Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Improve fa_file/fa_metadata documentation

Browse source 
Related to https://github.com/zeek/zeek-docs/pull/38
This commit is contained in:
Jon Siwek 2020-09-22 16:01:51 -07:00
parent 01d83c3204
commit f744d4c070
4 changed files with 16 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

4
CHANGES
View file

@ -1,4 +1,8 @@
3.3.0-dev.285 | 2020-09-22 16:01:51 -0700
* Improve fa_file/fa_metadata documentation (Duffy O'Craven, Corelight)
3.3.0-dev.284 | 2020-09-22 14:10:36 -0700 3.3.0-dev.284 | 2020-09-22 14:10:36 -0700
* Avoid race condition in control/id_value btest (Jon Siwek, Corelight) * Avoid race condition in control/id_value btest (Jon Siwek, Corelight)

2
VERSION
View file

@ -1 +1 @@
3.3.0-dev.284 3.3.0-dev.285

2
doc

@ -1 +1 @@
Subproject commit 9038d35482e6d57acc2d2d9b7d491fbd0a29d3e4 Subproject commit d8e692e091b963f08504c17c4f46c16d601486d5

18
scripts/base/init-bare.zeek
View file

@ -463,12 +463,13 @@ option default_file_timeout_interval: interval = 2 mins;
## matching or later, will receive a copy of this buffer. ## matching or later, will receive a copy of this buffer.
option default_file_bof_buffer_size: count = 4096; option default_file_bof_buffer_size: count = 4096;
## A file that Zeek is analyzing. This is Zeek's type for describing the basic ## File Analysis handle for a file that Zeek is analyzing. This holds
## internal metadata collected about a "file", which is essentially just a ## information about, but not the content of, a conceptual "file";
## byte stream that is e.g. pulled from a network connection or possibly ## essentially any byte stream that is e.g. pulled from a network connection
## some other input source. ## or possibly some other input source. Note that fa_file is also used in
## cases where there isn't a filename to be had.
type fa_file: record { type fa_file: record {
## An identifier associated with a single file. ## A hash serving as the identifier associated with a single file.
id: string; id: string;
## Identifier associated with a container file from which this one was ## Identifier associated with a container file from which this one was
@ -477,8 +478,9 @@ type fa_file: record {
## An identification of the source of the file data. E.g. it may be ## An identification of the source of the file data. E.g. it may be
## a network protocol over which it was transferred, or a local file ## a network protocol over which it was transferred, or a local file
## path which was read, or some other input source. ## path including filename which was read, or some other input source.
## Examples are: "HTTP", "SMTP", "IRC_DATA", or the file path. ## Examples are: "HTTP", "SMTP", "IRC_DATA", or the filename, or even
## the full path and filename.
source: string; source: string;
## If the source of this file is a network connection, this field ## If the source of this file is a network connection, this field
@ -527,7 +529,7 @@ type fa_file: record {
## directly and then remove this alias. ## directly and then remove this alias.
type string_any_file_hook: hook(f: fa_file, e: any, str: string); type string_any_file_hook: hook(f: fa_file, e: any, str: string);
## Metadata that's been inferred about a particular file. ## File Analysis metadata that's been inferred about a particular file.
type fa_metadata: record { type fa_metadata: record {
## The strongest matching MIME type if one was discovered. ## The strongest matching MIME type if one was discovered.
mime_type: string &optional; mime_type: string &optional;