"Fossies" - the Fresh Open Source Software Archive

Member "snort3_extra-3.1.53.0/src/loggers/alert_lua/alert.lua" (20 Dec 2022, 1654 Bytes) of package /linux/misc/snort3_extra-3.1.53.0.tar.gz:

As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Lua source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. 
    1 -- ----------------------------------------------------------
    2 -- logger example:
    3 --
    4 --     define keyword lualert
    5 --
    6 -- configure snort with
    7 --
    8 --     ./configure_cmake.sh --prefix=my/prefix
    9 --
   10 -- then set up the path as follows:
   11 --
   12 --     export LUA_PATH=my/prefix/include/snort/lua/?.lua\;\;
   13 --
   14 -- You can use with -A lualert by adding lualert to your 
   15 -- snort.lua:
   16 --
   17 --     lualert =
   18 --     {
   19 --         args = "num = 1, str = 'bar', cond = true"
   20 --     }
   21 --
   22 -- the arg string is (in general) optional
   23 -- if present, it will be put in a table named args, eg:
   24 --
   25 --     args = { num = 1, str = 'bar', cond = true }
   26 --
   27 -- this table is defined before init is called
   28 -- the args string, if present, must be valid lua code like
   29 -- above.
   30 -- ----------------------------------------------------------
   31 
   32 -- this pulls in snort bindings with ffi
   33 require("snort_plugin")
   34 
   35 -- init() is optional
   36 -- if present, called once when script is loaded
   37 -- here we return bool indicating args ok
   38 function init ()
   39     return true
   40 end
   41 
   42 -- alert() is required
   43 function alert ()
   44     -- get luajit structs
   45     local evt = ffi.C.get_event()
   46     local pkt = ffi.C.get_packet()
   47 
   48     -- str is a luajit string
   49     local str = ffi.string(evt.msg)
   50 
   51     -- FIXIT - this gets:
   52     -- bad argument #2 to 'format' (number expected, got cdata)
   53     --print(string.format('%ld %d:%d:%d %s',
   54     --    pkt.num, evt.gid, evt.sid, evt.rev, str))
   55 
   56     print(string.format('%d:%d:%d %s',
   57         evt.gid, evt.sid, evt.rev, str))
   58 end
   59 
   60 -- plugin table is required
   61 plugin =
   62 {
   63     type = "logger", 
   64     name = "lualert", -- eg -A lualert
   65     version = 0       -- optional version of this file
   66 }
   67