Signatures Namespace¶
Namespace: Signatures.
- class zlogging.enum.signatures.Action(value, names=<not given>, *values, module=None, qualname=None, type=None, start=1, boundary=None)[source]
Bases:
IntFlagEnum:
Signatures::Action.These are the default actions you can apply to signature matches. All of them write the signature record to the logging stream unless declared otherwise.
See also
- SIG_IGNORE = 1
Ignore this signature completely (even for scan detection). Don’t write to the signatures logging stream.
- SIG_QUIET = 2
Process through the various aggregate techniques, but don’t report individually and don’t write to the signatures logging stream.
- SIG_LOG = 4
Generate a notice.
- SIG_FILE_BUT_NO_SCAN = 8
The same as Signatures::SIG_LOG, but ignore for aggregate/scan processing.
- SIG_ALARM = 16
Generate a notice and set it to be alarmed upon.
- SIG_ALARM_PER_ORIG = 32
Alarm once per originator.
- SIG_ALARM_ONCE = 64
Alarm once and then never again.
- SIG_COUNT_PER_RESP = 128
Count signatures per responder host and alarm with the Signatures::Count_Signature notice if a threshold defined by Signatures::count_thresholds is reached.
- SIG_SUMMARY = 256
Don’t alarm, but generate per-orig summary.
- static _generate_next_value_(name, start, count, last_values)
Generate the next value when not given.
name: the name of the member start: the initial start value or None count: the number of existing members last_values: the last value assigned or None
