zeek Namespace

Namespace: zeek.

class zlogging.enum.zeek.TableChange(value)[source]

Bases: IntFlag

Enum: TableChange.

See also

base/bif/types.bif.zeek

TABLE_ELEMENT_NEW = 1
TABLE_ELEMENT_CHANGED = 2
TABLE_ELEMENT_REMOVED = 4
TABLE_ELEMENT_EXPIRED = 8
class zlogging.enum.zeek.layer3_proto(value)[source]

Bases: IntFlag

Enum: layer3_proto.

See also

base/bif/types.bif.zeek

L3_IPV4 = 1
L3_IPV6 = 2
L3_ARP = 4
L3_UNKNOWN = 8
class zlogging.enum.zeek.link_encap(value)[source]

Bases: IntFlag

Enum: link_encap.

See also

base/bif/types.bif.zeek

LINK_ETHERNET = 1
LINK_UNKNOWN = 2
class zlogging.enum.zeek.rpc_status(value)[source]

Bases: IntFlag

Enum: rpc_status.

See also

base/bif/types.bif.zeek

RPC_SUCCESS = 1
RPC_PROG_UNAVAIL = 2
RPC_PROG_MISMATCH = 4
RPC_PROC_UNAVAIL = 8
RPC_GARBAGE_ARGS = 16
RPC_SYSTEM_ERR = 32
RPC_TIMEOUT = 64
RPC_VERS_MISMATCH = 128
RPC_AUTH_ERROR = 256
RPC_UNKNOWN_ERROR = 512
class zlogging.enum.zeek.IPAddrAnonymization(value)[source]

Bases: IntFlag

Enum: IPAddrAnonymization.

See also: anonymize_addr.

See also

base/init-bare.zeek

KEEP_ORIG_ADDR = 1
SEQUENTIALLY_NUMBERED = 2
RANDOM_MD5 = 4
PREFIX_PRESERVING_A50 = 8
PREFIX_PRESERVING_MD5 = 16
class zlogging.enum.zeek.IPAddrAnonymizationClass(value)[source]

Bases: IntFlag

Enum: IPAddrAnonymizationClass.

See also: anonymize_addr.

See also

base/init-bare.zeek

ORIG_ADDR = 1
RESP_ADDR = 2
OTHER_ADDR = 4
class zlogging.enum.zeek.PcapFilterID(value)[source]

Bases: IntFlag

Enum: PcapFilterID.

Enum type identifying dynamic BPF filters. These are used by Pcap::precompile_pcap_filter and Pcap::precompile_pcap_filter.

See also

base/init-bare.zeek

PacketFilter_DefaultPcapFilter = 2

PacketFilter::DefaultPcapFilter (present if base/frameworks/packet-filter/main.zeek is loaded)

PacketFilter_FilterTester = 4

PacketFilter::FilterTester (present if base/frameworks/packet-filter/main.zeek is loaded)

None = 1
class zlogging.enum.zeek.pkt_profile_modes(value)[source]

Bases: IntFlag

Enum: pkt_profile_modes.

Output modes for packet profiling information.

See also: pkt_profile_mode, pkt_profile_freq, pkt_profile_file.

See also

base/init-bare.zeek

PKT_PROFILE_MODE_NONE = 1

No output.

PKT_PROFILE_MODE_SECS = 2

Output every pkt_profile_freq seconds.

PKT_PROFILE_MODE_PKTS = 4

Output every pkt_profile_freq packets.

PKT_PROFILE_MODE_BYTES = 8

Output every pkt_profile_freq bytes.

class zlogging.enum.zeek.transport_proto(value)[source]

Bases: IntFlag

Enum: transport_proto.

A connection’s transport-layer protocol. Note that Zeek uses the term “connection” broadly, using flow semantics for ICMP and UDP.

See also

base/init-bare.zeek

unknown_transport = 1

An unknown transport-layer protocol.

tcp = 2

TCP.

udp = 4

UDP.

icmp = 8

ICMP.

class zlogging.enum.zeek.Direction(value)[source]

Bases: IntFlag

Enum: Direction.

See also

base/utils/directions-and-hosts.zeek

INBOUND = 1

The connection originator is not within the locally-monitored network, but the other endpoint is.

OUTBOUND = 2

The connection originator is within the locally-monitored network, but the other endpoint is not.

BIDIRECTIONAL = 4

Only one endpoint is within the locally-monitored network, meaning the connection is either outbound or inbound.

NO_DIRECTION = 8

This value doesn’t match any connection.

class zlogging.enum.zeek.Host(value)[source]

Bases: IntFlag

Enum: Host.

See also

base/utils/directions-and-hosts.zeek

LOCAL_HOSTS = 1

A host within the locally-monitored network.

REMOTE_HOSTS = 2

A host not within the locally-monitored network.

ALL_HOSTS = 4

Any host.

NO_HOSTS = 8

This value doesn’t match any host.