Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-07 09:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Copy docs into Zeek repo directly

Browse source 
This is based on commit 2731def9159247e6da8a3191783c89683363689c from the
zeek-docs repo.
This commit is contained in:
Tim Wojtulewicz 2025-09-15 15:52:18 -07:00
parent 83f1e74643
commit ded98cd373
1074 changed files with 169319 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

14
doc/scripts/base/frameworks/logging/__load__.zeek.rst Normal file
View file

@ -0,0 +1,14 @@
:tocdepth: 3
base/frameworks/logging/__load__.zeek
=====================================
:Imports: :doc:`base/frameworks/logging/main.zeek </scripts/base/frameworks/logging/main.zeek>`, :doc:`base/frameworks/logging/postprocessors </scripts/base/frameworks/logging/postprocessors/index>`, :doc:`base/frameworks/logging/writers/ascii.zeek </scripts/base/frameworks/logging/writers/ascii.zeek>`, :doc:`base/frameworks/logging/writers/none.zeek </scripts/base/frameworks/logging/writers/none.zeek>`, :doc:`base/frameworks/logging/writers/sqlite.zeek </scripts/base/frameworks/logging/writers/sqlite.zeek>`
Summary
~~~~~~~
Detailed Interface
~~~~~~~~~~~~~~~~~~

87
doc/scripts/base/frameworks/logging/index.rst Normal file
View file

@ -0,0 +1,87 @@
:orphan:
Package: base/frameworks/logging
================================
The logging framework provides a flexible key-value based logging interface.
:doc:`/scripts/base/frameworks/logging/__load__.zeek`
:doc:`/scripts/base/frameworks/logging/main.zeek`
The Zeek logging interface.
See :doc:`/frameworks/logging` for an introduction to Zeek's
logging framework.
:doc:`/scripts/base/frameworks/logging/postprocessors/__load__.zeek`
:doc:`/scripts/base/frameworks/logging/postprocessors/scp.zeek`
This script defines a postprocessing function that can be applied
to a logging filter in order to automatically SCP (secure copy)
a log stream (or a subset of it) to a remote host at configurable
rotation time intervals. Generally, to use this functionality
you must handle the :zeek:id:`zeek_init` event and do the following
in your handler:
1) Create a new :zeek:type:`Log::Filter` record that defines a name/path,
rotation interval, and set the ``postprocessor`` to
:zeek:id:`Log::scp_postprocessor`.
2) Add the filter to a logging stream using :zeek:id:`Log::add_filter`.
3) Add a table entry to :zeek:id:`Log::scp_destinations` for the filter's
writer/path pair which defines a set of :zeek:type:`Log::SCPDestination`
records.
:doc:`/scripts/base/frameworks/logging/postprocessors/sftp.zeek`
This script defines a postprocessing function that can be applied
to a logging filter in order to automatically SFTP
a log stream (or a subset of it) to a remote host at configurable
rotation time intervals. Generally, to use this functionality
you must handle the :zeek:id:`zeek_init` event and do the following
in your handler:
1) Create a new :zeek:type:`Log::Filter` record that defines a name/path,
rotation interval, and set the ``postprocessor`` to
:zeek:id:`Log::sftp_postprocessor`.
2) Add the filter to a logging stream using :zeek:id:`Log::add_filter`.
3) Add a table entry to :zeek:id:`Log::sftp_destinations` for the filter's
writer/path pair which defines a set of :zeek:type:`Log::SFTPDestination`
records.
:doc:`/scripts/base/frameworks/logging/writers/ascii.zeek`
Interface for the ASCII log writer. Redefinable options are available
to tweak the output format of ASCII logs.
The ASCII writer currently supports one writer-specific per-filter config
option: setting ``tsv`` to the string ``T`` turns the output into
"tab-separated-value" mode where only a single header row with the column
names is printed out as meta information, with no "# fields" prepended; no
other meta data gets included in that mode. Example filter using this::
local f = Log::Filter($name = "my-filter",
$writer = Log::WRITER_ASCII,
$config = table(["tsv"] = "T"));
:doc:`/scripts/base/frameworks/logging/writers/sqlite.zeek`
Interface for the SQLite log writer. Redefinable options are available
to tweak the output format of the SQLite reader.
See :doc:`/frameworks/logging-input-sqlite` for an introduction on how to
use the SQLite log writer.
The SQL writer currently supports one writer-specific filter option via
``config``: setting ``tablename`` sets the name of the table that is used
or created in the SQLite database. An example for this is given in the
introduction mentioned above.
:doc:`/scripts/base/frameworks/logging/writers/none.zeek`
Interface for the None log writer. This writer is mainly for debugging.

1825
doc/scripts/base/frameworks/logging/main.zeek.rst Normal file
View file

File diff suppressed because it is too large Load diff

14
doc/scripts/base/frameworks/logging/postprocessors/__load__.zeek.rst Normal file
View file

@ -0,0 +1,14 @@
:tocdepth: 3
base/frameworks/logging/postprocessors/__load__.zeek
====================================================
:Imports: :doc:`base/frameworks/logging/postprocessors/scp.zeek </scripts/base/frameworks/logging/postprocessors/scp.zeek>`, :doc:`base/frameworks/logging/postprocessors/sftp.zeek </scripts/base/frameworks/logging/postprocessors/sftp.zeek>`
Summary
~~~~~~~
Detailed Interface
~~~~~~~~~~~~~~~~~~

44
doc/scripts/base/frameworks/logging/postprocessors/index.rst Normal file
View file

@ -0,0 +1,44 @@
:orphan:
Package: base/frameworks/logging/postprocessors
===============================================
Support for postprocessors in the logging framework.
:doc:`/scripts/base/frameworks/logging/postprocessors/__load__.zeek`
:doc:`/scripts/base/frameworks/logging/postprocessors/scp.zeek`
This script defines a postprocessing function that can be applied
to a logging filter in order to automatically SCP (secure copy)
a log stream (or a subset of it) to a remote host at configurable
rotation time intervals. Generally, to use this functionality
you must handle the :zeek:id:`zeek_init` event and do the following
in your handler:
1) Create a new :zeek:type:`Log::Filter` record that defines a name/path,
rotation interval, and set the ``postprocessor`` to
:zeek:id:`Log::scp_postprocessor`.
2) Add the filter to a logging stream using :zeek:id:`Log::add_filter`.
3) Add a table entry to :zeek:id:`Log::scp_destinations` for the filter's
writer/path pair which defines a set of :zeek:type:`Log::SCPDestination`
records.
:doc:`/scripts/base/frameworks/logging/postprocessors/sftp.zeek`
This script defines a postprocessing function that can be applied
to a logging filter in order to automatically SFTP
a log stream (or a subset of it) to a remote host at configurable
rotation time intervals. Generally, to use this functionality
you must handle the :zeek:id:`zeek_init` event and do the following
in your handler:
1) Create a new :zeek:type:`Log::Filter` record that defines a name/path,
rotation interval, and set the ``postprocessor`` to
:zeek:id:`Log::sftp_postprocessor`.
2) Add the filter to a logging stream using :zeek:id:`Log::add_filter`.
3) Add a table entry to :zeek:id:`Log::sftp_destinations` for the filter's
writer/path pair which defines a set of :zeek:type:`Log::SFTPDestination`
records.

132
doc/scripts/base/frameworks/logging/postprocessors/scp.zeek.rst Normal file
View file

@ -0,0 +1,132 @@
:tocdepth: 3
base/frameworks/logging/postprocessors/scp.zeek
===============================================
.. zeek:namespace:: Log
This script defines a postprocessing function that can be applied
to a logging filter in order to automatically SCP (secure copy)
a log stream (or a subset of it) to a remote host at configurable
rotation time intervals. Generally, to use this functionality
you must handle the :zeek:id:`zeek_init` event and do the following
in your handler:
1) Create a new :zeek:type:`Log::Filter` record that defines a name/path,
rotation interval, and set the ``postprocessor`` to
:zeek:id:`Log::scp_postprocessor`.
2) Add the filter to a logging stream using :zeek:id:`Log::add_filter`.
3) Add a table entry to :zeek:id:`Log::scp_destinations` for the filter's
writer/path pair which defines a set of :zeek:type:`Log::SCPDestination`
records.
:Namespace: Log
Summary
~~~~~~~
Redefinable Options
###################
================================================================================= ================================================================
:zeek:id:`Log::scp_rotation_date_format`: :zeek:type:`string` :zeek:attr:`&redef` Default naming format for timestamps embedded into log filenames
that use the SCP rotator.
================================================================================= ================================================================
State Variables
###############
==================================================== =======================================================================
:zeek:id:`Log::scp_destinations`: :zeek:type:`table` A table indexed by a particular log writer and filter path, that yields
a set of remote destinations.
==================================================== =======================================================================
Types
#####
===================================================== =====================================================================
:zeek:type:`Log::SCPDestination`: :zeek:type:`record` A container that describes the remote destination for the SCP command
argument as ``user@host:path``.
===================================================== =====================================================================
Functions
#########
======================================================== ============================================================
:zeek:id:`Log::scp_postprocessor`: :zeek:type:`function` Secure-copies the rotated log to all the remote hosts
defined in :zeek:id:`Log::scp_destinations` and then deletes
the local copy of the rotated log.
======================================================== ============================================================
Detailed Interface
~~~~~~~~~~~~~~~~~~
Redefinable Options
###################
.. zeek:id:: Log::scp_rotation_date_format
:source-code: base/frameworks/logging/postprocessors/scp.zeek 53 53
:Type: :zeek:type:`string`
:Attributes: :zeek:attr:`&redef`
:Default: ``"%Y-%m-%d-%H-%M-%S"``
Default naming format for timestamps embedded into log filenames
that use the SCP rotator.
State Variables
###############
.. zeek:id:: Log::scp_destinations
:source-code: base/frameworks/logging/postprocessors/scp.zeek 49 49
:Type: :zeek:type:`table` [:zeek:type:`Log::Writer`, :zeek:type:`string`] of :zeek:type:`set` [:zeek:type:`Log::SCPDestination`]
:Default: ``{}``
A table indexed by a particular log writer and filter path, that yields
a set of remote destinations. The :zeek:id:`Log::scp_postprocessor`
function queries this table upon log rotation and performs a secure
copy of the rotated log to each destination in the set. This
table can be modified at run-time.
Types
#####
.. zeek:type:: Log::SCPDestination
:source-code: base/frameworks/logging/postprocessors/scp.zeek 34 42
:Type: :zeek:type:`record`
.. zeek:field:: user :zeek:type:`string`
The remote user to log in as. A trust mechanism should be
pre-established.
.. zeek:field:: host :zeek:type:`string`
The remote host to which to transfer logs.
.. zeek:field:: path :zeek:type:`string`
The path/directory on the remote host to send logs.
A container that describes the remote destination for the SCP command
argument as ``user@host:path``.
Functions
#########
.. zeek:id:: Log::scp_postprocessor
:source-code: base/frameworks/logging/postprocessors/scp.zeek 56 72
:Type: :zeek:type:`function` (info: :zeek:type:`Log::RotationInfo`) : :zeek:type:`bool`
Secure-copies the rotated log to all the remote hosts
defined in :zeek:id:`Log::scp_destinations` and then deletes
the local copy of the rotated log. It's not active when
reading from trace files.
:param info: A record holding meta-information about the log file to be
postprocessed.
:returns: True if secure-copy system command was initiated or
if no destination was configured for the log as described
by *info*.

137
doc/scripts/base/frameworks/logging/postprocessors/sftp.zeek.rst Normal file
View file

@ -0,0 +1,137 @@
:tocdepth: 3
base/frameworks/logging/postprocessors/sftp.zeek
================================================
.. zeek:namespace:: Log
This script defines a postprocessing function that can be applied
to a logging filter in order to automatically SFTP
a log stream (or a subset of it) to a remote host at configurable
rotation time intervals. Generally, to use this functionality
you must handle the :zeek:id:`zeek_init` event and do the following
in your handler:
1) Create a new :zeek:type:`Log::Filter` record that defines a name/path,
rotation interval, and set the ``postprocessor`` to
:zeek:id:`Log::sftp_postprocessor`.
2) Add the filter to a logging stream using :zeek:id:`Log::add_filter`.
3) Add a table entry to :zeek:id:`Log::sftp_destinations` for the filter's
writer/path pair which defines a set of :zeek:type:`Log::SFTPDestination`
records.
:Namespace: Log
Summary
~~~~~~~
Redefinable Options
###################
================================================================================== ================================================================
:zeek:id:`Log::sftp_rotation_date_format`: :zeek:type:`string` :zeek:attr:`&redef` Default naming format for timestamps embedded into log filenames
that use the SFTP rotator.
================================================================================== ================================================================
State Variables
###############
===================================================== =======================================================================
:zeek:id:`Log::sftp_destinations`: :zeek:type:`table` A table indexed by a particular log writer and filter path, that yields
a set of remote destinations.
===================================================== =======================================================================
Types
#####
====================================================== =======================================================================
:zeek:type:`Log::SFTPDestination`: :zeek:type:`record` A container that describes the remote destination for the SFTP command,
comprised of the username, host, and path at which to upload the file.
====================================================== =======================================================================
Functions
#########
========================================================= =============================================================
:zeek:id:`Log::sftp_postprocessor`: :zeek:type:`function` Securely transfers the rotated log to all the remote hosts
defined in :zeek:id:`Log::sftp_destinations` and then deletes
the local copy of the rotated log.
========================================================= =============================================================
Detailed Interface
~~~~~~~~~~~~~~~~~~
Redefinable Options
###################
.. zeek:id:: Log::sftp_rotation_date_format
:source-code: base/frameworks/logging/postprocessors/sftp.zeek 55 55
:Type: :zeek:type:`string`
:Attributes: :zeek:attr:`&redef`
:Default: ``"%Y-%m-%d-%H-%M-%S"``
Default naming format for timestamps embedded into log filenames
that use the SFTP rotator.
State Variables
###############
.. zeek:id:: Log::sftp_destinations
:source-code: base/frameworks/logging/postprocessors/sftp.zeek 51 51
:Type: :zeek:type:`table` [:zeek:type:`Log::Writer`, :zeek:type:`string`] of :zeek:type:`set` [:zeek:type:`Log::SFTPDestination`]
:Default: ``{}``
A table indexed by a particular log writer and filter path, that yields
a set of remote destinations. The :zeek:id:`Log::sftp_postprocessor`
function queries this table upon log rotation and performs a secure
transfer of the rotated log to each destination in the set. This
table can be modified at run-time.
Types
#####
.. zeek:type:: Log::SFTPDestination
:source-code: base/frameworks/logging/postprocessors/sftp.zeek 34 44
:Type: :zeek:type:`record`
.. zeek:field:: user :zeek:type:`string`
The remote user to log in as. A trust mechanism should be
pre-established.
.. zeek:field:: host :zeek:type:`string`
The remote host to which to transfer logs.
.. zeek:field:: host_port :zeek:type:`count` :zeek:attr:`&default` = ``22`` :zeek:attr:`&optional`
The port to connect to. Defaults to 22
.. zeek:field:: path :zeek:type:`string`
The path/directory on the remote host to send logs.
A container that describes the remote destination for the SFTP command,
comprised of the username, host, and path at which to upload the file.
Functions
#########
.. zeek:id:: Log::sftp_postprocessor
:source-code: base/frameworks/logging/postprocessors/sftp.zeek 58 75
:Type: :zeek:type:`function` (info: :zeek:type:`Log::RotationInfo`) : :zeek:type:`bool`
Securely transfers the rotated log to all the remote hosts
defined in :zeek:id:`Log::sftp_destinations` and then deletes
the local copy of the rotated log. It's not active when
reading from trace files.
:param info: A record holding meta-information about the log file to be
postprocessed.
:returns: True if sftp system command was initiated or
if no destination was configured for the log as described
by *info*.

229
doc/scripts/base/frameworks/logging/writers/ascii.zeek.rst Normal file
View file

@ -0,0 +1,229 @@
:tocdepth: 3
base/frameworks/logging/writers/ascii.zeek
==========================================
.. zeek:namespace:: LogAscii
Interface for the ASCII log writer. Redefinable options are available
to tweak the output format of ASCII logs.
The ASCII writer currently supports one writer-specific per-filter config
option: setting ``tsv`` to the string ``T`` turns the output into
"tab-separated-value" mode where only a single header row with the column
names is printed out as meta information, with no "# fields" prepended; no
other meta data gets included in that mode. Example filter using this::
local f = Log::Filter($name = "my-filter",
$writer = Log::WRITER_ASCII,
$config = table(["tsv"] = "T"));
:Namespace: LogAscii
Summary
~~~~~~~
Redefinable Options
###################
============================================================================================ =====================================================================
:zeek:id:`LogAscii::empty_field`: :zeek:type:`string` :zeek:attr:`&redef` String to use for empty fields.
:zeek:id:`LogAscii::enable_leftover_log_rotation`: :zeek:type:`bool` :zeek:attr:`&redef` If true, detect log files that did not get properly rotated
by a previous Zeek process (e.g.
:zeek:id:`LogAscii::enable_utf_8`: :zeek:type:`bool` :zeek:attr:`&redef` If true, valid UTF-8 sequences will pass through unescaped and be
written into logs.
:zeek:id:`LogAscii::gzip_file_extension`: :zeek:type:`string` :zeek:attr:`&redef` Define the file extension used when compressing log files when
they are created with the :zeek:see:`LogAscii::gzip_level` option.
:zeek:id:`LogAscii::gzip_level`: :zeek:type:`count` :zeek:attr:`&redef` Define the gzip level to compress the logs.
:zeek:id:`LogAscii::include_meta`: :zeek:type:`bool` :zeek:attr:`&redef` If true, include lines with log meta information such as column names
with types, the values of ASCII logging options that are in use, and
the time when the file was opened and closed (the latter at the end).
:zeek:id:`LogAscii::json_include_unset_fields`: :zeek:type:`bool` :zeek:attr:`&redef` Handling of optional fields when writing out JSON.
:zeek:id:`LogAscii::json_timestamps`: :zeek:type:`JSON::TimestampFormat` :zeek:attr:`&redef` Format of timestamps when writing out JSON.
:zeek:id:`LogAscii::meta_prefix`: :zeek:type:`string` :zeek:attr:`&redef` Prefix for lines with meta information.
:zeek:id:`LogAscii::output_to_stdout`: :zeek:type:`bool` :zeek:attr:`&redef` If true, output everything to stdout rather than
into files.
:zeek:id:`LogAscii::separator`: :zeek:type:`string` :zeek:attr:`&redef` Separator between fields.
:zeek:id:`LogAscii::set_separator`: :zeek:type:`string` :zeek:attr:`&redef` Separator between set elements.
:zeek:id:`LogAscii::unset_field`: :zeek:type:`string` :zeek:attr:`&redef` String to use for an unset &optional field.
:zeek:id:`LogAscii::use_json`: :zeek:type:`bool` :zeek:attr:`&redef` If true, the default will be to write logs in a JSON format.
============================================================================================ =====================================================================
Detailed Interface
~~~~~~~~~~~~~~~~~~
Redefinable Options
###################
.. zeek:id:: LogAscii::empty_field
:source-code: base/frameworks/logging/writers/ascii.zeek 95 95
:Type: :zeek:type:`string`
:Attributes: :zeek:attr:`&redef`
:Default: ``"(empty)"``
String to use for empty fields. This should be different from
*unset_field* to make the output unambiguous.
This option is also available as a per-filter ``$config`` option.
.. zeek:id:: LogAscii::enable_leftover_log_rotation
:source-code: base/frameworks/logging/writers/ascii.zeek 35 35
:Type: :zeek:type:`bool`
:Attributes: :zeek:attr:`&redef`
:Default: ``F``
If true, detect log files that did not get properly rotated
by a previous Zeek process (e.g. due to crash) and rotate them.
This requires a positive rotation interval to be configured
to have an effect. E.g. via :zeek:see:`Log::default_rotation_interval`
or the *interv* field of a :zeek:see:`Log::Filter`.
.. zeek:id:: LogAscii::enable_utf_8
:source-code: base/frameworks/logging/writers/ascii.zeek 41 41
:Type: :zeek:type:`bool`
:Attributes: :zeek:attr:`&redef`
:Default: ``T``
If true, valid UTF-8 sequences will pass through unescaped and be
written into logs.
This option is also available as a per-filter ``$config`` option.
.. zeek:id:: LogAscii::gzip_file_extension
:source-code: base/frameworks/logging/writers/ascii.zeek 55 55
:Type: :zeek:type:`string`
:Attributes: :zeek:attr:`&redef`
:Default: ``"gz"``
Define the file extension used when compressing log files when
they are created with the :zeek:see:`LogAscii::gzip_level` option.
This option is also available as a per-filter ``$config`` option.
.. zeek:id:: LogAscii::gzip_level
:source-code: base/frameworks/logging/writers/ascii.zeek 49 49
:Type: :zeek:type:`count`
:Attributes: :zeek:attr:`&redef`
:Default: ``0``
Define the gzip level to compress the logs. If 0, then no gzip
compression is performed. Enabling compression also changes
the log file name extension to include the value of
:zeek:see:`LogAscii::gzip_file_extension`.
This option is also available as a per-filter ``$config`` option.
.. zeek:id:: LogAscii::include_meta
:source-code: base/frameworks/logging/writers/ascii.zeek 74 74
:Type: :zeek:type:`bool`
:Attributes: :zeek:attr:`&redef`
:Default: ``T``
If true, include lines with log meta information such as column names
with types, the values of ASCII logging options that are in use, and
the time when the file was opened and closed (the latter at the end).
If writing in JSON format, this is implicitly disabled.
.. zeek:id:: LogAscii::json_include_unset_fields
:source-code: base/frameworks/logging/writers/ascii.zeek 67 67
:Type: :zeek:type:`bool`
:Attributes: :zeek:attr:`&redef`
:Default: ``F``
Handling of optional fields when writing out JSON. By default the
JSON formatter skips key and val when the field is absent. Setting
the following field to T includes the key, with a null value.
.. zeek:id:: LogAscii::json_timestamps
:source-code: base/frameworks/logging/writers/ascii.zeek 62 62
:Type: :zeek:type:`JSON::TimestampFormat`
:Attributes: :zeek:attr:`&redef`
:Default: ``JSON::TS_EPOCH``
Format of timestamps when writing out JSON. By default, the JSON
formatter will use double values for timestamps which represent the
number of seconds from the UNIX epoch.
This option is also available as a per-filter ``$config`` option.
.. zeek:id:: LogAscii::meta_prefix
:source-code: base/frameworks/logging/writers/ascii.zeek 79 79
:Type: :zeek:type:`string`
:Attributes: :zeek:attr:`&redef`
:Default: ``"#"``
Prefix for lines with meta information.
This option is also available as a per-filter ``$config`` option.
.. zeek:id:: LogAscii::output_to_stdout
:source-code: base/frameworks/logging/writers/ascii.zeek 22 22
:Type: :zeek:type:`bool`
:Attributes: :zeek:attr:`&redef`
:Default: ``F``
If true, output everything to stdout rather than
into files. This is primarily for debugging purposes.
This option is also available as a per-filter ``$config`` option.
.. zeek:id:: LogAscii::separator
:source-code: base/frameworks/logging/writers/ascii.zeek 84 84
:Type: :zeek:type:`string`
:Attributes: :zeek:attr:`&redef`
:Default: ``"\x09"``
Separator between fields.
This option is also available as a per-filter ``$config`` option.
.. zeek:id:: LogAscii::set_separator
:source-code: base/frameworks/logging/writers/ascii.zeek 89 89
:Type: :zeek:type:`string`
:Attributes: :zeek:attr:`&redef`
:Default: ``","``
Separator between set elements.
This option is also available as a per-filter ``$config`` option.
.. zeek:id:: LogAscii::unset_field
:source-code: base/frameworks/logging/writers/ascii.zeek 100 100
:Type: :zeek:type:`string`
:Attributes: :zeek:attr:`&redef`
:Default: ``"-"``
String to use for an unset &optional field.
This option is also available as a per-filter ``$config`` option.
.. zeek:id:: LogAscii::use_json
:source-code: base/frameworks/logging/writers/ascii.zeek 27 27
:Type: :zeek:type:`bool`
:Attributes: :zeek:attr:`&redef`
:Default: ``F``
:Redefinition: from :doc:`/scripts/policy/tuning/json-logs.zeek`
``=``::
T
If true, the default will be to write logs in a JSON format.
This option is also available as a per-filter ``$config`` option.

41
doc/scripts/base/frameworks/logging/writers/none.zeek.rst Normal file
View file

@ -0,0 +1,41 @@
:tocdepth: 3
base/frameworks/logging/writers/none.zeek
=========================================
.. zeek:namespace:: LogNone
Interface for the None log writer. This writer is mainly for debugging.
:Namespace: LogNone
Summary
~~~~~~~
Redefinable Options
###################
================================================================ ============================================================
:zeek:id:`LogNone::debug`: :zeek:type:`bool` :zeek:attr:`&redef` If true, output debugging output that can be useful for unit
testing the logging framework.
================================================================ ============================================================
Redefinitions
#############
======================================================================================= =
:zeek:id:`Log::default_rotation_postprocessors`: :zeek:type:`table` :zeek:attr:`&redef`
======================================================================================= =
Detailed Interface
~~~~~~~~~~~~~~~~~~
Redefinable Options
###################
.. zeek:id:: LogNone::debug
:source-code: base/frameworks/logging/writers/none.zeek 8 8
:Type: :zeek:type:`bool`
:Attributes: :zeek:attr:`&redef`
:Default: ``F``
If true, output debugging output that can be useful for unit
testing the logging framework.

141
doc/scripts/base/frameworks/logging/writers/sqlite.zeek.rst Normal file
View file

@ -0,0 +1,141 @@
:tocdepth: 3
base/frameworks/logging/writers/sqlite.zeek
===========================================
.. zeek:namespace:: LogSQLite
Interface for the SQLite log writer. Redefinable options are available
to tweak the output format of the SQLite reader.
See :doc:`/frameworks/logging-input-sqlite` for an introduction on how to
use the SQLite log writer.
The SQL writer currently supports one writer-specific filter option via
``config``: setting ``tablename`` sets the name of the table that is used
or created in the SQLite database. An example for this is given in the
introduction mentioned above.
:Namespace: LogSQLite
Summary
~~~~~~~
Redefinable Options
###################
================================================================================================= ==========================================================================
:zeek:id:`LogSQLite::empty_field`: :zeek:type:`string` :zeek:attr:`&redef` String to use for empty fields.
:zeek:id:`LogSQLite::journal_mode`: :zeek:type:`LogSQLite::SQLiteJournalMode` :zeek:attr:`&redef` If changed from SQLITE_JOURNAL_MODE_DEFAULT, runs the PRAGMA
journal_mode statement with the provided value after connecting to
the SQLite database.
:zeek:id:`LogSQLite::set_separator`: :zeek:type:`string` :zeek:attr:`&redef` Separator between set elements.
:zeek:id:`LogSQLite::synchronous`: :zeek:type:`LogSQLite::SQLiteSynchronous` :zeek:attr:`&redef` If changed from SQLITE_SYNCHRONOUS_DEFAULT, runs the PRAGMA synchronous
statement with the provided value after connecting to the SQLite database.
:zeek:id:`LogSQLite::unset_field`: :zeek:type:`string` :zeek:attr:`&redef` String to use for an unset &optional field.
================================================================================================= ==========================================================================
Types
#####
============================================================ ============================================================
:zeek:type:`LogSQLite::SQLiteJournalMode`: :zeek:type:`enum` Values supported for SQLite's PRAGMA journal_mode statement.
:zeek:type:`LogSQLite::SQLiteSynchronous`: :zeek:type:`enum` Values supported for SQLite's PRAGMA synchronous statement.
============================================================ ============================================================
Detailed Interface
~~~~~~~~~~~~~~~~~~
Redefinable Options
###################
.. zeek:id:: LogSQLite::empty_field
:source-code: base/frameworks/logging/writers/sqlite.zeek 23 23
:Type: :zeek:type:`string`
:Attributes: :zeek:attr:`&redef`
:Default: ``"(empty)"``
String to use for empty fields. This should be different from
*unset_field* to make the output unambiguous.
.. zeek:id:: LogSQLite::journal_mode
:source-code: base/frameworks/logging/writers/sqlite.zeek 57 57
:Type: :zeek:type:`LogSQLite::SQLiteJournalMode`
:Attributes: :zeek:attr:`&redef`
:Default: ``LogSQLite::SQLITE_JOURNAL_MODE_DEFAULT``
If changed from SQLITE_JOURNAL_MODE_DEFAULT, runs the PRAGMA
journal_mode statement with the provided value after connecting to
the SQLite database.
`SQLite's journal_mode documentation <https://www.sqlite.org/pragma.html#pragma_journal_mode>`_
for more details around performance, data safety trade offs
and interaction with the PRAGMA synchronous statement.
.. zeek:id:: LogSQLite::set_separator
:source-code: base/frameworks/logging/writers/sqlite.zeek 16 16
:Type: :zeek:type:`string`
:Attributes: :zeek:attr:`&redef`
:Default: ``","``
Separator between set elements.
.. zeek:id:: LogSQLite::synchronous
:source-code: base/frameworks/logging/writers/sqlite.zeek 49 49
:Type: :zeek:type:`LogSQLite::SQLiteSynchronous`
:Attributes: :zeek:attr:`&redef`
:Default: ``LogSQLite::SQLITE_SYNCHRONOUS_DEFAULT``
If changed from SQLITE_SYNCHRONOUS_DEFAULT, runs the PRAGMA synchronous
statement with the provided value after connecting to the SQLite database. See
`SQLite's synchronous documentation <https://www.sqlite.org/pragma.html#pragma_synchronous>`_
for more details around performance and data safety trade offs.
.. zeek:id:: LogSQLite::unset_field
:source-code: base/frameworks/logging/writers/sqlite.zeek 19 19
:Type: :zeek:type:`string`
:Attributes: :zeek:attr:`&redef`
:Default: ``"-"``
String to use for an unset &optional field.
Types
#####
.. zeek:type:: LogSQLite::SQLiteJournalMode
:source-code: base/frameworks/logging/writers/sqlite.zeek 35 35
:Type: :zeek:type:`enum`
.. zeek:enum:: LogSQLite::SQLITE_JOURNAL_MODE_DEFAULT LogSQLite::SQLiteJournalMode
.. zeek:enum:: LogSQLite::SQLITE_JOURNAL_MODE_DELETE LogSQLite::SQLiteJournalMode
.. zeek:enum:: LogSQLite::SQLITE_JOURNAL_MODE_TRUNCATE LogSQLite::SQLiteJournalMode
.. zeek:enum:: LogSQLite::SQLITE_JOURNAL_MODE_PERSIST LogSQLite::SQLiteJournalMode
.. zeek:enum:: LogSQLite::SQLITE_JOURNAL_MODE_MEMORY LogSQLite::SQLiteJournalMode
.. zeek:enum:: LogSQLite::SQLITE_JOURNAL_MODE_WAL LogSQLite::SQLiteJournalMode
.. zeek:enum:: LogSQLite::SQLITE_JOURNAL_MODE_OFF LogSQLite::SQLiteJournalMode
Values supported for SQLite's PRAGMA journal_mode statement.
.. zeek:type:: LogSQLite::SQLiteSynchronous
:source-code: base/frameworks/logging/writers/sqlite.zeek 26 26
:Type: :zeek:type:`enum`
.. zeek:enum:: LogSQLite::SQLITE_SYNCHRONOUS_DEFAULT LogSQLite::SQLiteSynchronous
.. zeek:enum:: LogSQLite::SQLITE_SYNCHRONOUS_OFF LogSQLite::SQLiteSynchronous
.. zeek:enum:: LogSQLite::SQLITE_SYNCHRONOUS_NORMAL LogSQLite::SQLiteSynchronous
.. zeek:enum:: LogSQLite::SQLITE_SYNCHRONOUS_FULL LogSQLite::SQLiteSynchronous
.. zeek:enum:: LogSQLite::SQLITE_SYNCHRONOUS_EXTRA LogSQLite::SQLiteSynchronous
Values supported for SQLite's PRAGMA synchronous statement.