Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-03 07:08:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Copy docs into Zeek repo directly

Browse source 
This is based on commit 2731def9159247e6da8a3191783c89683363689c from the
zeek-docs repo.
This commit is contained in:
Tim Wojtulewicz 2025-09-15 15:52:18 -07:00
parent 83f1e74643
commit ded98cd373
1074 changed files with 169319 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

14
doc/scripts/base/protocols/postgresql/__load__.zeek.rst Normal file
View file

@ -0,0 +1,14 @@
:tocdepth: 3
base/protocols/postgresql/__load__.zeek
=======================================
:Imports: :doc:`base/protocols/postgresql/consts.zeek </scripts/base/protocols/postgresql/consts.zeek>`, :doc:`base/protocols/postgresql/main.zeek </scripts/base/protocols/postgresql/main.zeek>`, :doc:`base/protocols/postgresql/spicy-events.zeek </scripts/base/protocols/postgresql/spicy-events.zeek>`
Summary
~~~~~~~
Detailed Interface
~~~~~~~~~~~~~~~~~~

79
doc/scripts/base/protocols/postgresql/consts.zeek.rst Normal file
View file

@ -0,0 +1,79 @@
:tocdepth: 3
base/protocols/postgresql/consts.zeek
=====================================
.. zeek:namespace:: PostgreSQL
:Namespace: PostgreSQL
Summary
~~~~~~~
State Variables
###############
====================================================================================================================== =
:zeek:id:`PostgreSQL::auth_ids`: :zeek:type:`table` :zeek:attr:`&default` = :zeek:type:`function` :zeek:attr:`&redef`
:zeek:id:`PostgreSQL::error_ids`: :zeek:type:`table` :zeek:attr:`&default` = :zeek:type:`function` :zeek:attr:`&redef`
====================================================================================================================== =
Detailed Interface
~~~~~~~~~~~~~~~~~~
State Variables
###############
.. zeek:id:: PostgreSQL::auth_ids
:source-code: base/protocols/postgresql/consts.zeek 26 26
:Type: :zeek:type:`table` [:zeek:type:`count`] of :zeek:type:`string`
:Attributes: :zeek:attr:`&default` = :zeek:type:`function` :zeek:attr:`&redef`
:Default:
::
{
[2] = "KerberosV5",
[8] = "GSSAPIContinue",
[11] = "SASLContinue",
[3] = "CleartextPassword",
[7] = "GSSAPI",
[5] = "MD5Password",
[9] = "SSPI",
[10] = "SASL",
[12] = "SASLFinal"
}
.. zeek:id:: PostgreSQL::error_ids
:source-code: base/protocols/postgresql/consts.zeek 5 5
:Type: :zeek:type:`table` [:zeek:type:`string`] of :zeek:type:`string`
:Attributes: :zeek:attr:`&default` = :zeek:type:`function` :zeek:attr:`&redef`
:Default:
::
{
["R"] = "Routine",
["H"] = "Hint",
["D"] = "Detail",
["S"] = "SeverityLocalized",
["d"] = "Data",
["p"] = "InternalPosition",
["W"] = "Where",
["M"] = "Message",
["n"] = "Constraint",
["c"] = "Column",
["V"] = "Severity",
["t"] = "Table",
["C"] = "Code",
["F"] = "File",
["P"] = "Position",
["s"] = "Schema",
["q"] = "InternalQuery",
["L"] = "Line"
}

20
doc/scripts/base/protocols/postgresql/index.rst Normal file
View file

@ -0,0 +1,20 @@
:orphan:
Package: base/protocols/postgresql
==================================
:doc:`/scripts/base/protocols/postgresql/__load__.zeek`
:doc:`/scripts/base/protocols/postgresql/consts.zeek`
:doc:`/scripts/base/protocols/postgresql/spicy-events.zeek`
Events generated by the PostgreSQL analyzer.
:doc:`/scripts/base/protocols/postgresql/main.zeek`
Implements base functionality for PostgreSQL analysis.

189
doc/scripts/base/protocols/postgresql/main.zeek.rst Normal file
View file

@ -0,0 +1,189 @@
:tocdepth: 3
base/protocols/postgresql/main.zeek
===================================
.. zeek:namespace:: PostgreSQL
Implements base functionality for PostgreSQL analysis.
:Namespace: PostgreSQL
:Imports: :doc:`base/protocols/conn/removal-hooks.zeek </scripts/base/protocols/conn/removal-hooks.zeek>`, :doc:`base/protocols/postgresql/consts.zeek </scripts/base/protocols/postgresql/consts.zeek>`, :doc:`base/protocols/postgresql/spicy-events.zeek </scripts/base/protocols/postgresql/spicy-events.zeek>`
Summary
~~~~~~~
State Variables
###############
================================================================== =
:zeek:id:`PostgreSQL::ports`: :zeek:type:`set` :zeek:attr:`&redef`
================================================================== =
Types
#####
===================================================== ===============================================================
:zeek:type:`PostgreSQL::Info`: :zeek:type:`record` Record type containing the column fields of the PostgreSQL log.
:zeek:type:`PostgreSQL::State`: :zeek:type:`record`
:zeek:type:`PostgreSQL::Version`: :zeek:type:`record`
===================================================== ===============================================================
Redefinitions
#############
==================================================================== =========================================================================
:zeek:type:`Log::ID`: :zeek:type:`enum` Log stream identifier.
* :zeek:enum:`PostgreSQL::LOG`
:zeek:type:`connection`: :zeek:type:`record`
:New Fields: :zeek:type:`connection`
postgresql: :zeek:type:`PostgreSQL::Info` :zeek:attr:`&optional`
postgresql_state: :zeek:type:`PostgreSQL::State` :zeek:attr:`&optional`
:zeek:id:`likely_server_ports`: :zeek:type:`set` :zeek:attr:`&redef`
==================================================================== =========================================================================
Events
######
========================================================= =====================================
:zeek:id:`PostgreSQL::log_postgresql`: :zeek:type:`event` Default hook into PostgreSQL logging.
========================================================= =====================================
Hooks
#####
========================================================================== =
:zeek:id:`PostgreSQL::finalize_postgresql`: :zeek:type:`Conn::RemovalHook`
========================================================================== =
Detailed Interface
~~~~~~~~~~~~~~~~~~
State Variables
###############
.. zeek:id:: PostgreSQL::ports
:source-code: base/protocols/postgresql/main.zeek 65 65
:Type: :zeek:type:`set` [:zeek:type:`port`]
:Attributes: :zeek:attr:`&redef`
:Default:
::
{
5432/tcp
}
Types
#####
.. zeek:type:: PostgreSQL::Info
:source-code: base/protocols/postgresql/main.zeek 20 49
:Type: :zeek:type:`record`
.. zeek:field:: ts :zeek:type:`time` :zeek:attr:`&log`
Timestamp for when the activity happened.
.. zeek:field:: uid :zeek:type:`string` :zeek:attr:`&log`
Unique ID for the connection.
.. zeek:field:: id :zeek:type:`conn_id` :zeek:attr:`&log`
The connection's 4-tuple of endpoint addresses/ports.
.. zeek:field:: user :zeek:type:`string` :zeek:attr:`&optional` :zeek:attr:`&log`
The user as found in the StartupMessage.
.. zeek:field:: database :zeek:type:`string` :zeek:attr:`&optional` :zeek:attr:`&log`
The database as found in the StartupMessage.
.. zeek:field:: application_name :zeek:type:`string` :zeek:attr:`&optional` :zeek:attr:`&log`
The application name as found in the StartupMessage.
.. zeek:field:: frontend :zeek:type:`string` :zeek:attr:`&optional` :zeek:attr:`&log`
.. zeek:field:: frontend_arg :zeek:type:`string` :zeek:attr:`&optional` :zeek:attr:`&log`
.. zeek:field:: backend :zeek:type:`string` :zeek:attr:`&optional` :zeek:attr:`&log`
.. zeek:field:: backend_arg :zeek:type:`string` :zeek:attr:`&optional` :zeek:attr:`&log`
.. zeek:field:: success :zeek:type:`bool` :zeek:attr:`&optional` :zeek:attr:`&log`
.. zeek:field:: rows :zeek:type:`count` :zeek:attr:`&optional` :zeek:attr:`&log`
Record type containing the column fields of the PostgreSQL log.
.. zeek:type:: PostgreSQL::State
:source-code: base/protocols/postgresql/main.zeek 51 58
:Type: :zeek:type:`record`
.. zeek:field:: version :zeek:type:`PostgreSQL::Version` :zeek:attr:`&optional`
.. zeek:field:: user :zeek:type:`string` :zeek:attr:`&optional`
.. zeek:field:: database :zeek:type:`string` :zeek:attr:`&optional`
.. zeek:field:: application_name :zeek:type:`string` :zeek:attr:`&optional`
.. zeek:field:: rows :zeek:type:`count` :zeek:attr:`&optional`
.. zeek:field:: errors :zeek:type:`vector` of :zeek:type:`string`
.. zeek:type:: PostgreSQL::Version
:source-code: base/protocols/postgresql/main.zeek 14 17
:Type: :zeek:type:`record`
.. zeek:field:: major :zeek:type:`count`
.. zeek:field:: minor :zeek:type:`count`
Events
######
.. zeek:id:: PostgreSQL::log_postgresql
:source-code: base/protocols/postgresql/main.zeek 61 61
:Type: :zeek:type:`event` (rec: :zeek:type:`PostgreSQL::Info`)
Default hook into PostgreSQL logging.
Hooks
#####
.. zeek:id:: PostgreSQL::finalize_postgresql
:source-code: base/protocols/postgresql/main.zeek 248 250
:Type: :zeek:type:`Conn::RemovalHook`

293
doc/scripts/base/protocols/postgresql/spicy-events.zeek.rst Normal file
View file

@ -0,0 +1,293 @@
:tocdepth: 3
base/protocols/postgresql/spicy-events.zeek
===========================================
Events generated by the PostgreSQL analyzer.
Summary
~~~~~~~
Events
######
=========================================================================== =========================================================================
:zeek:id:`PostgreSQL::authentication_ok`: :zeek:type:`event` Event generated for backend authentication requests indicating successful
authentication.
:zeek:id:`PostgreSQL::authentication_request`: :zeek:type:`event` Event generated for backend authentication requests.
:zeek:id:`PostgreSQL::authentication_response`: :zeek:type:`event` Event generated for frontend authentication responses.
:zeek:id:`PostgreSQL::backend_key_data`: :zeek:type:`event` Generated for a BackendKeyData message for cancellation.
:zeek:id:`PostgreSQL::data_row`: :zeek:type:`event` Event generated for every backend DataRow message.
:zeek:id:`PostgreSQL::error_response`: :zeek:type:`event` Event generated for a ErrorResponse.
:zeek:id:`PostgreSQL::error_response_identified_field`: :zeek:type:`event` Event generated for identified field within an ErrorResponse.
:zeek:id:`PostgreSQL::not_implemented`: :zeek:type:`event` Event generated for not implemented messages.
:zeek:id:`PostgreSQL::notice_response`: :zeek:type:`event` Event generated for a NoticeResponse.
:zeek:id:`PostgreSQL::notice_response_identified_field`: :zeek:type:`event` Event generated for identified field within a NoticeResponse.
:zeek:id:`PostgreSQL::parameter_status`: :zeek:type:`event` Event generated for backend runtime parameter status reports.
:zeek:id:`PostgreSQL::ready_for_query`: :zeek:type:`event` Event generated for every backed ReadyForQuery message.
:zeek:id:`PostgreSQL::simple_query`: :zeek:type:`event` Event generated for every frontend SimpleQuery message.
:zeek:id:`PostgreSQL::ssl_reply`: :zeek:type:`event` Event generated for backend SSL reply.
:zeek:id:`PostgreSQL::ssl_request`: :zeek:type:`event` Event generated for frontend SSLRequest messages.
:zeek:id:`PostgreSQL::startup_message`: :zeek:type:`event` Event generated for a StartupMessage.
:zeek:id:`PostgreSQL::startup_parameter`: :zeek:type:`event` Event generated for every parameter in a StartupMessage.
:zeek:id:`PostgreSQL::terminate`: :zeek:type:`event` Event generated For a frontend Terminate message.
=========================================================================== =========================================================================
Detailed Interface
~~~~~~~~~~~~~~~~~~
Events
######
.. zeek:id:: PostgreSQL::authentication_ok
:source-code: base/protocols/postgresql/main.zeek 195 200
:Type: :zeek:type:`event` (c: :zeek:type:`connection`)
Event generated for backend authentication requests indicating successful
authentication.
:param c: The connection.
.. zeek:see:: PostgreSQL::authentication_request
.. zeek:see:: PostgreSQL::authentication_response
.. zeek:id:: PostgreSQL::authentication_request
:source-code: base/protocols/postgresql/main.zeek 181 193
:Type: :zeek:type:`event` (c: :zeek:type:`connection`, identifier: :zeek:type:`count`, data: :zeek:type:`string`)
Event generated for backend authentication requests.
:param c: The connection.
:param identifier: The identifier in the request.
:param data: The request data, if any.
.. zeek:see:: PostgreSQL::authentication_response
.. zeek:see:: PostgreSQL::authentication_ok
.. zeek:id:: PostgreSQL::authentication_response
:source-code: base/protocols/postgresql/spicy-events.zeek 44 44
:Type: :zeek:type:`event` (c: :zeek:type:`connection`, data: :zeek:type:`string`)
Event generated for frontend authentication responses.
:param c: The connection.
:param data: The response data, if any.
.. zeek:see:: PostgreSQL::authentication_request
.. zeek:see:: PostgreSQL::authentication_ok
.. zeek:id:: PostgreSQL::backend_key_data
:source-code: base/protocols/postgresql/spicy-events.zeek 139 139
:Type: :zeek:type:`event` (c: :zeek:type:`connection`, process_id: :zeek:type:`count`, secret_key: :zeek:type:`count`)
Generated for a BackendKeyData message for cancellation.
:param c: The connection.
:param process_id: The process ID of the backend.
:param secret_key: The secret key of the backend.
.. zeek:id:: PostgreSQL::data_row
:source-code: base/protocols/postgresql/main.zeek 222 229
:Type: :zeek:type:`event` (c: :zeek:type:`connection`, column_values: :zeek:type:`count`)
Event generated for every backend DataRow message.
:param c: The connection.
:param column_values: The number of columns in this row.
.. zeek:id:: PostgreSQL::error_response
:source-code: base/protocols/postgresql/main.zeek 160 179
:Type: :zeek:type:`event` (c: :zeek:type:`connection`)
Event generated for a ErrorResponse.
:param c: The connection.
.. zeek:see:: PostgreSQL::error_response_identified_field
.. zeek:id:: PostgreSQL::error_response_identified_field
:source-code: base/protocols/postgresql/main.zeek 143 148
:Type: :zeek:type:`event` (c: :zeek:type:`connection`, code: :zeek:type:`string`, value: :zeek:type:`string`)
Event generated for identified field within an ErrorResponse.
:param c: The connection.
:param code: The code (https://www.postgresql.org/docs/current/protocol-error-fields.html)
:param value: The field value.
.. zeek:see:: PostgreSQL::error_response
.. zeek:id:: PostgreSQL::not_implemented
:source-code: base/protocols/postgresql/spicy-events.zeek 147 147
:Type: :zeek:type:`event` (c: :zeek:type:`connection`, is_orig: :zeek:type:`bool`, typ: :zeek:type:`string`, chunk: :zeek:type:`string`)
Event generated for not implemented messages.
.. zeek:id:: PostgreSQL::notice_response
:source-code: base/protocols/postgresql/spicy-events.zeek 113 113
:Type: :zeek:type:`event` (c: :zeek:type:`connection`)
Event generated for a NoticeResponse.
:param c: The connection.
.. zeek:see:: PostgreSQL::notice_response_identified_field
.. zeek:id:: PostgreSQL::notice_response_identified_field
:source-code: base/protocols/postgresql/main.zeek 150 158
:Type: :zeek:type:`event` (c: :zeek:type:`connection`, code: :zeek:type:`string`, value: :zeek:type:`string`)
Event generated for identified field within a NoticeResponse.
:param c: The connection.
:param code: The code (https://www.postgresql.org/docs/current/protocol-error-fields.html)
:param value: The field value.
.. zeek:see:: PostgreSQL::notice_response
.. zeek:id:: PostgreSQL::parameter_status
:source-code: base/protocols/postgresql/spicy-events.zeek 130 130
:Type: :zeek:type:`event` (c: :zeek:type:`connection`, name: :zeek:type:`string`, value: :zeek:type:`string`)
Event generated for backend runtime parameter status reports.
:param c: The connection.
:param name: The name of the runtime parameter.
:param value: The current value of the parameter.
.. zeek:id:: PostgreSQL::ready_for_query
:source-code: base/protocols/postgresql/main.zeek 231 246
:Type: :zeek:type:`event` (c: :zeek:type:`connection`, transaction_status: :zeek:type:`string`)
Event generated for every backed ReadyForQuery message.
:param c: The connection.
:param transaction_status: I (idle), T (in transaction block), E (error).
.. zeek:id:: PostgreSQL::simple_query
:source-code: base/protocols/postgresql/main.zeek 211 220
:Type: :zeek:type:`event` (c: :zeek:type:`connection`, query: :zeek:type:`string`)
Event generated for every frontend SimpleQuery message.
:param c: The connection.
:param query: The query string.
.. zeek:id:: PostgreSQL::ssl_reply
:source-code: base/protocols/postgresql/main.zeek 114 122
:Type: :zeek:type:`event` (c: :zeek:type:`connection`, data: :zeek:type:`string`)
Event generated for backend SSL reply.
:param c: The connection.
:param data: The server's reply: S for secure, N for unencrypted.
.. zeek:id:: PostgreSQL::ssl_request
:source-code: base/protocols/postgresql/main.zeek 108 112
:Type: :zeek:type:`event` (c: :zeek:type:`connection`)
Event generated for frontend SSLRequest messages.
:param c: The connection.
.. zeek:id:: PostgreSQL::startup_message
:source-code: base/protocols/postgresql/main.zeek 136 141
:Type: :zeek:type:`event` (c: :zeek:type:`connection`, major: :zeek:type:`count`, minor: :zeek:type:`count`)
Event generated for a StartupMessage.
:param c: The connection.
:param major: The major protocol version.
:param minor: The minor protocol version.
.. zeek:id:: PostgreSQL::startup_parameter
:source-code: base/protocols/postgresql/main.zeek 124 134
:Type: :zeek:type:`event` (c: :zeek:type:`connection`, name: :zeek:type:`string`, value: :zeek:type:`string`)
Event generated for every parameter in a StartupMessage.
:param c: The connection.
:param name: The name of the parameter.
:param value: The value of the parameter.
.. zeek:id:: PostgreSQL::terminate
:source-code: base/protocols/postgresql/main.zeek 202 209
:Type: :zeek:type:`event` (c: :zeek:type:`connection`)
Event generated For a frontend Terminate message.
:param c: The connection.