mirror of https://github.com/OISF/suricata
lua output: Update example script to match style of user doc examples
Richard Sailer
7 years ago
committed by
Victor Julien
parent
dc07c1fe13
commit
5de77e3102
@ -1,34 +1,48 @@
|
||||
-- simple fast-log to stdout lua module
|
||||
-- This is a simple example script to show what you can do with lua output scripts.
|
||||
-- It prints logs similar to the ones produced by the builtin fast.log output
|
||||
-- faciltiy to stdout, hence its name.
|
||||
|
||||
function init (args)
|
||||
local needs = {}
|
||||
needs["type"] = "packet"
|
||||
-- In the init() function we tell suricata, that we want the log function to be
|
||||
-- called for every packet that produces an alert (see needs variable)
|
||||
|
||||
-- Then in the log() function we get various informations about this packet via
|
||||
-- SCRuleMsg() and all the other API functions and print them to stdout with print()
|
||||
|
||||
-- To learn more about all the API functions suricata provides for your lua scripts
|
||||
-- and the lua output extension in general see:
|
||||
-- http://suricata.readthedocs.io/en/latest/output/lua-output.html
|
||||
|
||||
function init()
|
||||
local needs = {}
|
||||
needs["type"] = "packet"
|
||||
needs["filter"] = "alerts"
|
||||
return needs
|
||||
end
|
||||
|
||||
function setup (args)
|
||||
alerts = 0
|
||||
function setup()
|
||||
alert_count = 0
|
||||
end
|
||||
|
||||
function log(args)
|
||||
ts = SCPacketTimeString()
|
||||
sid, rev, gid = SCRuleIds()
|
||||
ipver, srcip, dstip, proto, sp, dp = SCPacketTuple()
|
||||
msg = SCRuleMsg()
|
||||
class, prio = SCRuleClass()
|
||||
function log()
|
||||
timestring = SCPacketTimeString()
|
||||
sid, rev, gid = SCRuleIds()
|
||||
msg = SCRuleMsg()
|
||||
class, priority = SCRuleClass()
|
||||
|
||||
ip_version, src_ip, dst_ip, protocol, src_port, dst_port = SCPacketTuple()
|
||||
|
||||
if class == nil then
|
||||
class = "unknown"
|
||||
end
|
||||
|
||||
print (ts .. " [**] [" .. gid .. ":" .. sid .. ":" .. rev .. "] " ..
|
||||
print (timestring .. " [**] [" .. gid .. ":" .. sid .. ":" .. rev .. "] " ..
|
||||
msg .. " [**] [Classification: " .. class .. "] [Priority: " ..
|
||||
prio .. "] {" .. proto .. "} " ..
|
||||
srcip .. ":" .. sp .. " -> " .. dstip .. ":" .. dp)
|
||||
priority .. "] {" .. protocol .. "} " ..
|
||||
src_ip .. ":" .. src_port .. " -> " .. dst_ip .. ":" .. dst_port)
|
||||
|
||||
alerts = alerts + 1;
|
||||
alert_count = alert_count + 1;
|
||||
end
|
||||
|
||||
function deinit (args)
|
||||
print ("Alerted " .. alerts .. " times");
|
||||
function deinit()
|
||||
print ("Alerted " .. alert_count .. " times");
|
||||
end
|
||||
|
||||
Loading…
Reference in New Issue