22 lines
678 B
Plaintext
22 lines
678 B
Plaintext
##! Events generated by the Syslog analyzer.
|
|
|
|
@if ( have_spicy_analyzers() ) # prototypes below must not be used with legacy analyzer
|
|
|
|
## Generated for monitored Syslog messages.
|
|
##
|
|
## See `Wikipedia <http://en.wikipedia.org/wiki/Syslog>`__ for more
|
|
## information about the Syslog protocol.
|
|
##
|
|
## c: The connection record for the underlying transport-layer session/flow.
|
|
##
|
|
## facility: The "facility" included in the message.
|
|
##
|
|
## severity: The "severity" included in the message.
|
|
##
|
|
## msg: The message logged.
|
|
##
|
|
## .. note:: Zeek currently parses only UDP syslog traffic.
|
|
global syslog_message: event(c: connection, facility: count, severity: count, msg: string);
|
|
|
|
@endif
|