Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-03 07:08:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
zeek/doc/scripts/base/protocols/http/entities.zeek.rst
Tim Wojtulewicz ded98cd373 Copy docs into Zeek repo directly 
This is based on commit 2731def9159247e6da8a3191783c89683363689c from the
zeek-docs repo.
2025-09-26 02:58:29 +00:00

130 lines
7.2 KiB
ReStructuredText
Raw Permalink Blame History

:tocdepth: 3
base/protocols/http/entities.zeek
=================================
.. zeek:namespace:: HTTP
Analysis and logging for MIME entities found in HTTP sessions.
:Namespace: HTTP
:Imports: :doc:`base/frameworks/files </scripts/base/frameworks/files/index>`, :doc:`base/frameworks/notice/weird.zeek </scripts/base/frameworks/notice/weird.zeek>`, :doc:`base/protocols/http/main.zeek </scripts/base/protocols/http/main.zeek>`, :doc:`base/utils/files.zeek </scripts/base/utils/files.zeek>`, :doc:`base/utils/strings.zeek </scripts/base/utils/strings.zeek>`
Summary
~~~~~~~
Runtime Options
###############
======================================================================= ==========================================
:zeek:id:`HTTP::max_files_orig`: :zeek:type:`count` :zeek:attr:`&redef` Maximum number of originator files to log.
:zeek:id:`HTTP::max_files_resp`: :zeek:type:`count` :zeek:attr:`&redef` Maximum number of responder files to log.
======================================================================= ==========================================
Types
#####
============================================== =
:zeek:type:`HTTP::Entity`: :zeek:type:`record`
============================================== =
Redefinitions
#############
============================================================= ======================================================================================================
:zeek:type:`HTTP::Info`: :zeek:type:`record`
:New Fields: :zeek:type:`HTTP::Info`
orig_fuids: :zeek:type:`vector` of :zeek:type:`string` :zeek:attr:`&log` :zeek:attr:`&optional`
An ordered vector of file unique IDs.
orig_filenames: :zeek:type:`vector` of :zeek:type:`string` :zeek:attr:`&log` :zeek:attr:`&optional`
An ordered vector of filenames from the client.
orig_mime_types: :zeek:type:`vector` of :zeek:type:`string` :zeek:attr:`&log` :zeek:attr:`&optional`
An ordered vector of mime types.
resp_fuids: :zeek:type:`vector` of :zeek:type:`string` :zeek:attr:`&log` :zeek:attr:`&optional`
An ordered vector of file unique IDs.
resp_filenames: :zeek:type:`vector` of :zeek:type:`string` :zeek:attr:`&log` :zeek:attr:`&optional`
An ordered vector of filenames from the server.
resp_mime_types: :zeek:type:`vector` of :zeek:type:`string` :zeek:attr:`&log` :zeek:attr:`&optional`
An ordered vector of mime types.
current_entity: :zeek:type:`HTTP::Entity` :zeek:attr:`&optional`
The current entity.
orig_mime_depth: :zeek:type:`count` :zeek:attr:`&default` = ``0`` :zeek:attr:`&optional`
Current number of MIME entities in the HTTP request message
body.
resp_mime_depth: :zeek:type:`count` :zeek:attr:`&default` = ``0`` :zeek:attr:`&optional`
Current number of MIME entities in the HTTP response message
body.
:zeek:type:`fa_file`: :zeek:type:`record` :zeek:attr:`&redef`
:New Fields: :zeek:type:`fa_file`
http: :zeek:type:`HTTP::Info` :zeek:attr:`&optional`
============================================================= ======================================================================================================
Hooks
#####
==================================================== ================================================================
:zeek:id:`HTTP::max_files_policy`: :zeek:type:`hook` Called when reaching the max number of files across a given HTTP
connection according to :zeek:see:`HTTP::max_files_orig`
or :zeek:see:`HTTP::max_files_resp`.
==================================================== ================================================================
Detailed Interface
~~~~~~~~~~~~~~~~~~
Runtime Options
###############
.. zeek:id:: HTTP::max_files_orig
:source-code: base/protocols/http/entities.zeek 20 20
:Type: :zeek:type:`count`
:Attributes: :zeek:attr:`&redef`
:Default: ``15``
Maximum number of originator files to log.
:zeek:see:`HTTP::max_files_policy` even is called once this
limit is reached to determine if it's enforced.
.. zeek:id:: HTTP::max_files_resp
:source-code: base/protocols/http/entities.zeek 25 25
:Type: :zeek:type:`count`
:Attributes: :zeek:attr:`&redef`
:Default: ``15``
Maximum number of responder files to log.
:zeek:see:`HTTP::max_files_policy` even is called once this
limit is reached to determine if it's enforced.
Types
#####
.. zeek:type:: HTTP::Entity
:source-code: base/protocols/http/entities.zeek 12 15
:Type: :zeek:type:`record`
.. zeek:field:: filename :zeek:type:`string` :zeek:attr:`&optional`
Filename for the entity if discovered from a header.
Hooks
#####
.. zeek:id:: HTTP::max_files_policy
:source-code: base/protocols/http/entities.zeek 31 31
:Type: :zeek:type:`hook` (f: :zeek:type:`fa_file`, is_orig: :zeek:type:`bool`) : :zeek:type:`bool`
Called when reaching the max number of files across a given HTTP
connection according to :zeek:see:`HTTP::max_files_orig`
or :zeek:see:`HTTP::max_files_resp`. Break from the hook
early to signal that the file limit should not be applied.
Reference in a new issue View git blame Copy permalink