zeeklogs

package

v1.8.0 Latest Latest Go to latest Published: Sep 14, 2020 License: AGPL-3.0 Imports: 4 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/panther-labs/panther

Documentation ¶

Constants ¶

View Source

const (
	TypeZeekDNS = "Zeek.DNS"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type ZeekDNS ¶

type ZeekDNS struct {
	TS         *timestamp.UnixFloat `` /* 147-byte string literal not displayed */
	UID        *string              `` /* 139-byte string literal not displayed */
	IDOrigH    *string              `json:"id.orig_h" validate:"required" description:"The originator’s IP address."`
	IDOrigP    *uint16              `json:"id.orig_p" validate:"required" description:"The originator’s port number."`
	IDRespH    *string              `json:"id.resp_h" validate:"required" description:"The responder’s IP address."`
	IDRespP    *uint16              `json:"id.resp_p" validate:"required" description:"The responder’s port number."`
	Proto      *string              `json:"proto" validate:"required" description:"The transport layer protocol of the connection."`
	TransID    *uint16              `` /* 180-byte string literal not displayed */
	Query      *string              `json:"query,omitempty" description:"The domain name that is the subject of the DNS query."`
	QClass     *uint64              `json:"qclass,omitempty" description:"The QCLASS value specifying the class of the query."`
	QClassName *string              `json:"qclass_name,omitempty" description:"A descriptive name for the class of the query."`
	QType      *uint64              `json:"qtype,omitempty" description:"A QTYPE value specifying the type of the query."`
	QTypeName  *string              `json:"qtype_name,omitempty" description:"A descriptive name for the type of the query."`
	Rcode      *uint64              `json:"rcode,omitempty" description:"The response code value in DNS response messages."`
	RcodeName  *string              `json:"rcode_name" description:"A descriptive name for the response code value."`
	AA         *bool                `` /* 187-byte string literal not displayed */
	TC         *bool                `json:"TC,omitempty" description:"The Truncation bit specifies that the message was truncated."`
	RD         *bool                `` /* 146-byte string literal not displayed */
	RA         *bool                `` /* 142-byte string literal not displayed */
	Z          *int                 `json:"Z,omitempty" description:"A reserved field that is usually zero in queries and responses."`
	Answers    []string             `json:"answers,omitempty" description:"The set of resource descriptions in the query answer."`
	TTLs       []float64            `` /* 133-byte string literal not displayed */
	Rejected   *bool                `json:"rejected,omitempty" description:"The DNS query was rejected by the server."`
	parsers.PantherLog
}

nolint:lll

type ZeekDNSParser ¶

type ZeekDNSParser struct{}

ZeekDNSParser parses zeek dns logs

func (*ZeekDNSParser) LogType ¶

func (p *ZeekDNSParser) LogType() string

LogType returns the log type supported by this parser

func (*ZeekDNSParser) New ¶

func (p *ZeekDNSParser) New() parsers.LogParser

func (*ZeekDNSParser) Parse ¶

func (p *ZeekDNSParser) Parse(log string) ([]*parsers.PantherLog, error)

Parse returns the parsed events or nil if parsing failed

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL