zeek/auxil/zeekjs/doc/zeek.js

/**
 * Zeek module provided by the ``zeek`` process.
 *
 * @module zeek
 */

/**
 * Register a function to be called as a Zeek event handler.
 *
 * @example
 * zeek.on('zeek_init', () => {
 *   console.log('Hello, Zeek!');
 * });
 *
 * @param {string} name - The Zeek event name. For example, ``zeek_init``.
 * @param {object} [options] - Optional options. Only supported key is priority.
 * @param {function} handler - The function to call.
 *
 */
exports.on = function() { }

/**
 * Register a function to be called as a Zeek hook handler.
 *
 * When ``handler`` returns ``false``, this is equivalent to using ``break``
 * in a Zeek hook handler.
 *
 * @param {string} name - The name of the hook. For example, ``DNS::log_policy``.
 * @param {object} [options] - Optional options. Only supported key is priority.
 * @param {function} handler - The function to call.
 *
 */
exports.hook = function() { }

/**
 * Invoke a Zeek function.
 *
 * Conversion of ``args`` to Zeek function arguments happens implicitly.
 *
 * Invoking Zeek hooks is possible. If any of the hook handlers break,
 * the return value will be false, else true.
 *
 * To invoke a Zeek function taking an ``any`` typed parameter, use
 * ``zeek.as`` to convert a JavaScript value to a Zeek value and use
 * the resulting object. The plugin will thread through the underlying
 * Zeek value without attempting implicit conversion.
 *
 * @example
 * zeek.on('zeek_init', () => {
 *   let version = zeek.invoke('zeek_version');
 *   console.log(`Running on Zeek ${version}`);
 * });
 *
 *
 * @param {string} name The name of the Zeek function to invoke.
 * @param {array} [args] Arguments to use.
 *
 */
exports.invoke = function() { }

/**
 * Explicit type conversion from JavaScript to Zeek.
 *
 * The ``type_name`` argument can be a string that is produced by Zeek's
 * ``type_name()`` or ``global_ids()`` functions. Note that it can not be
 * an arbitrary type expression. For example, ``table[count] of string``
 * will most likely, ``table[ count ] of string`` will fail. A type registry
 * is used internally that depends on the behavior of Zeek's ``Type::Describe()``
 * method.
 *
 * @example
 * local mynets = zeek.as('set[subnet]', ["192.168.0.0/16"]);
 *
 * @param {string} type_name The name of the Zeek type. For example, ``addr``.
 * @param {} [value] The value to convert to ``type_name``.
 *
 * @returns An object referencing a Zeek value of type ``type_name``.
 */
exports.as = function() { }


/**
 * Queue a Zeek event.
 *
 * Conversion of ``args`` to Zeek event arguments happens implicitly.
 *
 * @param {string} name The name of the Zeek event to queue.
 * @param {array} [args] Arguments to use.
 *
 */
exports.event = function() { }

/**
 * Access Zeek side global variables.
 *
 * This object allows access to global and exported variables.
 *
 * @example
 * zeek.global_vars["Cluster::node"]
 * worker-01
 */
exports.global_vars = {}

/**
 * Select properties with a given attribute.
 *
 * To select only ``&log`` attributes for ``JSON.stringify()``::
 *
 *     zeek.on('HTTP::log_http' (rec) => {
 *       console.log(JSON.stringify(zeek.select_fields(rec, zeek.ATTR_LOG)));
 *     });
 *
 * @param {object} rec - A object backed by a Zeek record.
 * @param {number} mask - The attribute mask. Only ``zeek.ATTR_LOG`` is currently supported.
 *
 */
exports.select_fields = function() {}

/**
 * Flatten a Javascript object by concatenating nested properties with `.`
 * similar to how Zeek would log them in JSON format.
 *
 * @example
 * // http.log imitation
 * zeek.on('HTTP::log_http' (rec) => {
 *   let log_rec = zeek.select_fields(rec, zeek.ATTR_LOG);
 *   console.log(JSON.stringify(zeek.flatten(log_rec)));
 * });
 *
 * @param {object} rec - The object to flatten.
 * @param {string} [prefix] - Key prefix, optional.
 * @param {object} [res] - Result object, optional.
 *
 */
exports.flatten = function() {}