Skip to content

Latest commit

 

History

History
127 lines (92 loc) · 7.17 KB

entities.zeek.rst

File metadata and controls

127 lines (92 loc) · 7.17 KB
Raw
tocdepth

3

base/protocols/http/entities.zeek

Analysis and logging for MIME entities found in HTTP sessions.

Namespace

HTTP

Imports

base/frameworks/files </scripts/base/frameworks/files/index>, base/frameworks/notice/weird.zeek </scripts/base/frameworks/notice/weird.zeek>, base/protocols/http/main.zeek </scripts/base/protocols/http/main.zeek>, base/utils/files.zeek </scripts/base/utils/files.zeek>, base/utils/strings.zeek </scripts/base/utils/strings.zeek>

Summary

Runtime Options

:zeekHTTP::max_files_orig: :zeekcount :zeek&redef Maximum number of originator files to log.
:zeekHTTP::max_files_resp: :zeekcount :zeek&redef Maximum number of responder files to log.

Types

:zeekHTTP::Entity: :zeekrecord

Redefinitions #############

=============================================== :zeekHTTP::Info: :zeekrecord

============== ======================================================================================================

New Fields

:zeekHTTP::Info

orig_fuids: :zeekvector of :zeekstring :zeek&log :zeek&optional

An ordered vector of file unique IDs.

orig_filenames: :zeekvector of :zeekstring :zeek&log :zeek&optional

An ordered vector of filenames from the client.

orig_mime_types: :zeekvector of :zeekstring :zeek&log :zeek&optional

An ordered vector of mime types.

resp_fuids: :zeekvector of :zeekstring :zeek&log :zeek&optional

An ordered vector of file unique IDs.

resp_filenames: :zeekvector of :zeekstring :zeek&log :zeek&optional

An ordered vector of filenames from the server.

resp_mime_types: :zeekvector of :zeekstring :zeek&log :zeek&optional

An ordered vector of mime types.

current_entity: :zeekHTTP::Entity :zeek&optional

The current entity.

orig_mime_depth: :zeekcount :zeek&default = 0 :zeek&optional

Current number of MIME entities in the HTTP request message body.

resp_mime_depth: :zeekcount :zeek&default = 0 :zeek&optional

Current number of MIME entities in the HTTP response message body.

:zeekfa_file: :zeekrecord :zeek

&redef

New Fields

:zeekfa_file

http: :zeekHTTP::Info :zeek&optional

Hooks

:zeekHTTP::max_files_policy: :zeekhook

Called when reaching the max number of files across a given HTTP connection according to :zeekHTTP::max_files_orig or :zeekHTTP::max_files_resp.

Detailed Interface

Runtime Options

Types

Hooks