro:type:`port` and returns a BPF expression which will
+	## Takes a :zeek:type:`port` and returns a BPF expression which will
 	## match the port.
 	##
 	## p: The port.

scripts/base/frameworks/reporter/main.zeek

@@ -2,9 +2,9 @@
 ##! internal messages/warnings/errors.  It should typically be loaded to
 ##! log such messages to a file in a standard way.  For the options to
 ##! toggle whether messages are additionally written to STDERR, see
-##! :bro:see:`Reporter::info_to_stderr`,
-##! :bro:see:`Reporter::warnings_to_stderr`, and
-##! :bro:see:`Reporter::errors_to_stderr`.
+##! :zeek:see:`Reporter::info_to_stderr`,
+##! :zeek:see:`Reporter::warnings_to_stderr`, and
+##! :zeek:see:`Reporter::errors_to_stderr`.
 ##!
 ##! Note that this framework deals with the handling of internally generated
 ##! reporter messages, for the interface

scripts/base/frameworks/signatures/main.zeek

@@ -13,22 +13,22 @@ export {
 		Sensitive_Signature,
 		## Host has triggered many signatures on the same host.  The
 		## number of signatures is defined by the
-		## :bro:id:`Signatures::vert_scan_thresholds` variable.
+		## :zeek:id:`Signatures::vert_scan_thresholds` variable.
 		Multiple_Signatures,
 		## Host has triggered the same signature on multiple hosts as
-		## defined by the :bro:id:`Signatures::horiz_scan_thresholds`
+		## defined by the :zeek:id:`Signatures::horiz_scan_thresholds`
 		## variable.
 		Multiple_Sig_Responders,
 		## The same signature has triggered multiple times for a host.
 		## The number of times the signature has been triggered is
-		## defined by the :bro:id:`Signatures::count_thresholds`
+		## defined by the :zeek:id:`Signatures::count_thresholds`
 		## variable. To generate this notice, the
-		## :bro:enum:`Signatures::SIG_COUNT_PER_RESP` action must be
+		## :zeek:enum:`Signatures::SIG_COUNT_PER_RESP` action must be
 		## set for the signature.
 		Count_Signature,
 		## Summarize the number of times a host triggered a signature.
 		## The interval between summaries is defined by the
-		## :bro:id:`Signatures::summary_interval` variable.
+		## :zeek:id:`Signatures::summary_interval` variable.
 		Signature_Summary,
 	};
 
@@ -48,7 +48,7 @@ export {
 		SIG_QUIET,
 		## Generate a notice.
 		SIG_LOG,
-		## The same as :bro:enum:`Signatures::SIG_LOG`, but ignore for
+		## The same as :zeek:enum:`Signatures::SIG_LOG`, but ignore for
 		## aggregate/scan processing.
 		SIG_FILE_BUT_NO_SCAN,
 		## Generate a notice and set it to be alarmed upon.
@@ -58,8 +58,8 @@ export {
 		## Alarm once and then never again.
 		SIG_ALARM_ONCE,
 		## Count signatures per responder host and alarm with the 
-		## :bro:enum:`Signatures::Count_Signature` notice if a threshold
-		## defined by :bro:id:`Signatures::count_thresholds` is reached.
+		## :zeek:enum:`Signatures::Count_Signature` notice if a threshold
+		## defined by :zeek:id:`Signatures::count_thresholds` is reached.
 		SIG_COUNT_PER_RESP,
 		## Don't alarm, but generate per-orig summary.
 		SIG_SUMMARY,
@@ -114,11 +114,11 @@ export {
 	## different signature matches has reached one of the thresholds.
 	const vert_scan_thresholds = { 5, 10, 50, 100, 500, 1000 } &redef;
 
-	## Generate a notice if a :bro:enum:`Signatures::SIG_COUNT_PER_RESP`
+	## Generate a notice if a :zeek:enum:`Signatures::SIG_COUNT_PER_RESP`
 	## signature is triggered as often as given by one of these thresholds.
 	const count_thresholds = { 5, 10, 50, 100, 500, 1000, 10000, 1000000, } &redef;
 	
-	## The interval between when :bro:enum:`Signatures::Signature_Summary`
+	## The interval between when :zeek:enum:`Signatures::Signature_Summary`
 	## notices are generated.
 	option summary_interval = 1 day;
 

scripts/base/frameworks/software/main.zeek

@@ -2,7 +2,7 @@
 ##! parsing but doesn't actually do any detection on it's own.  It relies on
 ##! other protocol specific scripts to parse out software from the protocols
 ##! that they analyze.  The entry point for providing new software detections
-##! to this framework is through the :bro:id:`Software::found` function.
+##! to this framework is through the :zeek:id:`Software::found` function.
 
 @load base/utils/directions-and-hosts
 @load base/utils/numbers
@@ -16,7 +16,7 @@ export {
 	
 	## Scripts detecting new types of software need to redef this enum to add
 	## their own specific software types which would then be used when they 
-	## create :bro:type:`Software::Info` records.
+	## create :zeek:type:`Software::Info` records.
 	type Type: enum {
 		## A placeholder type for when the type of software is not known.
 		UNKNOWN,
@@ -45,7 +45,7 @@ export {
 		## The port on which the software is running. Only sensible for
 		## server software.
 		host_p:           port &log &optional;
-		## The type of software detected (e.g. :bro:enum:`HTTP::SERVER`).
+		## The type of software detected (e.g. :zeek:enum:`HTTP::SERVER`).
 		software_type:    Type &log &default=UNKNOWN;
 		## Name of the software (e.g. Apache).
 		name:             string &log &optional;
@@ -96,9 +96,9 @@ export {
 		["Flash Player"] = "Flash",
 	} &default=function(a: string): string { return a; };
 
-	## Type to represent a collection of :bro:type:`Software::Info` records.
+	## Type to represent a collection of :zeek:type:`Software::Info` records.
 	## It's indexed with the name of a piece of software such as "Firefox" 
-	## and it yields a :bro:type:`Software::Info` record with more
+	## and it yields a :zeek:type:`Software::Info` record with more
 	## information about the software.
 	type SoftwareSet: table[string] of Info;
 	
@@ -108,7 +108,7 @@ export {
 	## uniformly distributed among proxy nodes.
 	global tracked: table[addr] of SoftwareSet &create_expire=1day;
 	
-	## This event can be handled to access the :bro:type:`Software::Info`
+	## This event can be handled to access the :zeek:type:`Software::Info`
 	## record as it is sent on to the logging framework.
 	global log_software: event(rec: Info);
 
@@ -117,7 +117,7 @@ export {
 	global version_change: event(old: Info, new: Info);
 
 	## This event is raised when software is about to be registered for
-	## tracking in :bro:see:`Software::tracked`.
+	## tracking in :zeek:see:`Software::tracked`.
 	global register: event(info: Info);
 }
 

scripts/base/frameworks/sumstats/cluster.zeek

@@ -35,12 +35,12 @@ export {
 	global cluster_get_result: event(uid: string, ss_name: string, key: Key, cleanup: bool);
 
 	## This event is sent by nodes in response to a
-	## :bro:id:`SumStats::cluster_get_result` event.
+	## :zeek:id:`SumStats::cluster_get_result` event.
 	global cluster_send_result: event(uid: string, ss_name: string, key: Key, result: Result, cleanup: bool);
 
 	## This is sent by workers to indicate that they crossed the percent
 	## of the current threshold by the percentage defined globally in
-	## :bro:id:`SumStats::cluster_request_global_view_percent`.
+	## :zeek:id:`SumStats::cluster_request_global_view_percent`.
 	global cluster_key_intermediate_response: event(ss_name: string, key: SumStats::Key);
 
 	## This event is scheduled internally on workers to send result chunks.

scripts/base/frameworks/sumstats/main.zeek

@@ -105,7 +105,7 @@ export {
 		reducers:           set[Reducer];
 
 		## A function that will be called once for each observation in order
-		## to calculate a value from the :bro:see:`SumStats::Result` structure
+		## to calculate a value from the :zeek:see:`SumStats::Result` structure
 		## which will be used for thresholding.
 		## This function is required if a *threshold* value or
 		## a *threshold_series* is given.
@@ -157,7 +157,7 @@ export {
 
 	## Dynamically request a sumstat key.  This function should be
 	## used sparingly and not as a replacement for the callbacks 
-	## from the :bro:see:`SumStats::SumStat` record.  The function is only
+	## from the :zeek:see:`SumStats::SumStat` record.  The function is only
 	## available for use within "when" statements as an asynchronous
 	## function.
 	##
@@ -168,7 +168,7 @@ export {
 	## Returns: The result for the requested sumstat key.
 	global request_key: function(ss_name: string, key: Key): Result;
 
-	## Helper function to represent a :bro:type:`SumStats::Key` value as
+	## Helper function to represent a :zeek:type:`SumStats::Key` value as
 	## a simple string.
 	##
 	## key: The metric key that is to be converted into a string.

scripts/base/frameworks/sumstats/plugins/last.zeek

@@ -19,7 +19,7 @@ export {
 	redef record ResultVal += {
 		## This is the queue where elements are maintained.
 		## Don't access this value directly, instead use the
-		## :bro:see:`SumStats::get_last` function to get a vector of
+		## :zeek:see:`SumStats::get_last` function to get a vector of
 		## the current element values.
 		last_elements: Queue::Queue &optional;
 	};

scripts/base/frameworks/tunnels/main.zeek

@@ -3,7 +3,7 @@
 ##!
 ##! For any connection that occurs over a tunnel, information about its
 ##! encapsulating tunnels is also found in the *tunnel* field of
-##! :bro:type:`connection`.
+##! :zeek:type:`connection`.
 
 module Tunnel;
 
@@ -18,7 +18,7 @@ export {
 		## A tunnel connection has closed.
 		CLOSE,
 		## No new connections over a tunnel happened in the amount of
-		## time indicated by :bro:see:`Tunnel::expiration_interval`.
+		## time indicated by :zeek:see:`Tunnel::expiration_interval`.
 		EXPIRE,
 	};
 
@@ -27,7 +27,7 @@ export {
 		## Time at which some tunnel activity occurred.
 		ts:          time         &log;
 		## The unique identifier for the tunnel, which may correspond
-		## to a :bro:type:`connection`'s *uid* field for non-IP-in-IP tunnels.
+		## to a :zeek:type:`connection`'s *uid* field for non-IP-in-IP tunnels.
 		## This is optional because there could be numerous connections
 		## for payload proxies like SOCKS but we should treat it as a
 		## single tunnel.
@@ -42,29 +42,29 @@ export {
 	};
 
 	## Logs all tunnels in an encapsulation chain with action
-	## :bro:see:`Tunnel::DISCOVER` that aren't already in the
-	## :bro:id:`Tunnel::active` table and adds them if not.
+	## :zeek:see:`Tunnel::DISCOVER` that aren't already in the
+	## :zeek:id:`Tunnel::active` table and adds them if not.
 	global register_all: function(ecv: EncapsulatingConnVector);
 
 	## Logs a single tunnel "connection" with action
-	## :bro:see:`Tunnel::DISCOVER` if it's not already in the
-	## :bro:id:`Tunnel::active` table and adds it if not.
+	## :zeek:see:`Tunnel::DISCOVER` if it's not already in the
+	## :zeek:id:`Tunnel::active` table and adds it if not.
 	global register: function(ec: EncapsulatingConn);
 
 	## Logs a single tunnel "connection" with action
-	## :bro:see:`Tunnel::EXPIRE` and removes it from the
-	## :bro:id:`Tunnel::active` table.
+	## :zeek:see:`Tunnel::EXPIRE` and removes it from the
+	## :zeek:id:`Tunnel::active` table.
 	##
 	## t: A table of tunnels.
 	##
 	## idx: The index of the tunnel table corresponding to the tunnel to expire.
 	##
 	## Returns: 0secs, which when this function is used as an
-	##          :bro:attr:`&expire_func`, indicates to remove the element at
+	##          :zeek:attr:`&expire_func`, indicates to remove the element at
 	##          *idx* immediately.
 	global expire: function(t: table[conn_id] of Info, idx: conn_id): interval;
 
-	## Removes a single tunnel from the :bro:id:`Tunnel::active` table
+	## Removes a single tunnel from the :zeek:id:`Tunnel::active` table
 	## and logs the closing/expiration of the tunnel.
 	##
 	## tunnel: The tunnel which has closed or expired.
@@ -78,7 +78,7 @@ export {
 
 	## Currently active tunnels.  That is, tunnels for which new,
 	## encapsulated connections have been seen in the interval indicated by
-	## :bro:see:`Tunnel::expiration_interval`.
+	## :zeek:see:`Tunnel::expiration_interval`.
 	global active: table[conn_id] of Info = table() &read_expire=expiration_interval &expire_func=expire;
 }