mirror of
https://github.com/zeek/zeek.git
synced 2025-10-03 15:18:20 +00:00
bc252c63dc
We previously used the Spicy plugin's `Spicy::available` to test for Spicy support. However, having Spicy support does not necessarily mean that we have built Zeek with its in-tree Spicy analyzers: the Spicy plugin could have been pulled in from external. The new BIF now reliably tells us whether the Spicy analyzers are available; its result corresponds to what `zeek-config --have-spicy-analyzers` returns as well. We also move the two current checks over to use this BIF. (Note: I refrained from renaming the CMake-side `USE_SPICY_ANALYERS` to `HAVE_SPICY_ANALYZERS`. We should do this eventually for consistency, but I didn't want to make more changes than necessary right now.)
21 lines
678 B
Text
21 lines
678 B
Text
##! Events generated by the Syslog analyzer.
|
|
|
|
@if ( have_spicy_analyzers() ) # prototypes below must not be used with legacy analyzer
|
|
|
|
## Generated for monitored Syslog messages.
|
|
##
|
|
## See `Wikipedia <http://en.wikipedia.org/wiki/Syslog>`__ for more
|
|
## information about the Syslog protocol.
|
|
##
|
|
## c: The connection record for the underlying transport-layer session/flow.
|
|
##
|
|
## facility: The "facility" included in the message.
|
|
##
|
|
## severity: The "severity" included in the message.
|
|
##
|
|
## msg: The message logged.
|
|
##
|
|
## .. note:: Zeek currently parses only UDP syslog traffic.
|
|
global syslog_message: event(c: connection, facility: count, severity: count, msg: string);
|
|
|
|
@endif
|