Zeek Package Documentation: Log Filter

Package README

The top-level README has information on how to install and test this Zeek Package.

• Zeek Package for Log Filter
  • Quick Start
  • Updating and Unloading
  • Installation
  • Writing Filters
  • Contributing
  • Package Template
  • License

Zeek Package

For Zeek scripting details, such as options, functions and events, see the auto-generated documentation:

__load__.zeek

This is the entrypoint to loading the entire package.

main.zeek

This attaches a set of predicates to all logs, and then creates a hook for that predicate. The hooks get called by priority. If any hook handler breaks out of the hook, the message does not get logged.

local/__load__.zeek

Site-specific customizations go here

Reference

• main.zeek
  • Summary
    • Events
    • Hooks
  • Detailed Interface
    • Events
    • Hooks
• __load__.zeek
  • Summary
  • Detailed Interface
• local/__load__.zeek
  • Summary
  • Detailed Interface
• Index