Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-16 13:38:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Copy docs into Zeek repo directly

Browse source 
This is based on commit 2731def9159247e6da8a3191783c89683363689c from the
zeek-docs repo.
This commit is contained in:
Tim Wojtulewicz 2025-09-15 15:52:18 -07:00
parent 83f1e74643
commit ded98cd373
1074 changed files with 169319 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

14
doc/scripts/base/protocols/redis/__load__.zeek.rst Normal file
View file

@ -0,0 +1,14 @@
:tocdepth: 3
base/protocols/redis/__load__.zeek
==================================
:Imports: :doc:`base/protocols/redis/main.zeek </scripts/base/protocols/redis/main.zeek>`, :doc:`base/protocols/redis/spicy-events.zeek </scripts/base/protocols/redis/spicy-events.zeek>`
Summary
~~~~~~~
Detailed Interface
~~~~~~~~~~~~~~~~~~

16
doc/scripts/base/protocols/redis/index.rst Normal file
View file

@ -0,0 +1,16 @@
:orphan:
Package: base/protocols/redis
=============================
:doc:`/scripts/base/protocols/redis/__load__.zeek`
:doc:`/scripts/base/protocols/redis/spicy-events.zeek`
Events and records generated by the Redis analyzer.
:doc:`/scripts/base/protocols/redis/main.zeek`

280
doc/scripts/base/protocols/redis/main.zeek.rst Normal file
View file

@ -0,0 +1,280 @@
:tocdepth: 3
base/protocols/redis/main.zeek
==============================
.. zeek:namespace:: Redis
:Namespace: Redis
:Imports: :doc:`base/frameworks/signatures </scripts/base/frameworks/signatures/index>`, :doc:`base/protocols/conn/removal-hooks.zeek </scripts/base/protocols/conn/removal-hooks.zeek>`, :doc:`base/protocols/redis/spicy-events.zeek </scripts/base/protocols/redis/spicy-events.zeek>`
Summary
~~~~~~~
Runtime Options
###############
============================================================================== =
:zeek:id:`Redis::max_pending_commands`: :zeek:type:`count` :zeek:attr:`&redef`
============================================================================== =
Redefinable Options
###################
============================================================= ================================
:zeek:id:`Redis::ports`: :zeek:type:`set` :zeek:attr:`&redef` The ports to register Redis for.
============================================================= ================================
State Variables
###############
========================================================= =
:zeek:id:`Redis::enter_subscribed_mode`: :zeek:type:`set`
:zeek:id:`Redis::exit_subscribed_mode`: :zeek:type:`set`
:zeek:id:`Redis::no_response_commands`: :zeek:type:`set`
========================================================= =
Types
#####
===================================================== ===============================================================================
:zeek:type:`Redis::Info`: :zeek:type:`record` Record type containing the column fields of the Redis log.
:zeek:type:`Redis::NoReplyRange`: :zeek:type:`record` Which numbered commands should not expect a reply due to CLIENT REPLY commands.
:zeek:type:`Redis::RESPVersion`: :zeek:type:`enum`
:zeek:type:`Redis::State`: :zeek:type:`record`
===================================================== ===============================================================================
Redefinitions
#############
==================================================================== ===============================================================
:zeek:type:`Log::ID`: :zeek:type:`enum` Log stream identifier.
* :zeek:enum:`Redis::LOG`
:zeek:type:`connection`: :zeek:type:`record`
:New Fields: :zeek:type:`connection`
redis: :zeek:type:`Redis::Info` :zeek:attr:`&optional`
redis_state: :zeek:type:`Redis::State` :zeek:attr:`&optional`
:zeek:id:`likely_server_ports`: :zeek:type:`set` :zeek:attr:`&redef`
==================================================================== ===============================================================
Hooks
#####
================================================================ =============================================
:zeek:id:`Redis::finalize_redis`: :zeek:type:`Conn::RemovalHook`
:zeek:id:`Redis::log_policy`: :zeek:type:`Log::PolicyHook` A default logging policy hook for the stream.
================================================================ =============================================
Detailed Interface
~~~~~~~~~~~~~~~~~~
Runtime Options
###############
.. zeek:id:: Redis::max_pending_commands
:source-code: base/protocols/redis/main.zeek 74 74
:Type: :zeek:type:`count`
:Attributes: :zeek:attr:`&redef`
:Default: ``10000``
Redefinable Options
###################
.. zeek:id:: Redis::ports
:source-code: base/protocols/redis/main.zeek 13 13
:Type: :zeek:type:`set` [:zeek:type:`port`]
:Attributes: :zeek:attr:`&redef`
:Default:
::
{
6379/tcp
}
The ports to register Redis for.
State Variables
###############
.. zeek:id:: Redis::enter_subscribed_mode
:source-code: base/protocols/redis/main.zeek 77 77
:Type: :zeek:type:`set` [:zeek:type:`Redis::RedisCommand`]
:Default:
::
{
Redis::RedisCommand_PSUBSCRIBE,
Redis::RedisCommand_SSUBSCRIBE,
Redis::RedisCommand_SUBSCRIBE
}
.. zeek:id:: Redis::exit_subscribed_mode
:source-code: base/protocols/redis/main.zeek 81 81
:Type: :zeek:type:`set` [:zeek:type:`Redis::RedisCommand`]
:Default:
::
{
Redis::RedisCommand_RESET,
Redis::RedisCommand_QUIT
}
.. zeek:id:: Redis::no_response_commands
:source-code: base/protocols/redis/main.zeek 84 84
:Type: :zeek:type:`set` [:zeek:type:`Redis::RedisCommand`]
:Default:
::
{
Redis::RedisCommand_SSUBSCRIBE,
Redis::RedisCommand_SUBSCRIBE,
Redis::RedisCommand_PUNSUBSCRIBE,
Redis::RedisCommand_SUNSUBSCRIBE,
Redis::RedisCommand_UNSUBSCRIBE,
Redis::RedisCommand_PSUBSCRIBE
}
Types
#####
.. zeek:type:: Redis::Info
:source-code: base/protocols/redis/main.zeek 16 29
:Type: :zeek:type:`record`
.. zeek:field:: ts :zeek:type:`time` :zeek:attr:`&log`
Timestamp for when the activity happened.
.. zeek:field:: uid :zeek:type:`string` :zeek:attr:`&log`
Unique ID for the connection.
.. zeek:field:: id :zeek:type:`conn_id` :zeek:attr:`&log`
The connection's 4-tuple of endpoint addresses/ports.
.. zeek:field:: cmd :zeek:type:`Redis::Command` :zeek:attr:`&log`
The Redis command.
.. zeek:field:: success :zeek:type:`bool` :zeek:attr:`&log` :zeek:attr:`&optional`
If the command was successful. Only set if the server responded.
.. zeek:field:: reply :zeek:type:`Redis::ReplyData` :zeek:attr:`&log` :zeek:attr:`&optional`
The reply for the command.
Record type containing the column fields of the Redis log.
.. zeek:type:: Redis::NoReplyRange
:source-code: base/protocols/redis/main.zeek 39 42
:Type: :zeek:type:`record`
.. zeek:field:: begin :zeek:type:`count`
.. zeek:field:: end :zeek:type:`count` :zeek:attr:`&optional`
Which numbered commands should not expect a reply due to CLIENT REPLY commands.
These commands may simply skip one, or they may turn off replies then later
reenable them. Thus, the end of the interval is optional.
.. zeek:type:: Redis::RESPVersion
:source-code: base/protocols/redis/main.zeek 44 48
:Type: :zeek:type:`enum`
.. zeek:enum:: Redis::RESP2 Redis::RESPVersion
.. zeek:enum:: Redis::RESP3 Redis::RESPVersion
.. zeek:type:: Redis::State
:source-code: base/protocols/redis/main.zeek 49 70
:Type: :zeek:type:`record`
.. zeek:field:: pending :zeek:type:`table` [:zeek:type:`count`] of :zeek:type:`Redis::Info`
Pending commands.
.. zeek:field:: current_command :zeek:type:`count` :zeek:attr:`&default` = ``0`` :zeek:attr:`&optional`
Current command in the pending queue.
.. zeek:field:: current_reply :zeek:type:`count` :zeek:attr:`&default` = ``0`` :zeek:attr:`&optional`
Current reply in the pending queue.
.. zeek:field:: no_reply_ranges :zeek:type:`vector` of :zeek:type:`Redis::NoReplyRange`
Ranges where we do not expect a reply due to CLIENT REPLY commands.
Each range is one or two elements, one meaning it's unbounded, two meaning
it begins at one and ends at the second.
.. zeek:field:: skip_commands :zeek:type:`set` [:zeek:type:`count`]
The command indexes (from current_command and current_reply) that will
not get responses no matter what.
.. zeek:field:: violation :zeek:type:`bool` :zeek:attr:`&default` = ``F`` :zeek:attr:`&optional`
We store if this analyzer had a violation to avoid logging if so.
This should not be super necessary, but worth a shot.
.. zeek:field:: subscribed_mode :zeek:type:`bool` :zeek:attr:`&default` = ``F`` :zeek:attr:`&optional`
If we are in "subscribed" mode
.. zeek:field:: resp_version :zeek:type:`Redis::RESPVersion` :zeek:attr:`&default` = ``Redis::RESP2`` :zeek:attr:`&optional`
The RESP version
Hooks
#####
.. zeek:id:: Redis::finalize_redis
:source-code: base/protocols/redis/main.zeek 339 357
:Type: :zeek:type:`Conn::RemovalHook`
.. zeek:id:: Redis::log_policy
:source-code: base/protocols/redis/main.zeek 32 32
:Type: :zeek:type:`Log::PolicyHook`
A default logging policy hook for the stream.

305
doc/scripts/base/protocols/redis/spicy-events.zeek.rst Normal file
View file

@ -0,0 +1,305 @@
:tocdepth: 3
base/protocols/redis/spicy-events.zeek
======================================
.. zeek:namespace:: Redis
Events and records generated by the Redis analyzer.
:Namespace: Redis
Summary
~~~~~~~
Types
#####
===================================================== ========================================
:zeek:type:`Redis::AuthCommand`: :zeek:type:`record` The Redis AUTH command.
:zeek:type:`Redis::Command`: :zeek:type:`record` A generic Redis command from the client.
:zeek:type:`Redis::HelloCommand`: :zeek:type:`record` The Redis HELLO command (handshake).
:zeek:type:`Redis::ReplyData`: :zeek:type:`record` A generic Redis reply from the client.
:zeek:type:`Redis::SetCommand`: :zeek:type:`record` The Redis SET command.
===================================================== ========================================
Events
######
=================================================== =======================================================================
:zeek:id:`Redis::auth_command`: :zeek:type:`event` Generated for Redis AUTH commands sent to the Redis server.
:zeek:id:`Redis::command`: :zeek:type:`event` Generated for every command sent by the client to the Redis server.
:zeek:id:`Redis::error`: :zeek:type:`event` Generated for every error response sent by the Redis server to the
client.
:zeek:id:`Redis::get_command`: :zeek:type:`event` Generated for Redis GET commands sent to the Redis server.
:zeek:id:`Redis::hello_command`: :zeek:type:`event` Generated for Redis HELLO commands sent to the Redis server.
:zeek:id:`Redis::reply`: :zeek:type:`event` Generated for every successful response sent by the Redis server to the
client.
:zeek:id:`Redis::server_push`: :zeek:type:`event` Generated for out-of-band data, outside of the request-response
model.
:zeek:id:`Redis::set_command`: :zeek:type:`event` Generated for Redis SET commands sent to the Redis server.
=================================================== =======================================================================
Detailed Interface
~~~~~~~~~~~~~~~~~~
Types
#####
.. zeek:type:: Redis::AuthCommand
:source-code: base/protocols/redis/spicy-events.zeek 33 38
:Type: :zeek:type:`record`
.. zeek:field:: username :zeek:type:`string` :zeek:attr:`&optional`
The username getting authenticated.
.. zeek:field:: password :zeek:type:`string`
The password authenticated with.
The Redis AUTH command.
.. zeek:type:: Redis::Command
:source-code: base/protocols/redis/spicy-events.zeek 47 59
:Type: :zeek:type:`record`
.. zeek:field:: raw :zeek:type:`vector` of :zeek:type:`string`
The raw command, exactly as parsed
.. zeek:field:: name :zeek:type:`string` :zeek:attr:`&log`
The first element of the command. Some commands are two strings, meaning
this is inaccurate for those cases.
.. zeek:field:: key :zeek:type:`string` :zeek:attr:`&log` :zeek:attr:`&optional`
The key, if this command is known to have a key
.. zeek:field:: value :zeek:type:`string` :zeek:attr:`&log` :zeek:attr:`&optional`
The value, if this command is known to have a value
.. zeek:field:: known :zeek:type:`Redis::RedisCommand` :zeek:attr:`&optional`
The command in an enum if it was known
A generic Redis command from the client.
.. zeek:type:: Redis::HelloCommand
:source-code: base/protocols/redis/spicy-events.zeek 41 44
:Type: :zeek:type:`record`
.. zeek:field:: requested_resp_version :zeek:type:`string` :zeek:attr:`&optional`
The sent requested RESP version, such as "2" or "3"
The Redis HELLO command (handshake).
.. zeek:type:: Redis::ReplyData
:source-code: base/protocols/redis/spicy-events.zeek 62 69
:Type: :zeek:type:`record`
.. zeek:field:: attributes :zeek:type:`string` :zeek:attr:`&optional`
The RESP3 attributes applied to this, if any
.. zeek:field:: value :zeek:type:`string` :zeek:attr:`&log`
The string version of the reply data
.. zeek:field:: min_protocol_version :zeek:type:`count`
The minimum RESP version that supports this reply type
A generic Redis reply from the client.
.. zeek:type:: Redis::SetCommand
:source-code: base/protocols/redis/spicy-events.zeek 7 30
:Type: :zeek:type:`record`
.. zeek:field:: key :zeek:type:`string` :zeek:attr:`&log`
The key the SET command is setting.
.. zeek:field:: value :zeek:type:`string` :zeek:attr:`&log`
The value the SET command is setting key to.
.. zeek:field:: nx :zeek:type:`bool`
If NX is set -- only set the key if it does not exist.
.. zeek:field:: xx :zeek:type:`bool`
If XX is set -- only set the key if it already exists.
.. zeek:field:: get :zeek:type:`bool`
If GET is set -- return the old string stored at key.
.. zeek:field:: ex :zeek:type:`count` :zeek:attr:`&optional`
EX option -- set the specified expire time, in seconds.
.. zeek:field:: px :zeek:type:`count` :zeek:attr:`&optional`
PX option -- set the specified expire time, in milliseconds.
.. zeek:field:: exat :zeek:type:`count` :zeek:attr:`&optional`
EXAT option-- set the specified Unix time at which the key will
expire, in seconds.
.. zeek:field:: pxat :zeek:type:`count` :zeek:attr:`&optional`
PXAT option -- set the specified Unix time at which the key will
expire, in milliseconds.
.. zeek:field:: keep_ttl :zeek:type:`bool`
If KEEPTTL is set -- retain the time to live associated with the key.
The Redis SET command.
Events
######
.. zeek:id:: Redis::auth_command
:source-code: base/protocols/redis/spicy-events.zeek 91 91
:Type: :zeek:type:`event` (c: :zeek:type:`connection`, command: :zeek:type:`Redis::AuthCommand`)
Generated for Redis AUTH commands sent to the Redis server.
:param c: The connection.
:param command: The AUTH command sent to the server and its data.
.. zeek:id:: Redis::command
:source-code: base/protocols/redis/main.zeek 159 238
:Type: :zeek:type:`event` (c: :zeek:type:`connection`, cmd: :zeek:type:`Redis::Command`)
Generated for every command sent by the client to the Redis server.
:param c: The connection.
:param cmd: The command sent to the server.
.. zeek:id:: Redis::error
:source-code: base/protocols/redis/main.zeek 325 337
:Type: :zeek:type:`event` (c: :zeek:type:`connection`, data: :zeek:type:`Redis::ReplyData`)
Generated for every error response sent by the Redis server to the
client.
:param c: The connection.
:param data: The server data sent to the client.
.. zeek:id:: Redis::get_command
:source-code: base/protocols/redis/spicy-events.zeek 84 84
:Type: :zeek:type:`event` (c: :zeek:type:`connection`, key: :zeek:type:`string`)
Generated for Redis GET commands sent to the Redis server.
:param c: The connection.
:param command: The GET command sent to the server and its data.
.. zeek:id:: Redis::hello_command
:source-code: base/protocols/redis/main.zeek 150 157
:Type: :zeek:type:`event` (c: :zeek:type:`connection`, command: :zeek:type:`Redis::HelloCommand`)
Generated for Redis HELLO commands sent to the Redis server.
:param c: The connection.
:param command: The HELLO command sent to the server and its data.
.. zeek:id:: Redis::reply
:source-code: base/protocols/redis/main.zeek 294 323
:Type: :zeek:type:`event` (c: :zeek:type:`connection`, data: :zeek:type:`Redis::ReplyData`)
Generated for every successful response sent by the Redis server to the
client. For RESP2, this includes "push" messages, which are out of band.
These will also raise a server_push event. RESP3 push messages will only
raise a server_push event.
:param c: The connection.
:param data: The server data sent to the client.
.. zeek:see:: Redis::server_push
.. zeek:id:: Redis::server_push
:source-code: base/protocols/redis/spicy-events.zeek 133 133
:Type: :zeek:type:`event` (c: :zeek:type:`connection`, data: :zeek:type:`Redis::ReplyData`)
Generated for out-of-band data, outside of the request-response
model.
:param c: The connection.
:param data: The server data sent to the client.
.. zeek:id:: Redis::set_command
:source-code: base/protocols/redis/spicy-events.zeek 77 77
:Type: :zeek:type:`event` (c: :zeek:type:`connection`, command: :zeek:type:`Redis::SetCommand`)
Generated for Redis SET commands sent to the Redis server.
:param c: The connection.
:param command: The SET command sent to the server and its data.