mirror of
https://github.com/zeek/zeek.git
synced 2025-10-08 09:38:19 +00:00
ded98cd373
This is based on commit 2731def9159247e6da8a3191783c89683363689c from the zeek-docs repo.
42 lines
1.6 KiB
ReStructuredText
42 lines
1.6 KiB
ReStructuredText
:orphan:
|
|
|
|
Package: base/frameworks/analyzer
|
|
=================================
|
|
|
|
The analyzer framework allows to dynamically enable or disable Zeek's
|
|
protocol analyzers, as well as to manage the well-known ports which
|
|
automatically activate a particular analyzer for new connections.
|
|
|
|
:doc:`/scripts/base/frameworks/analyzer/main.zeek`
|
|
|
|
Framework for managing Zeek's protocol analyzers.
|
|
|
|
The analyzer framework allows to dynamically enable or disable analyzers, as
|
|
well as to manage the well-known ports which automatically activate a
|
|
particular analyzer for new connections.
|
|
|
|
Protocol analyzers are identified by unique tags of type
|
|
:zeek:type:`Analyzer::Tag`, such as :zeek:enum:`Analyzer::ANALYZER_HTTP`.
|
|
These tags are defined internally by
|
|
the analyzers themselves, and documented in their analyzer-specific
|
|
description along with the events that they generate.
|
|
|
|
Analyzer tags are also inserted into a global :zeek:type:`AllAnalyzers::Tag` enum
|
|
type. This type contains duplicates of all of the :zeek:type:`Analyzer::Tag`,
|
|
:zeek:type:`PacketAnalyzer::Tag` and :zeek:type:`Files::Tag` enum values
|
|
and can be used for arguments to function/hook/event definitions where they
|
|
need to handle any analyzer type. See :zeek:id:`Analyzer::register_for_ports`
|
|
for an example.
|
|
|
|
:doc:`/scripts/base/frameworks/analyzer/__load__.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/frameworks/analyzer/dpd.zeek`
|
|
|
|
Disables analyzers if protocol violations occur, and adds service information
|
|
to connection log.
|
|
|
|
:doc:`/scripts/base/frameworks/analyzer/logging.zeek`
|
|
|
|
Logging analyzer violations into analyzer.log
|
|
|