Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-10 10:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Added the initial syslog analyzer and policy script.

Browse source
This commit is contained in:
Seth Hall 2010-10-27 15:37:00 -04:00
parent 340805fe00
commit cc7c3776cc
11 changed files with 313 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

15
src/syslog-protocol.pac Normal file
View file

@ -0,0 +1,15 @@
type Syslog_Message = record {
PRI: Syslog_Priority;
msg: bytestring &restofdata;
} &byteorder = littleendian;
type Syslog_Priority = record {
lt : uint8 &check(lt == "<");
val : RE/[[:digit:]]+/;
gt : uint8 &check(gt == ">");
} &let {
val_length: int = sizeof(val) - 1;
int_val: int = bytestring_to_int(val, 10);
severity: int = (int_val & 0x07);
facility: int = (int_val & 0x03f8) >> 3;
};