`zeek` Namespace¶

Namespace: zeek.

class zlogging.enum.zeek.TableChange(value, names=<not given>, *values, module=None, qualname=None, type=None, start=1, boundary=None)[source]

Bases: IntFlag

Enum: TableChange.

See also

base/bif/types.bif.zeek

TABLE_ELEMENT_NEW = 1

TABLE_ELEMENT_CHANGED = 2

TABLE_ELEMENT_REMOVED = 4

TABLE_ELEMENT_EXPIRED = 8

static _generate_next_value_(name, start, count, last_values)

Generate the next value when not given.

name: the name of the member start: the initial start value or None count: the number of existing members last_values: the last value assigned or None

class zlogging.enum.zeek.layer3_proto(value, names=<not given>, *values, module=None, qualname=None, type=None, start=1, boundary=None)[source]

Bases: IntFlag

Enum: layer3_proto.

See also

base/bif/types.bif.zeek

L3_IPV4 = 1

L3_IPV6 = 2

L3_ARP = 4

L3_UNKNOWN = 8

static _generate_next_value_(name, start, count, last_values)

Generate the next value when not given.

name: the name of the member start: the initial start value or None count: the number of existing members last_values: the last value assigned or None

class zlogging.enum.zeek.link_encap(value, names=<not given>, *values, module=None, qualname=None, type=None, start=1, boundary=None)[source]

Bases: IntFlag

Enum: link_encap.

See also

base/bif/types.bif.zeek

LINK_ETHERNET = 1

LINK_UNKNOWN = 2

static _generate_next_value_(name, start, count, last_values)

Generate the next value when not given.

name: the name of the member start: the initial start value or None count: the number of existing members last_values: the last value assigned or None

class zlogging.enum.zeek.rpc_status(value, names=<not given>, *values, module=None, qualname=None, type=None, start=1, boundary=None)[source]

Bases: IntFlag

Enum: rpc_status.

See also

base/bif/types.bif.zeek

RPC_SUCCESS = 1

RPC_PROG_UNAVAIL = 2

RPC_PROG_MISMATCH = 4

RPC_PROC_UNAVAIL = 8

RPC_GARBAGE_ARGS = 16

RPC_SYSTEM_ERR = 32

RPC_TIMEOUT = 64

RPC_VERS_MISMATCH = 128

RPC_AUTH_ERROR = 256

RPC_UNKNOWN_ERROR = 512

static _generate_next_value_(name, start, count, last_values)

Generate the next value when not given.

name: the name of the member start: the initial start value or None count: the number of existing members last_values: the last value assigned or None

class zlogging.enum.zeek.IPAddrAnonymization(value, names=<not given>, *values, module=None, qualname=None, type=None, start=1, boundary=None)[source]

Bases: IntFlag

Enum: IPAddrAnonymization.

See also

base/init-bare.zeek

KEEP_ORIG_ADDR = 1

SEQUENTIALLY_NUMBERED = 2

RANDOM_MD5 = 4

PREFIX_PRESERVING_A50 = 8

PREFIX_PRESERVING_MD5 = 16

static _generate_next_value_(name, start, count, last_values)

Generate the next value when not given.

name: the name of the member start: the initial start value or None count: the number of existing members last_values: the last value assigned or None

class zlogging.enum.zeek.IPAddrAnonymizationClass(value, names=<not given>, *values, module=None, qualname=None, type=None, start=1, boundary=None)[source]

Bases: IntFlag

Enum: IPAddrAnonymizationClass.

See also

base/init-bare.zeek

ORIG_ADDR = 1

RESP_ADDR = 2

OTHER_ADDR = 4

static _generate_next_value_(name, start, count, last_values)

Generate the next value when not given.

name: the name of the member start: the initial start value or None count: the number of existing members last_values: the last value assigned or None

class zlogging.enum.zeek.PcapFilterID(value, names=<not given>, *values, module=None, qualname=None, type=None, start=1, boundary=None)[source]

Bases: IntFlag

Enum: PcapFilterID.

Enum type identifying dynamic BPF filters. These are used by Pcap::precompile_pcap_filter and Pcap::precompile_pcap_filter.

See also

base/init-bare.zeek

PacketFilter_DefaultPcapFilter = 2: PacketFilter::DefaultPcapFilter (present if base/frameworks/packet-filter/main.zeek is loaded)

PacketFilter_FilterTester = 4: PacketFilter::FilterTester (present if base/frameworks/packet-filter/main.zeek is loaded)

static _generate_next_value_(name, start, count, last_values)

Generate the next value when not given.

name: the name of the member start: the initial start value or None count: the number of existing members last_values: the last value assigned or None

None = 1

class zlogging.enum.zeek.pkt_profile_modes(value, names=<not given>, *values, module=None, qualname=None, type=None, start=1, boundary=None)[source]

Bases: IntFlag

Enum: pkt_profile_modes.

Output modes for packet profiling information.

See also: pkt_profile_mode, pkt_profile_freq, pkt_profile_file.

See also

base/init-bare.zeek

PKT_PROFILE_MODE_NONE = 1: No output.

PKT_PROFILE_MODE_SECS = 2: Output every pkt_profile_freq seconds.

PKT_PROFILE_MODE_PKTS = 4: Output every pkt_profile_freq packets.

PKT_PROFILE_MODE_BYTES = 8: Output every pkt_profile_freq bytes.

static _generate_next_value_(name, start, count, last_values)

Generate the next value when not given.

name: the name of the member start: the initial start value or None count: the number of existing members last_values: the last value assigned or None

class zlogging.enum.zeek.transport_proto(value, names=<not given>, *values, module=None, qualname=None, type=None, start=1, boundary=None)[source]

Bases: IntFlag

Enum: transport_proto.

A connection’s transport-layer protocol. Note that Zeek uses the term “connection” broadly, using flow semantics for ICMP and UDP.

See also

base/init-bare.zeek

unknown_transport = 1: An unknown transport-layer protocol.

tcp = 2: TCP.

udp = 4: UDP.

icmp = 8: ICMP.

static _generate_next_value_(name, start, count, last_values)

Generate the next value when not given.

name: the name of the member start: the initial start value or None count: the number of existing members last_values: the last value assigned or None

class zlogging.enum.zeek.Direction(value, names=<not given>, *values, module=None, qualname=None, type=None, start=1, boundary=None)[source]

Bases: IntFlag

Enum: Direction.

See also

base/utils/directions-and-hosts.zeek

INBOUND = 1: The connection originator is not within the locally-monitored network, but the other endpoint is.

OUTBOUND = 2: The connection originator is within the locally-monitored network, but the other endpoint is not.

BIDIRECTIONAL = 4: Only one endpoint is within the locally-monitored network, meaning the connection is either outbound or inbound.

NO_DIRECTION = 8: This value doesn’t match any connection.

static _generate_next_value_(name, start, count, last_values)

Generate the next value when not given.

name: the name of the member start: the initial start value or None count: the number of existing members last_values: the last value assigned or None

class zlogging.enum.zeek.Host(value, names=<not given>, *values, module=None, qualname=None, type=None, start=1, boundary=None)[source]

Bases: IntFlag

Enum: Host.

See also

base/utils/directions-and-hosts.zeek

LOCAL_HOSTS = 1: A host within the locally-monitored network.

REMOTE_HOSTS = 2: A host not within the locally-monitored network.

ALL_HOSTS = 4: Any host.

NO_HOSTS = 8: This value doesn’t match any host.

static _generate_next_value_(name, start, count, last_values)

Generate the next value when not given.

name: the name of the member start: the initial start value or None count: the number of existing members last_values: the last value assigned or None

`zeek` Namespace¶

ZLogging

Navigation

Related Topics

zeek Namespace¶

`zeek` Namespace¶