Typing Annotations

Zeek Data Types

Boolean

zlogging.typing.zeek_bool: BoolType

Zeek bool data type.

Numeric Types

zlogging.typing.zeek_count: CountType

Zeek count data type.

zlogging.typing.zeek_double: DoubleType

Zeek count data type.

zlogging.typing.zeek_int: IntType

Zeek int data type.

Time Types

zlogging.typing.zeek_time: TimeType

Zeek time data type.

zlogging.typing.zeek_interval: IntervalType

Zeek interval data type.

String

zlogging.typing.zeek_string: StringType

Zeek string data type.

Network Types

zlogging.typing.zeek_port: PortType

Zeek port data type.

zlogging.typing.zeek_addr: AddrType

Zeek addr data type.

zlogging.typing.zeek_subnet: SubnetType

Zeek subnet data type.

Enumeration

zlogging.typing.zeek_enum: EnumType

Zeek enum data type.

Container Types

class zlogging.typing.zeek_set(empty_field=None, unset_field=None, set_separator=None, element_type=None, *args, **kwargs)[source]

Bases: SetType, Generic[_S]

Zeek set data type.

Notes

As a generic data type, the class supports the typing proxy as introduced PEP 484:

class MyLog(zeek_record):
    field_one: zeek_set[zeek_str]

which is the same at runtime as following:

class MyLog(zeek_record):
    field_one = SetType(element_type=StringType())
Parameters:

  • empty_field – Placeholder for empty field.

  • unset_field – Placeholder for unset field.

  • set_separator – Separator for set/vector fields.

  • element_type – Data type of container’s elements.

  • *args – Arbitrary positional arguments.

  • **kwargs – Arbitrary keyword arguments.

class zlogging.typing.zeek_vector(empty_field=None, unset_field=None, set_separator=None, element_type=None, *args, **kwargs)[source]

Bases: VectorType, Generic[_S]

Zeek vector data type.

Notes

As a generic data type, the class supports the typing proxy as introduced PEP 484:

class MyLog(zeek_record):
    field_one: zeek_vector[zeek_str]

which is the same at runtime as following:

class MyLog(zeek_record):
    field_one = VectorType(element_type=StringType())
Parameters:

  • empty_field – Placeholder for empty field.

  • unset_field – Placeholder for unset field.

  • set_separator – Separator for set/vector fields.

  • element_type – Data type of container’s elements.

  • *args – Arbitrary positional arguments.

  • **kwargs – Arbitrary keyword arguments.

class zlogging.typing.zeek_record(empty_field=None, unset_field=None, set_separator=None, *args, **element_mapping)[source]

Bases: RecordType

Zeek record data type.

Notes

As a variadic data type, it supports the typing proxy as TypedDict, introduced in PEP 589:

class MyLog(zeek_record):
    field_one: zeek_int
    field_two: zeek_set[zeek_port]

which is the same at runtime as following:

RecordType(field_one=IntType,
           field_two=SetType(element_type=PortType))

See also

See expand_typing() for more information about the processing of typing proxy.

Parameters:

  • *args (Any) – Arbitrary positional arguments.

  • **kwargs (Any) – Arbitrary keyword arguments.

Return type:

RecordType

Bro Data Types

Warning

Use of bro is deprecated. Please use zeek instead.

Boolean

zlogging.typing.bro_bool: BoolType

Bro bool data type.

Numeric Types

zlogging.typing.bro_count: CountType

Bro count data type.

zlogging.typing.bro_double: CountType

Bro count data type.

zlogging.typing.bro_int: IntType

Bro int data type.

Time Types

zlogging.typing.bro_time: TimeType

Bro time data type.

zlogging.typing.bro_interval: IntervalType

Bro interval data type.

String

zlogging.typing.bro_string: StringType

Bro string data type.

Network Types

zlogging.typing.bro_port: PortType

Bro port data type.

zlogging.typing.bro_addr: AddrType

Bro addr data type.

zlogging.typing.bro_subnet: SubnetType

Bro subnet data type.

Enumeration

zlogging.typing.bro_enum: EnumType

Bro enum data type.

Container Types

class zlogging.typing.bro_set(*args, **kwargs)[source]

Bases: SetType, Generic[_S]

Bro set data type.

See also

See zeek_set for more information.

Parameters:

  • *args – Arbitrary positional arguments.

  • **kwargs – Arbitrary keyword arguments.

class zlogging.typing.bro_vector(*args, **kwargs)[source]

Bases: VectorType, Generic[_S]

Bro vector data type.

See also

See zeek_vector for more information.

Parameters:

  • *args – Arbitrary positional arguments.

  • **kwargs – Arbitrary keyword arguments.

class zlogging.typing.bro_record(*args, **kwargs)[source]

Bases: RecordType

Bro record data type.

See also

See zeek_record for more information.

Parameters:

  • *args (Any) – Arbitrary positional arguments.

  • **kwargs (Any) – Arbitrary keyword arguments.

Return type:

RecordType