Log NamespaceΒΆ

Namespace: Log.

class zlogging.enum.log.ID(value, names=<not given>, *values, module=None, qualname=None, type=None, start=1, boundary=None)[source]

Bases: IntFlag

Enum: Log::ID.

Type that defines an ID unique to each log stream. Scripts creating new log streams need to redef this enum to add their own specific log ID. The log ID implicitly determines the default name of the generated log file.

See also

base/frameworks/logging/main.zeek

UNKNOWN = 1

Dummy place-holder.

PRINTLOG = 2

Print statements that have been redirected to a log stream.

Broker_LOG = 4

Broker::LOG (present if base/frameworks/broker/log.zeek is loaded)

Cluster_LOG = 8

Cluster::LOG (present if base/frameworks/cluster/main.zeek is loaded)

Config_LOG = 16

Config::LOG (present if base/frameworks/config/main.zeek is loaded)

DPD_LOG = 32

DPD::LOG (present if base/frameworks/analyzer/dpd.zeek is loaded)

Analyzer_Logging_LOG = 64

Analyzer::Logging::LOG (present if base/frameworks/analyzer/logging.zeek is loaded)

Files_LOG = 128

Files::LOG (present if base/frameworks/files/main.zeek is loaded) Logging stream for file analysis.

Reporter_LOG = 256

Reporter::LOG (present if base/frameworks/reporter/main.zeek is loaded)

Notice_LOG = 512

Notice::LOG (present if base/frameworks/notice/main.zeek is loaded) This is the primary logging stream for notices.

Notice_ALARM_LOG = 1024

Notice::ALARM_LOG (present if base/frameworks/notice/main.zeek is loaded) This is the alarm stream.

Weird_LOG = 2048

Weird::LOG (present if base/frameworks/notice/weird.zeek is loaded)

Signatures_LOG = 4096

Signatures::LOG (present if base/frameworks/signatures/main.zeek is loaded)

PacketFilter_LOG = 8192

PacketFilter::LOG (present if base/frameworks/packet-filter/main.zeek is loaded)

Software_LOG = 16384

Software::LOG (present if base/frameworks/software/main.zeek is loaded)

Intel_LOG = 32768

Intel::LOG (present if base/frameworks/intel/main.zeek is loaded)

Tunnel_LOG = 65536

Tunnel::LOG (present if base/frameworks/tunnels/main.zeek is loaded)

OpenFlow_LOG = 131072

OpenFlow::LOG (present if base/frameworks/openflow/plugins/log.zeek is loaded)

NetControl_LOG = 262144

NetControl::LOG (present if base/frameworks/netcontrol/main.zeek is loaded)

NetControl_DROP_LOG = 524288

NetControl::DROP_LOG (present if base/frameworks/netcontrol/drop.zeek is loaded)

NetControl_SHUNT = 1048576

NetControl::SHUNT (present if base/frameworks/netcontrol/shunt.zeek is loaded)

Conn_LOG = 2097152

Conn::LOG (present if base/protocols/conn/main.zeek is loaded)

DCE_RPC_LOG = 4194304

DCE_RPC::LOG (present if base/protocols/dce-rpc/main.zeek is loaded)

DHCP_LOG = 8388608

DHCP::LOG (present if base/protocols/dhcp/main.zeek is loaded)

DNP3_LOG = 16777216

DNP3::LOG (present if base/protocols/dnp3/main.zeek is loaded)

DNS_LOG = 33554432

DNS::LOG (present if base/protocols/dns/main.zeek is loaded)

FTP_LOG = 67108864

FTP::LOG (present if base/protocols/ftp/main.zeek is loaded)

SSL_LOG = 134217728

SSL::LOG (present if base/protocols/ssl/main.zeek is loaded)

X509_LOG = 268435456

X509::LOG (present if base/files/x509/main.zeek is loaded)

OCSP_LOG = 536870912

OCSP::LOG (present if base/files/x509/log-ocsp.zeek is loaded)

HTTP_LOG = 1073741824

HTTP::LOG (present if base/protocols/http/main.zeek is loaded)

IRC_LOG = 2147483648

IRC::LOG (present if base/protocols/irc/main.zeek is loaded)

KRB_LOG = 4294967296

KRB::LOG (present if base/protocols/krb/main.zeek is loaded)

LDAP_LDAP_LOG = 8589934592

LDAP::LDAP_LOG (present if base/protocols/ldap/main.zeek is loaded)

LDAP_LDAP_SEARCH_LOG = 17179869184

LDAP::LDAP_SEARCH_LOG (present if base/protocols/ldap/main.zeek is loaded)

Modbus_LOG = 34359738368

Modbus::LOG (present if base/protocols/modbus/main.zeek is loaded)

MQTT_CONNECT_LOG = 68719476736

MQTT::CONNECT_LOG (present if base/protocols/mqtt/main.zeek is loaded)

MQTT_SUBSCRIBE_LOG = 137438953472

MQTT::SUBSCRIBE_LOG (present if base/protocols/mqtt/main.zeek is loaded)

MQTT_PUBLISH_LOG = 274877906944

MQTT::PUBLISH_LOG (present if base/protocols/mqtt/main.zeek is loaded)

mysql_LOG = 549755813888

mysql::LOG (present if base/protocols/mysql/main.zeek is loaded)

NTLM_LOG = 1099511627776

NTLM::LOG (present if base/protocols/ntlm/main.zeek is loaded)

NTP_LOG = 2199023255552

NTP::LOG (present if base/protocols/ntp/main.zeek is loaded)

QUIC_LOG = 4398046511104

QUIC::LOG (present if base/protocols/quic/main.zeek is loaded)

RADIUS_LOG = 8796093022208

RADIUS::LOG (present if base/protocols/radius/main.zeek is loaded)

RDP_LOG = 17592186044416

RDP::LOG (present if base/protocols/rdp/main.zeek is loaded)

RFB_LOG = 35184372088832

RFB::LOG (present if base/protocols/rfb/main.zeek is loaded)

SIP_LOG = 70368744177664

SIP::LOG (present if base/protocols/sip/main.zeek is loaded)

SNMP_LOG = 140737488355328

SNMP::LOG (present if base/protocols/snmp/main.zeek is loaded)

SMB_MAPPING_LOG = 281474976710656

SMB::MAPPING_LOG (present if base/protocols/smb/main.zeek is loaded)

SMB_FILES_LOG = 562949953421312

SMB::FILES_LOG (present if base/protocols/smb/main.zeek is loaded)

SMTP_LOG = 1125899906842624

SMTP::LOG (present if base/protocols/smtp/main.zeek is loaded)

SOCKS_LOG = 2251799813685248

SOCKS::LOG (present if base/protocols/socks/main.zeek is loaded)

SSH_LOG = 4503599627370496

SSH::LOG (present if base/protocols/ssh/main.zeek is loaded)

Syslog_LOG = 9007199254740992

Syslog::LOG (present if base/protocols/syslog/main.zeek is loaded)

WebSocket_LOG = 18014398509481984

WebSocket::LOG (present if base/protocols/websocket/main.zeek is loaded)

PE_LOG = 36028797018963968

PE::LOG (present if base/files/pe/main.zeek is loaded)

Management_LOG = 72057594037927936

Management::Log::LOG (present if policy/frameworks/management/log.zeek is loaded)

NetControl_CATCH_RELEASE = 144115188075855872

NetControl::CATCH_RELEASE (present if policy/frameworks/netcontrol/catch-and-release.zeek is loaded)

Telemetry_LOG = 288230376151711744

Telemetry::LOG (present if policy/frameworks/telemetry/log.zeek is loaded)

Telemetry_LOG_HISTOGRAM = 576460752303423488

Telemetry::LOG_HISTOGRAM (present if policy/frameworks/telemetry/log.zeek is loaded)

CaptureLoss_LOG = 1152921504606846976

CaptureLoss::LOG (present if policy/misc/capture-loss.zeek is loaded)

Traceroute_LOG = 2305843009213693952

Traceroute::LOG (present if policy/misc/detect-traceroute/main.zeek is loaded)

LoadedScripts_LOG = 4611686018427387904

LoadedScripts::LOG (present if policy/misc/loaded-scripts.zeek is loaded)

Stats_LOG = 9223372036854775808

Stats::LOG (present if policy/misc/stats.zeek is loaded)

WeirdStats_LOG = 18446744073709551616

WeirdStats::LOG (present if policy/misc/weird-stats.zeek is loaded)

UnknownProtocol_LOG = 36893488147419103232

UnknownProtocol::LOG (present if policy/misc/unknown-protocols.zeek is loaded)

Known_HOSTS_LOG = 73786976294838206464

Known::HOSTS_LOG (present if policy/protocols/conn/known-hosts.zeek is loaded)

Known_SERVICES_LOG = 147573952589676412928

Known::SERVICES_LOG (present if policy/protocols/conn/known-services.zeek is loaded)

Known_MODBUS_LOG = 295147905179352825856

Known::MODBUS_LOG (present if policy/protocols/modbus/known-masters-slaves.zeek is loaded)

Modbus_REGISTER_CHANGE_LOG = 590295810358705651712

Modbus::REGISTER_CHANGE_LOG (present if policy/protocols/modbus/track-memmap.zeek is loaded)

SMB_CMD_LOG = 1180591620717411303424

SMB::CMD_LOG (present if policy/protocols/smb/log-cmds.zeek is loaded)

Known_CERTS_LOG = 2361183241434822606848

Known::CERTS_LOG (present if policy/protocols/ssl/known-certs.zeek is loaded)

ZeekygenExample_LOG = 4722366482869645213696

ZeekygenExample::LOG (present if zeekygen/example.zeek is loaded)

static _generate_next_value_(name, start, count, last_values)

Generate the next value when not given.

name: the name of the member start: the initial start value or None count: the number of existing members last_values: the last value assigned or None

class zlogging.enum.log.PrintLogType(value, names=<not given>, *values, module=None, qualname=None, type=None, start=1, boundary=None)[source]

Bases: IntFlag

Enum: Log::PrintLogType.

Configurations for Log::print_to_log.

See also

base/frameworks/logging/main.zeek

REDIRECT_NONE = 1

No redirection of print statements.

REDIRECT_STDOUT = 2

Redirection of those print statements that were being logged to stdout, leaving behind those set to go to other specific files.

REDIRECT_ALL = 4

Redirection of all print statements.

static _generate_next_value_(name, start, count, last_values)

Generate the next value when not given.

name: the name of the member start: the initial start value or None count: the number of existing members last_values: the last value assigned or None

class zlogging.enum.log.Writer(value, names=<not given>, *values, module=None, qualname=None, type=None, start=1, boundary=None)[source]

Bases: IntFlag

Enum: Log::Writer.

See also

base/frameworks/logging/main.zeek

WRITER_ASCII = 1
WRITER_NONE = 2
WRITER_SQLITE = 4
static _generate_next_value_(name, start, count, last_values)

Generate the next value when not given.

name: the name of the member start: the initial start value or None count: the number of existing members last_values: the last value assigned or None