tocdepth
3
base/protocols/http/entities.zeek
Analysis and logging for MIME entities found in HTTP sessions.
Namespace
HTTP
Imports
base/frameworks/files </scripts/base/frameworks/files/index>
, base/frameworks/notice/weird.zeek </scripts/base/frameworks/notice/weird.zeek>
, base/protocols/http/main.zeek </scripts/base/protocols/http/main.zeek>
, base/utils/files.zeek </scripts/base/utils/files.zeek>
, base/utils/strings.zeek </scripts/base/utils/strings.zeek>
:zeekHTTP::max_files_orig
: :zeekcount
:zeek&redef
Maximum number of originator files to log.
:zeekHTTP::max_files_resp
: :zeekcount
:zeek&redef
Maximum number of responder files to log.
:zeekHTTP::Entity
: :zeekrecord
Redefinitions #############
=============================================== :zeekHTTP::Info
: :zeekrecord
============== ======================================================================================================
New Fields
:zeekHTTP::Info
orig_fuids: :zeekvector
of :zeekstring
:zeek&log
:zeek&optional
An ordered vector of file unique IDs.
orig_filenames: :zeekvector
of :zeekstring
:zeek&log
:zeek&optional
An ordered vector of filenames from the client.
orig_mime_types: :zeekvector
of :zeekstring
:zeek&log
:zeek&optional
An ordered vector of mime types.
resp_fuids: :zeekvector
of :zeekstring
:zeek&log
:zeek&optional
An ordered vector of file unique IDs.
resp_filenames: :zeekvector
of :zeekstring
:zeek&log
:zeek&optional
An ordered vector of filenames from the server.
resp_mime_types: :zeekvector
of :zeekstring
:zeek&log
:zeek&optional
An ordered vector of mime types.
current_entity: :zeekHTTP::Entity
:zeek&optional
The current entity.
orig_mime_depth: :zeekcount
:zeek&default
= 0
:zeek&optional
Current number of MIME entities in the HTTP request message body.
resp_mime_depth: :zeekcount
:zeek&default
= 0
:zeek&optional
Current number of MIME entities in the HTTP response message body.
:zeekfa_file
: :zeekrecord
:zeek
&redef
New Fields
:zeekfa_file
http: :zeekHTTP::Info
:zeek&optional
:zeekHTTP::max_files_policy
: :zeekhook
Called when reaching the max number of files across a given HTTP connection according to :zeekHTTP::max_files_orig
or :zeekHTTP::max_files_resp
.