Log NamespaceΒΆ

Namespace: Log.

class zlogging.enum.Log.ID(value)[source]

Bases: IntFlag

Enum: Log::ID.

Type that defines an ID unique to each log stream. Scripts creating new log streams need to redef this enum to add their own specific log ID. The log ID implicitly determines the default name of the generated log file.

See also

base/frameworks/logging/main.zeek

UNKNOWN = 1

Dummy place-holder.

PRINTLOG = 2

Print statements that have been redirected to a log stream.

Broker_LOG = 4

Broker::LOG (present if base/frameworks/broker/log.zeek is loaded)

Files_LOG = 8

Files::LOG (present if base/frameworks/files/main.zeek is loaded) Logging stream for file analysis.

Reporter_LOG = 16

Reporter::LOG (present if base/frameworks/reporter/main.zeek is loaded)

Cluster_LOG = 32

Cluster::LOG (present if base/frameworks/cluster/main.zeek is loaded)

Notice_LOG = 64

Notice::LOG (present if base/frameworks/notice/main.zeek is loaded) This is the primary logging stream for notices.

Notice_ALARM_LOG = 128

Notice::ALARM_LOG (present if base/frameworks/notice/main.zeek is loaded) This is the alarm stream.

Weird_LOG = 256

Weird::LOG (present if base/frameworks/notice/weird.zeek is loaded)

DPD_LOG = 512

DPD::LOG (present if base/frameworks/dpd/main.zeek is loaded)

Signatures_LOG = 1024

Signatures::LOG (present if base/frameworks/signatures/main.zeek is loaded)

PacketFilter_LOG = 2048

PacketFilter::LOG (present if base/frameworks/packet-filter/main.zeek is loaded)

Software_LOG = 4096

Software::LOG (present if base/frameworks/software/main.zeek is loaded)

Intel_LOG = 8192

Intel::LOG (present if base/frameworks/intel/main.zeek is loaded)

Config_LOG = 16384

Config::LOG (present if base/frameworks/config/main.zeek is loaded)

Tunnel_LOG = 32768

Tunnel::LOG (present if base/frameworks/tunnels/main.zeek is loaded)

OpenFlow_LOG = 65536

OpenFlow::LOG (present if base/frameworks/openflow/plugins/log.zeek is loaded)

NetControl_LOG = 131072

NetControl::LOG (present if base/frameworks/netcontrol/main.zeek is loaded)

NetControl_DROP = 262144

NetControl::DROP (present if base/frameworks/netcontrol/types.zeek is loaded) Stop forwarding all packets matching the entity. No additional arguments.

NetControl_SHUNT = 524288

NetControl::SHUNT (present if base/frameworks/netcontrol/shunt.zeek is loaded)

Conn_LOG = 1048576

Conn::LOG (present if base/protocols/conn/main.zeek is loaded)

DCE_RPC_LOG = 2097152

DCE_RPC::LOG (present if base/protocols/dce-rpc/main.zeek is loaded)

DHCP_LOG = 4194304

DHCP::LOG (present if base/protocols/dhcp/main.zeek is loaded)

DNP3_LOG = 8388608

DNP3::LOG (present if base/protocols/dnp3/main.zeek is loaded)

DNS_LOG = 16777216

DNS::LOG (present if base/protocols/dns/main.zeek is loaded)

FTP_LOG = 33554432

FTP::LOG (present if base/protocols/ftp/main.zeek is loaded)

SSL_LOG = 67108864

SSL::LOG (present if base/protocols/ssl/main.zeek is loaded)

X509_LOG = 134217728

X509::LOG (present if base/files/x509/main.zeek is loaded)

HTTP_LOG = 268435456

HTTP::LOG (present if base/protocols/http/main.zeek is loaded)

IRC_LOG = 536870912

IRC::LOG (present if base/protocols/irc/main.zeek is loaded)

KRB_LOG = 1073741824

KRB::LOG (present if base/protocols/krb/main.zeek is loaded)

Modbus_LOG = 2147483648

Modbus::LOG (present if base/protocols/modbus/main.zeek is loaded)

mysql_LOG = 4294967296

mysql::LOG (present if base/protocols/mysql/main.zeek is loaded)

NTLM_LOG = 8589934592

NTLM::LOG (present if base/protocols/ntlm/main.zeek is loaded)

NTP_LOG = 17179869184

NTP::LOG (present if base/protocols/ntp/main.zeek is loaded)

RADIUS_LOG = 34359738368

RADIUS::LOG (present if base/protocols/radius/main.zeek is loaded)

RDP_LOG = 68719476736

RDP::LOG (present if base/protocols/rdp/main.zeek is loaded)

RFB_LOG = 137438953472

RFB::LOG (present if base/protocols/rfb/main.zeek is loaded)

SIP_LOG = 274877906944

SIP::LOG (present if base/protocols/sip/main.zeek is loaded)

SNMP_LOG = 549755813888

SNMP::LOG (present if base/protocols/snmp/main.zeek is loaded)

SMB_AUTH_LOG = 1099511627776

SMB::AUTH_LOG (present if base/protocols/smb/main.zeek is loaded)

SMB_MAPPING_LOG = 2199023255552

SMB::MAPPING_LOG (present if base/protocols/smb/main.zeek is loaded)

SMB_FILES_LOG = 4398046511104

SMB::FILES_LOG (present if base/protocols/smb/main.zeek is loaded)

SMTP_LOG = 8796093022208

SMTP::LOG (present if base/protocols/smtp/main.zeek is loaded)

SOCKS_LOG = 17592186044416

SOCKS::LOG (present if base/protocols/socks/main.zeek is loaded)

SSH_LOG = 35184372088832

SSH::LOG (present if base/protocols/ssh/main.zeek is loaded)

Syslog_LOG = 70368744177664

Syslog::LOG (present if base/protocols/syslog/main.zeek is loaded)

PE_LOG = 140737488355328

PE::LOG (present if base/files/pe/main.zeek is loaded)

NetControl_CATCH_RELEASE = 281474976710656

NetControl::CATCH_RELEASE (present if policy/frameworks/netcontrol/catch-and-release.zeek is loaded)

Unified2_LOG = 562949953421312

Unified2::LOG (present if policy/files/unified2/main.zeek is loaded)

OCSP_LOG = 1125899906842624

OCSP::LOG (present if policy/files/x509/log-ocsp.zeek is loaded)

Barnyard2_LOG = 2251799813685248

Barnyard2::LOG (present if policy/integration/barnyard2/main.zeek is loaded)

CaptureLoss_LOG = 4503599627370496

CaptureLoss::LOG (present if policy/misc/capture-loss.zeek is loaded)

Traceroute_LOG = 9007199254740992

Traceroute::LOG (present if policy/misc/detect-traceroute/main.zeek is loaded)

LoadedScripts_LOG = 18014398509481984

LoadedScripts::LOG (present if policy/misc/loaded-scripts.zeek is loaded)

Stats_LOG = 36028797018963968

Stats::LOG (present if policy/misc/stats.zeek is loaded)

WeirdStats_LOG = 72057594037927936

WeirdStats::LOG (present if policy/misc/weird-stats.zeek is loaded)

Known_HOSTS_LOG = 144115188075855872

Known::HOSTS_LOG (present if policy/protocols/conn/known-hosts.zeek is loaded)

Known_SERVICES_LOG = 288230376151711744

Known::SERVICES_LOG (present if policy/protocols/conn/known-services.zeek is loaded)

Known_MODBUS_LOG = 576460752303423488

Known::MODBUS_LOG (present if policy/protocols/modbus/known-masters-slaves.zeek is loaded)

Modbus_REGISTER_CHANGE_LOG = 1152921504606846976

Modbus::REGISTER_CHANGE_LOG (present if policy/protocols/modbus/track-memmap.zeek is loaded)

MQTT_CONNECT_LOG = 2305843009213693952

MQTT::CONNECT_LOG (present if policy/protocols/mqtt/main.zeek is loaded)

MQTT_SUBSCRIBE_LOG = 4611686018427387904

MQTT::SUBSCRIBE_LOG (present if policy/protocols/mqtt/main.zeek is loaded)

MQTT_PUBLISH_LOG = 9223372036854775808

MQTT::PUBLISH_LOG (present if policy/protocols/mqtt/main.zeek is loaded)

SMB_CMD_LOG = 18446744073709551616

SMB::CMD_LOG (present if policy/protocols/smb/log-cmds.zeek is loaded)

Known_CERTS_LOG = 36893488147419103232

Known::CERTS_LOG (present if policy/protocols/ssl/known-certs.zeek is loaded)

ZeekygenExample_LOG = 73786976294838206464

ZeekygenExample::LOG (present if zeekygen/example.zeek is loaded)

class zlogging.enum.Log.PrintLogType(value)[source]

Bases: IntFlag

Enum: Log::PrintLogType.

Configurations for Log::print_to_log.

See also

base/frameworks/logging/main.zeek

REDIRECT_NONE = 1

No redirection of print statements.

REDIRECT_STDOUT = 2

Redirection of those print statements that were being logged to stdout, leaving behind those set to go to other specific files.

REDIRECT_ALL = 4

Redirection of all print statements.

class zlogging.enum.Log.Writer(value)[source]

Bases: IntFlag

Enum: Log::Writer.

See also

base/frameworks/logging/main.zeek

WRITER_ASCII = 1
WRITER_NONE = 2
WRITER_SQLITE = 4