Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-03 07:08:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
zeek/doc/scripts/base/protocols/ldap/spicy-events.zeek.rst
Tim Wojtulewicz ded98cd373 Copy docs into Zeek repo directly 
This is based on commit 2731def9159247e6da8a3191783c89683363689c from the
zeek-docs repo.
2025-09-26 02:58:29 +00:00

191 lines
6 KiB
ReStructuredText
Raw Permalink Blame History

:tocdepth: 3
base/protocols/ldap/spicy-events.zeek
=====================================
Events generated by the LDAP analyzer.
See See `RFC4511 <https://tools.ietf.org/html/rfc4511>`__.
Summary
~~~~~~~
Events
######
======================================================== =================================================================
:zeek:id:`LDAP::bind_request`: :zeek:type:`event` Event generated for each LDAPMessage containing a BindRequest.
:zeek:id:`LDAP::extended_request`: :zeek:type:`event` Event generated for each ExtendedRequest in LDAP messages.
:zeek:id:`LDAP::extended_response`: :zeek:type:`event` Event generated for each ExtendedResponse in LDAP messages.
:zeek:id:`LDAP::message`: :zeek:type:`event` Event generated for each LDAPMessage (either direction).
:zeek:id:`LDAP::search_request`: :zeek:type:`event` Event generated for each LDAPMessage containing a SearchRequest.
:zeek:id:`LDAP::search_result_entry`: :zeek:type:`event` Event generated for each SearchResultEntry in LDAP messages.
:zeek:id:`LDAP::starttls`: :zeek:type:`event` Event generated when a plaintext LDAP connection switched to TLS.
======================================================== =================================================================
Detailed Interface
~~~~~~~~~~~~~~~~~~
Events
######
.. zeek:id:: LDAP::bind_request
:source-code: base/protocols/ldap/main.zeek 366 397
:Type: :zeek:type:`event` (c: :zeek:type:`connection`, message_id: :zeek:type:`int`, version: :zeek:type:`int`, name: :zeek:type:`string`, auth_type: :zeek:type:`LDAP::BindAuthType`, auth_info: :zeek:type:`string`)
Event generated for each LDAPMessage containing a BindRequest.
:param c: The connection.
:param message_id: The messageID element.
:param version: The version field in the BindRequest.
:param name: The name field in the BindRequest.
:param auth_type: The auth type field in the BindRequest.
:param auth_info: Additional information related to the used auth type.
.. zeek:id:: LDAP::extended_request
:source-code: base/protocols/ldap/spicy-events.zeek 111 111
:Type: :zeek:type:`event` (c: :zeek:type:`connection`, message_id: :zeek:type:`int`, request_name: :zeek:type:`string`, request_value: :zeek:type:`string`)
Event generated for each ExtendedRequest in LDAP messages.
:param c: The connection.
:param message_id: The messageID element.
:param request_name: The name of the extended request.
:param request_value: The value of the extended request (empty if missing).
.. zeek:id:: LDAP::extended_response
:source-code: base/protocols/ldap/spicy-events.zeek 129 129
:Type: :zeek:type:`event` (c: :zeek:type:`connection`, message_id: :zeek:type:`int`, result: :zeek:type:`LDAP::ResultCode`, response_name: :zeek:type:`string`, response_value: :zeek:type:`string`)
Event generated for each ExtendedResponse in LDAP messages.
:param c: The connection.
:param message_id: The messageID element.
:param result: The result code of the response.
:param response_name: The name of the extended response (empty if missing).
:param response_value: The value of the extended response (empty if missing).
.. zeek:id:: LDAP::message
:source-code: base/protocols/ldap/main.zeek 188 287
:Type: :zeek:type:`event` (c: :zeek:type:`connection`, message_id: :zeek:type:`int`, opcode: :zeek:type:`LDAP::ProtocolOpcode`, result: :zeek:type:`LDAP::ResultCode`, matched_dn: :zeek:type:`string`, diagnostic_message: :zeek:type:`string`, object: :zeek:type:`string`, argument: :zeek:type:`string`)
Event generated for each LDAPMessage (either direction).
:param c: The connection.
:param message_id: The messageID element.
:param opcode: The protocolOp field in the message.
:param result: The result code if the message contains a result.
:param matched_dn: The DN if the message contains a result.
:param diagnostic_message: Diagnostic message if the LDAP message contains a result.
:param object: The object name this message refers to.
:param argument: Additional arguments this message includes.
.. zeek:id:: LDAP::search_request
:source-code: base/protocols/ldap/main.zeek 299 348
:Type: :zeek:type:`event` (c: :zeek:type:`connection`, message_id: :zeek:type:`int`, base_object: :zeek:type:`string`, scope: :zeek:type:`LDAP::SearchScope`, deref: :zeek:type:`LDAP::SearchDerefAlias`, size_limit: :zeek:type:`int`, time_limit: :zeek:type:`int`, types_only: :zeek:type:`bool`, filter: :zeek:type:`string`, attributes: :zeek:type:`vector` of :zeek:type:`string`)
Event generated for each LDAPMessage containing a SearchRequest.
:param c: The connection.
:param message_id: The messageID element.
:param base_object: The baseObject field in the SearchRequest.
:param scope: The scope field in the SearchRequest.
:param deref_alias: The derefAlias field in the SearchRequest
:param size_limit: The sizeLimit field in the SearchRequest.
:param time_limit: The timeLimit field in the SearchRequest.
:param types_only: The typesOnly field in the SearchRequest.
:param filter: The string representation of the filter field in the SearchRequest.
:param attributes: Additional attributes of the SearchRequest.
.. zeek:id:: LDAP::search_result_entry
:source-code: base/protocols/ldap/main.zeek 353 358
:Type: :zeek:type:`event` (c: :zeek:type:`connection`, message_id: :zeek:type:`int`, object_name: :zeek:type:`string`)
Event generated for each SearchResultEntry in LDAP messages.
:param c: The connection.
:param message_id: The messageID element.
:param object_name: The object name in the SearchResultEntry.
.. zeek:id:: LDAP::starttls
:source-code: base/protocols/ldap/spicy-events.zeek 141 141
:Type: :zeek:type:`event` (c: :zeek:type:`connection`)
Event generated when a plaintext LDAP connection switched to TLS.
:param c: The connection.
Reference in a new issue View git blame Copy permalink