diff --git a/scripts/base/protocols/dnp3/main.bro b/scripts/base/protocols/dnp3/main.bro index f9c35ed8c0..3e5eede462 100644 --- a/scripts/base/protocols/dnp3/main.bro +++ b/scripts/base/protocols/dnp3/main.bro @@ -10,7 +10,7 @@ export { type Info: record { ## Time of the request. ts: time &log; - ## Unique identifier for the connnection. + ## Unique identifier for the connection. uid: string &log; ## Identifier for the connection. id: conn_id &log; diff --git a/scripts/base/protocols/irc/main.bro b/scripts/base/protocols/irc/main.bro index a57fc95448..d861e88ae9 100644 --- a/scripts/base/protocols/irc/main.bro +++ b/scripts/base/protocols/irc/main.bro @@ -15,9 +15,9 @@ export { uid: string &log; ## The connection's 4-tuple of endpoint addresses/ports. id: conn_id &log; - ## Nick name given for the connection. + ## Nickname given for the connection. nick: string &log &optional; - ## User name given for the connection. + ## Username given for the connection. user: string &log &optional; ## Command given by the client. diff --git a/scripts/base/protocols/modbus/main.bro b/scripts/base/protocols/modbus/main.bro index d484e7582b..707c2e47a7 100644 --- a/scripts/base/protocols/modbus/main.bro +++ b/scripts/base/protocols/modbus/main.bro @@ -10,7 +10,7 @@ export { type Info: record { ## Time of the request. ts: time &log; - ## Unique identifier for the connnection. + ## Unique identifier for the connection. uid: string &log; ## Identifier for the connection. id: conn_id &log; @@ -20,8 +20,8 @@ export { exception: string &log &optional; }; - ## Event that can be handled to access the Modbus record as it is sent on - ## to the logging framework. + ## Event that can be handled to access the Modbus record as it is sent + ## on to the logging framework. global log_modbus: event(rec: Info); } diff --git a/scripts/base/protocols/smtp/main.bro b/scripts/base/protocols/smtp/main.bro index f54fcdd4c8..fb3095c121 100644 --- a/scripts/base/protocols/smtp/main.bro +++ b/scripts/base/protocols/smtp/main.bro @@ -14,8 +14,8 @@ export { uid: string &log; ## The connection's 4-tuple of endpoint addresses/ports. id: conn_id &log; - ## A count to represent the depth of this message transaction in a single - ## connection where multiple messages were transferred. + ## A count to represent the depth of this message transaction in + ## a single connection where multiple messages were transferred. trans_depth: count &log; ## Contents of the Helo header. helo: string &log &optional; @@ -37,7 +37,7 @@ export { in_reply_to: string &log &optional; ## Contents of the Subject header. subject: string &log &optional; - ## Contents of the X-Origininating-IP header. + ## Contents of the X-Originating-IP header. x_originating_ip: addr &log &optional; ## Contents of the first Received header. first_received: string &log &optional; @@ -50,7 +50,8 @@ export { ## Value of the User-Agent header from the client. user_agent: string &log &optional; - ## Indicates if the "Received: from" headers should still be processed. + ## Indicates if the "Received: from" headers should still be + ## processed. process_received_from: bool &default=T; ## Indicates if client activity has been seen, but not yet logged. has_client_activity: bool &default=F; @@ -58,9 +59,9 @@ export { type State: record { helo: string &optional; - ## Count the number of individual messages transmitted during this - ## SMTP session. Note, this is not the number of recipients, but the - ## number of message bodies transferred. + ## Count the number of individual messages transmitted during + ## this SMTP session. Note, this is not the number of + ## recipients, but the number of message bodies transferred. messages_transferred: count &default=0; pending_messages: set[Info] &optional; diff --git a/scripts/base/protocols/socks/main.bro b/scripts/base/protocols/socks/main.bro index f697b355c1..713161d442 100644 --- a/scripts/base/protocols/socks/main.bro +++ b/scripts/base/protocols/socks/main.bro @@ -9,17 +9,19 @@ export { type Info: record { ## Time when the proxy connection was first detected. ts: time &log; - ## Unique ID for the tunnel - may correspond to connection uid or be non-existent. + ## Unique ID for the tunnel - may correspond to connection uid + ## or be non-existent. uid: string &log; ## The connection's 4-tuple of endpoint addresses/ports. id: conn_id &log; ## Protocol version of SOCKS. version: count &log; - ## Username for the proxy if extracted from the network.. + ## Username for the proxy if extracted from the network. user: string &log &optional; ## Server status for the attempt at using the proxy. status: string &log &optional; - ## Client requested SOCKS address. Could be an address, a name or both. + ## Client requested SOCKS address. Could be an address, a name + ## or both. request: SOCKS::Address &log &optional; ## Client requested port. request_p: port &log &optional; diff --git a/scripts/base/protocols/ssh/main.bro b/scripts/base/protocols/ssh/main.bro index 53b61f00d8..5b452d432c 100644 --- a/scripts/base/protocols/ssh/main.bro +++ b/scripts/base/protocols/ssh/main.bro @@ -25,8 +25,8 @@ export { uid: string &log; ## The connection's 4-tuple of endpoint addresses/ports. id: conn_id &log; - ## Indicates if the login was heuristically guessed to be "success", - ## "failure", or "undetermined". + ## Indicates if the login was heuristically guessed to be + ## "success", "failure", or "undetermined". status: string &log &default="undetermined"; ## Direction of the connection. If the client was a local host ## logging into an external host, this would be OUTBOUND. INBOUND @@ -39,8 +39,8 @@ export { server: string &log &optional; ## Amount of data returned from the server. This is currently ## the only measure of the success heuristic and it is logged to - ## assist analysts looking at the logs to make their own determination - ## about the success on a case-by-case basis. + ## assist analysts looking at the logs to make their own + ## determination about the success on a case-by-case basis. resp_size: count &log &default=0; ## Indicate if the SSH session is done being watched.