"Fossies" - the Fresh Open Source Software Archive

Member "snort3_extra-3.0.3-1/src/loggers/alert_ex/alert_ex.cc" (23 Sep 2020, 3819 Bytes) of package /linux/misc/snort3_extra-3.0.3-1.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "alert_ex.cc" see the Fossies "Dox" file reference documentation and the latest Fossies "Diffs" side-by-side code changes report: 1.0.0-beta2_vs_3.0.3-1.

    1 //--------------------------------------------------------------------------
    2 // Copyright (C) 2014-2020 Cisco and/or its affiliates. All rights reserved.
    3 // Copyright (C) 2013-2013 Sourcefire, Inc.
    4 //
    5 // This program is free software; you can redistribute it and/or modify it
    6 // under the terms of the GNU General Public License Version 2 as published
    7 // by the Free Software Foundation.  You may not use, modify or distribute
    8 // this program under any other version of the GNU General Public License.
    9 //
   10 // This program is distributed in the hope that it will be useful, but
   11 // WITHOUT ANY WARRANTY; without even the implied warranty of
   12 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
   13 // General Public License for more details.
   14 //
   15 // You should have received a copy of the GNU General Public License along
   16 // with this program; if not, write to the Free Software Foundation, Inc.,
   17 // 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
   18 //--------------------------------------------------------------------------
   19 
   20 // alert_ex.cc author Russ Combs <rucombs@cisco.com>
   21 
   22 #include <iostream>
   23 
   24 #include "detection/signature.h"
   25 #include "events/event.h"
   26 #include "framework/logger.h"
   27 #include "framework/module.h"
   28 
   29 using namespace snort;
   30 using namespace std;
   31 
   32 static const char* s_name = "alert_ex";
   33 static const char* s_help = "output gid:sid:rev for alerts";
   34 
   35 //-------------------------------------------------------------------------
   36 // module stuff
   37 //-------------------------------------------------------------------------
   38 
   39 static const Parameter s_params[] =
   40 {
   41     { "upper", Parameter::PT_BOOL, nullptr, "false",
   42       "true/false -> convert to upper/lower case" },
   43 
   44     { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
   45 };
   46 
   47 class ExModule : public Module
   48 {
   49 public:
   50     ExModule() : Module(s_name, s_help, s_params) { }
   51 
   52     bool set(const char*, Value&, SnortConfig*) override;
   53     bool begin(const char*, int, SnortConfig*) override;
   54 
   55     Usage get_usage() const override
   56     { return CONTEXT; }
   57 
   58 public:
   59     bool upper;
   60 };
   61 
   62 bool ExModule::set(const char*, Value& v, SnortConfig*)
   63 {
   64     if ( v.is("upper") )
   65         upper = v.get_bool();
   66 
   67     else
   68         return false;
   69 
   70     return true;
   71 }
   72 
   73 bool ExModule::begin(const char*, int, SnortConfig*)
   74 {
   75     upper = true;
   76     return true;
   77 }
   78 
   79 //-------------------------------------------------------------------------
   80 // logger stuff
   81 //-------------------------------------------------------------------------
   82 
   83 class ExLogger : public Logger
   84 {
   85 public:
   86     ExLogger(ExModule* m)
   87     { upper = m->upper; }
   88 
   89     void alert(Packet*, const char* msg, const Event&) override;
   90 
   91 private:
   92     bool upper;
   93 };
   94 
   95 void ExLogger::alert(Packet*, const char* msg, const Event& e)
   96 {
   97     string s = msg;
   98 
   99     if ( upper )
  100         transform(s.begin(), s.end(), s.begin(), ::toupper);
  101     else
  102         transform(s.begin(), s.end(), s.begin(), ::tolower);
  103 
  104     cout << e.sig_info->gid << ":";
  105     cout << e.sig_info->sid << ":";
  106     cout << e.sig_info->rev << " ";
  107     cout << s << endl;
  108 }
  109 
  110 //-------------------------------------------------------------------------
  111 // api stuff
  112 //-------------------------------------------------------------------------
  113 
  114 static Module* mod_ctor()
  115 { return new ExModule; }
  116 
  117 static void mod_dtor(Module* m)
  118 { delete m; }
  119 
  120 static Logger* ex_ctor(Module* mod)
  121 {
  122     return new ExLogger((ExModule*)mod);
  123 }
  124 
  125 static void ex_dtor(Logger* p)
  126 { delete p; }
  127 
  128 static const LogApi ex_api =
  129 {
  130     {
  131         PT_LOGGER,
  132         sizeof(LogApi),
  133         LOGAPI_VERSION,
  134         0,
  135         API_RESERVED,
  136         API_OPTIONS,
  137         s_name,
  138         s_help,
  139         mod_ctor,
  140         mod_dtor
  141     },
  142     OUTPUT_TYPE_FLAG__ALERT,
  143     ex_ctor,
  144     ex_dtor
  145 };
  146 
  147 SO_PUBLIC const BaseApi* snort_plugins[] =
  148 {
  149     &ex_api.base,
  150     nullptr
  151 };
  152