User Tools

Site Tools


pom-ng:events

This is an old revision of the document!


A PCRE internal error occured. This might be caused by a faulty plugin

====== Events ====== Events are the link between parsing protocols and doing something useful with the result. The events will describe what happened on a protocol level with as much details as possible. Some events have one or more payload associated to them. For example, an HTTP request has a payload associated to it when the server returns the content of a web page. It might also have another payload associated if the client sends some information via a POST request. Here is a list of all the events : ^ Name ^ Source ^ Payload associated ^ Description ^ |[[pom-ng:analyzer:arp#arp_new_sta]]|[[pom-ng:analyzer:arp|analyzer arp]]|no|New station found.| |[[pom-ng:analyzer:arp#arp_sta_changed]]|[[pom-ng:analyzer:arp|analyzer arp]]|no|Station MAC address changed.| |[[pom-ng:analyzer:dns#dns_record]]|[[pom-ng:analyzer:dns|analyzer dns]]|no|New DNS record found.| |[[pom-ng:analyzer:docsis#docsis_cm_new]]|[[pom-ng:analyzer:docsis|analyzer docsis]]|no|A new cable modem has been found.| |[[pom-ng:analyzer:docsis#docsis_cm_reg_status]]|[[pom-ng:analyzer:docsis|analyzer docsis]]|no|The registration status of a cable modem changed.| |[[pom-ng:input:docsis_scan#docsis_scan_stream]]|[[pom-ng:input:docsis_scan|input docsis_scan]]|no|Provide information about discovered DOCSIS streams.| |[[pom-ng:input:dvb_c#dvb_status]]|[[pom-ng:input:dvb_atsc|input dvb_atsc]], [[pom-ng:input:dvb_c|input dvb_c]], [[pom-ng:input:dvb_s|input dvb_s]], [[pom-ng:input:docsis|input docsis]]|no|Locking status of a DVB interface.| |[[pom-ng:proto:http#http_query]]|[[pom-ng:proto:http|protocol http]]|no|Contains all the information about an HTTP query made by a client to a server.| |[[pom-ng:analyzer:http#http_request]]|[[pom-ng:analyzer:http|analyzer http]]|yes|Compound event containing informations from both [[pom-ng:proto:http#http_query]] and [[pom-ng:proto:http#http_response|http_response]] event.| |[[pom-ng:proto:http#http_response]]|[[pom-ng:proto:http|protocol http]]|no|Contains all the information about an HTTP response sent to a client by a server.| |[[pom-ng:output:pcap_flow#pcap_flow_file]]|[[pom-ng:output:pcap_flow|output pcap_flow]]|no|Event containing informations about files created by the output pcap_flow.| |[[pom-ng:proto:ppp_chap#ppp_chap_challenge_response]]|[[pom-ng:proto:ppp_chap|proto ppp_chap]]|no|Contains the content of PPP CHAP challenge or response packets.| |[[pom-ng:analyzer:ppp_chap#ppp_chap_md5_auth]]|[[pom-ng:analyzer:ppp_chap|analyzer ppp_chap]]|no|Contains the crypto material of PPP-MD5 authentication.| |[[pom-ng:analyzer:ppp_chap#ppp_chap_mschapv2_auth]]|[[pom-ng:analyzer:ppp_chap|analyzer ppp_chap]]|no|Contains the crypto material of PPP MSCHAPv2 authentication.| |[[pom-ng:proto:ppp_chap#ppp_chap_success_failure]]|[[pom-ng:proto:ppp_chap|proto ppp_chap]]|no|Contains the content of PPP CHAP success or failure packets.| |[[pom-ng:proto:ppp_pap#ppp_pap_request]]|[[pom-ng:proto:ppp_pap|proto ppp_pap]]|no|Contains all the information contained in a PPP-PAP request packet.| |[[pom-ng:proto:ppp_pap#ppp_pap_ack_nack]]|[[pom-ng:proto:ppp_pap|proto ppp_pap]]|no|Contains all the information contained in an PPP-PAP ACK or NACK packet.| |[[pom-ng:analyzer:ppp_pap#ppp_pap_auth]]|[[pom-ng:analyzer:ppp_pap|analyzer ppp_pap]]|no|Details of a PPP-PAP authentication attemp.| |[[pom-ng:analyzer:rtp#rtp_stream]]|[[pom-ng:analyzer:rtp|analyzer rtp]]|yes|Provide information about the RTP stream.| |[[pom-ng:analyzer:sip#sip_call]]|[[pom-ng:analyzer:sip|analyzer sip]]|yes|Begins when a call starts and ends when the call hangs up.| |[[pom-ng:analyzer:sip#sip_call_dial]]|[[pom-ng:analyzer:sip|analyzer sip]]|no|A SIP call is being dialed and not yet ringing.| |[[pom-ng:analyzer:sip#sip_call_ringing]]|[[pom-ng:analyzer:sip|analyzer sip]]|no|A SIP call is ringing.| |[[pom-ng:analyzer:sip#sip_call_connect]]|[[pom-ng:analyzer:sip|analyzer sip]]|no|A SIP call connected (got picked up).| |[[pom-ng:analyzer:sip#sip_call_hangup]]|[[pom-ng:analyzer:sip|analyzer sip]]|no|A SIP call was hanged up.| |[[pom-ng:analyzer:sip#sip_call_dtmf]]|[[pom-ng:analyzer:sip|analyzer sip]]|no|Occurs on DTMF signal (from SIP INFO method).| |[[pom-ng:analyzer:smtp#smtp_auth]]|[[pom-ng:analyzer:smtp|analyzer smtp]]|no|Contains credentials for SMTP authentication.| |[[pom-ng:proto:smtp#smtp_cmd]]|[[pom-ng:proto:smtp|protocol smtp]]|no|Contains SMTP commands sent by clients.| |[[pom-ng:analyzer:smtp#smtp_msg]]|[[pom-ng:analyzer:smtp|analyzer smtp]]|yes|Generated for each SMTP message.| |[[pom-ng:proto:smtp#smtp_reply]]|[[pom-ng:proto:smtp|protocol smtp]]|no|Contains SMTP replies from the server.| |[[pom-ng:analyzer:tftp#tftp_file]]|[[pom-ng:analyzer:tftp|analyzer tftp]]|yes|Contains all the information about files transfered through TFTP.|

pom-ng/events.1436518125.txt.gz · Last modified: 2015/07/10 08:48 by gmsoft