mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
04a1ead978
As initial examples, this branch ports the Syslog and Finger analyzers over. We leave the old analyzers in place for now and activate them iff we compile without any Spicy. Needs `zeek-spicy-infra` branches in `spicy/`, `spicy-plugin/`, `CMake/`, and `zeek/zeek-testing-private`. Note that the analyzer events remain associated with the Spicy plugin for now: that's where they will show up with `-NN`, and also inside the Zeekygen documentation. We switch CMake over to linking the runtime library into the plugin, vs. at the top-level through object libraries.
21 lines
658 B
Text
21 lines
658 B
Text
##! Events generated by the Syslog analyzer.
|
|
|
|
@ifdef ( Spicy::available ) # must not be used with legacy analyzer
|
|
|
|
## Generated for monitored Syslog messages.
|
|
##
|
|
## See `Wikipedia <http://en.wikipedia.org/wiki/Syslog>`__ for more
|
|
## information about the Syslog protocol.
|
|
##
|
|
## c: The connection record for the underlying transport-layer session/flow.
|
|
##
|
|
## facility: The "facility" included in the message.
|
|
##
|
|
## severity: The "severity" included in the message.
|
|
##
|
|
## msg: The message logged.
|
|
##
|
|
## .. note:: Zeek currently parses only UDP syslog traffic.
|
|
global syslog_message: event(c: connection, facility: count, severity: count, msg: string);
|
|
|
|
@endif
|