mirror of
https://github.com/zeek/zeek.git
synced 2025-10-03 15:18:20 +00:00
7e9d48f532
The broxygen-generated files now live in the git repo, have tests that check that they are up-to-date, and a script to re-generate them on-demand.
99 lines
3.1 KiB
ReStructuredText
99 lines
3.1 KiB
ReStructuredText
:tocdepth: 3
|
|
|
|
base/protocols/irc/main.bro
|
|
===========================
|
|
.. bro:namespace:: IRC
|
|
|
|
Implements the core IRC analysis support. The logging model is to log
|
|
IRC commands along with the associated response and some additional
|
|
metadata about the connection if it's available.
|
|
|
|
:Namespace: IRC
|
|
|
|
Summary
|
|
~~~~~~~
|
|
Types
|
|
#####
|
|
========================================= =
|
|
:bro:type:`IRC::Info`: :bro:type:`record`
|
|
========================================= =
|
|
|
|
Redefinitions
|
|
#############
|
|
================================================================= =
|
|
:bro:type:`Log::ID`: :bro:type:`enum`
|
|
:bro:type:`connection`: :bro:type:`record`
|
|
:bro:id:`likely_server_ports`: :bro:type:`set` :bro:attr:`&redef`
|
|
================================================================= =
|
|
|
|
Events
|
|
######
|
|
========================================= ====================================================================
|
|
:bro:id:`IRC::irc_log`: :bro:type:`event` Event that can be handled to access the IRC record as it is sent on
|
|
to the logging framework.
|
|
========================================= ====================================================================
|
|
|
|
|
|
Detailed Interface
|
|
~~~~~~~~~~~~~~~~~~
|
|
Types
|
|
#####
|
|
.. bro:type:: IRC::Info
|
|
|
|
:Type: :bro:type:`record`
|
|
|
|
ts: :bro:type:`time` :bro:attr:`&log`
|
|
Timestamp when the command was seen.
|
|
|
|
uid: :bro:type:`string` :bro:attr:`&log`
|
|
Unique ID for the connection.
|
|
|
|
id: :bro:type:`conn_id` :bro:attr:`&log`
|
|
The connection's 4-tuple of endpoint addresses/ports.
|
|
|
|
nick: :bro:type:`string` :bro:attr:`&log` :bro:attr:`&optional`
|
|
Nickname given for the connection.
|
|
|
|
user: :bro:type:`string` :bro:attr:`&log` :bro:attr:`&optional`
|
|
Username given for the connection.
|
|
|
|
command: :bro:type:`string` :bro:attr:`&log` :bro:attr:`&optional`
|
|
Command given by the client.
|
|
|
|
value: :bro:type:`string` :bro:attr:`&log` :bro:attr:`&optional`
|
|
Value for the command given by the client.
|
|
|
|
addl: :bro:type:`string` :bro:attr:`&log` :bro:attr:`&optional`
|
|
Any additional data for the command.
|
|
|
|
dcc_file_name: :bro:type:`string` :bro:attr:`&log` :bro:attr:`&optional`
|
|
(present if :doc:`/scripts/base/protocols/irc/dcc-send.bro` is loaded)
|
|
|
|
DCC filename requested.
|
|
|
|
dcc_file_size: :bro:type:`count` :bro:attr:`&log` :bro:attr:`&optional`
|
|
(present if :doc:`/scripts/base/protocols/irc/dcc-send.bro` is loaded)
|
|
|
|
Size of the DCC transfer as indicated by the sender.
|
|
|
|
dcc_mime_type: :bro:type:`string` :bro:attr:`&log` :bro:attr:`&optional`
|
|
(present if :doc:`/scripts/base/protocols/irc/dcc-send.bro` is loaded)
|
|
|
|
Sniffed mime type of the file.
|
|
|
|
fuid: :bro:type:`string` :bro:attr:`&log` :bro:attr:`&optional`
|
|
(present if :doc:`/scripts/base/protocols/irc/files.bro` is loaded)
|
|
|
|
File unique ID.
|
|
|
|
|
|
Events
|
|
######
|
|
.. bro:id:: IRC::irc_log
|
|
|
|
:Type: :bro:type:`event` (rec: :bro:type:`IRC::Info`)
|
|
|
|
Event that can be handled to access the IRC record as it is sent on
|
|
to the logging framework.
|
|
|
|
|