zeeklogs

package

v1.16.0 Latest Latest Go to latest Published: Mar 10, 2021 License: AGPL-3.0 Imports: 4 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/panther-labs/panther

Links

Open Source Insights

Documentation ¶

Constants ¶

View Source

const (
	TypeZeekDNS = "Zeek.DNS"
)

Variables ¶

This section is empty.

Functions ¶

func LogTypes ¶ added in v1.12.0

func LogTypes() logtypes.Group

Types ¶

type ZeekDNS ¶

type ZeekDNS struct {
	TS         *timestamp.UnixFloat `` /* 147-byte string literal not displayed */
	UID        *string              `` /* 139-byte string literal not displayed */
	IDOrigH    *string              `json:"id.orig_h" validate:"required" description:"The originator’s IP address."`
	IDOrigP    *uint16              `json:"id.orig_p" validate:"required" description:"The originator’s port number."`
	IDRespH    *string              `json:"id.resp_h" validate:"required" description:"The responder’s IP address."`
	IDRespP    *uint16              `json:"id.resp_p" validate:"required" description:"The responder’s port number."`
	Proto      *string              `json:"proto" validate:"required" description:"The transport layer protocol of the connection."`
	TransID    *uint16              `` /* 180-byte string literal not displayed */
	Query      *string              `json:"query,omitempty" description:"The domain name that is the subject of the DNS query."`
	QClass     *uint64              `json:"qclass,omitempty" description:"The QCLASS value specifying the class of the query."`
	QClassName *string              `json:"qclass_name,omitempty" description:"A descriptive name for the class of the query."`
	QType      *uint64              `json:"qtype,omitempty" description:"A QTYPE value specifying the type of the query."`
	QTypeName  *string              `json:"qtype_name,omitempty" description:"A descriptive name for the type of the query."`
	Rcode      *uint64              `json:"rcode,omitempty" description:"The response code value in DNS response messages."`
	RcodeName  *string              `json:"rcode_name" description:"A descriptive name for the response code value."`
	AA         *bool                `` /* 187-byte string literal not displayed */
	TC         *bool                `json:"TC,omitempty" description:"The Truncation bit specifies that the message was truncated."`
	RD         *bool                `` /* 146-byte string literal not displayed */
	RA         *bool                `` /* 142-byte string literal not displayed */
	Z          *int                 `json:"Z,omitempty" description:"A reserved field that is usually zero in queries and responses."`
	Answers    []string             `json:"answers,omitempty" description:"The set of resource descriptions in the query answer."`
	TTLs       []float64            `` /* 133-byte string literal not displayed */
	Rejected   *bool                `json:"rejected,omitempty" description:"The DNS query was rejected by the server."`
	parsers.PantherLog
}

nolint:lll

type ZeekDNSParser ¶

type ZeekDNSParser struct{}

ZeekDNSParser parses zeek dns logs

func (*ZeekDNSParser) LogType ¶

func (p *ZeekDNSParser) LogType() string

LogType returns the log type supported by this parser

func (*ZeekDNSParser) New ¶

func (p *ZeekDNSParser) New() parsers.LogParser

func (*ZeekDNSParser) Parse ¶

func (p *ZeekDNSParser) Parse(log string) ([]*parsers.PantherLog, error)

Parse returns the parsed events or nil if parsing failed

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL