Previous: scan functions, Up: scan Analyzer



7.6.3 scan event handlers

The standard scan script defines one event handler:

account_tried (c: connection, user: string, passwd: string)
The given connection made an attempt to access the given username and password. Each distinct username/password pair is considered a new access. The event handler generates a log message if the access matches the logging policy outlined above.

Note: account_tried events are generated by login and ftp analyzers.