base/bif/plugins/Bro_Ident.events.bif.bro¶
-
GLOBAL¶
| Namespace: | GLOBAL |
|---|---|
| Source File: | /scripts/base/bif/plugins/Bro_Ident.events.bif.bro |
Summary¶
Events¶
ident_error: event |
Generated for Ident error replies. |
ident_reply: event |
Generated for Ident replies. |
ident_request: event |
Generated for Ident requests. |
Detailed Interface¶
Events¶
-
ident_error¶ Type: event(c:connection, lport:port, rport:port, line:string)Generated for Ident error replies.
See Wikipedia for more information about the Ident protocol.
C: The connection. Lport: The corresponding request’s local port. Rport: The corresponding request’s remote port. Line: The error description returned by the reply. See also:
ident_reply,ident_requestTodo
Bro’s current default configuration does not activate the protocol analyzer that generates this event; the corresponding script has not yet been ported to Bro 2.x. To still enable this event, one needs to register a port for it or add a DPD payload signature.
-
ident_reply¶ Type: event(c:connection, lport:port, rport:port, user_id:string, system:string)Generated for Ident replies.
See Wikipedia for more information about the Ident protocol.
C: The connection. Lport: The corresponding request’s local port. Rport: The corresponding request’s remote port. User_id: The user id returned by the reply. System: The operating system returned by the reply. See also:
ident_error,ident_requestTodo
Bro’s current default configuration does not activate the protocol analyzer that generates this event; the corresponding script has not yet been ported to Bro 2.x. To still enable this event, one needs to register a port for it or add a DPD payload signature.
-
ident_request¶ Type: event(c:connection, lport:port, rport:port)Generated for Ident requests.
See Wikipedia for more information about the Ident protocol.
C: The connection. Lport: The request’s local port. Rport: The request’s remote port. See also:
ident_error,ident_replyTodo
Bro’s current default configuration does not activate the protocol analyzer that generates this event; the corresponding script has not yet been ported to Bro 2.x. To still enable this event, one needs to register a port for it or add a DPD payload signature.
