Bro_Syslog.events.bif.bro¶

Namespace:	GLOBAL
Source File:	`/scripts/base/bif/plugins/Bro_Syslog.events.bif.bro`

Summary¶

syslog_message: event Generated for monitored Syslog messages.

syslog_message¶

Type:	`event` (c: `connection`, facility: `count`, severity: `count`, msg: `string`)

Generated for monitored Syslog messages.

See Wikipedia for more information about the Syslog protocol.

C:	The connection record for the underlying transport-layer session/flow.
Facility:	The “facility” included in the message.
Severity:	The “severity” included in the message.
Msg:	The message logged.

Note

Bro currently parses only UDP syslog traffic. Support for TCP syslog will be added soon.