From 5de77e3102acb991b20e2e24313d689135b4d237 Mon Sep 17 00:00:00 2001
From: Richard Sailer <richard_siegfried@systemli.org>
Date: Fri, 16 Mar 2018 18:34:43 +0100
Subject: [PATCH] lua output: Update example script to match style of user doc
 examples

---
 lua/fast.lua | 50 ++++++++++++++++++++++++++++++++------------------
 1 file changed, 32 insertions(+), 18 deletions(-)

diff --git a/lua/fast.lua b/lua/fast.lua
index 731a32698e..f185059266 100644
--- a/lua/fast.lua
+++ b/lua/fast.lua
@@ -1,34 +1,48 @@
--- simple fast-log to stdout lua module
+-- This is a simple example script to show what you can do with lua output scripts.
+-- It prints logs similar to the ones produced by the builtin fast.log output
+-- faciltiy to stdout, hence its name.
 
-function init (args)
-    local needs = {}
-    needs["type"] = "packet"
+-- In the init() function we tell suricata, that we want the log function to be
+-- called for every packet that produces an alert (see needs variable)
+
+-- Then in the log() function we get various informations about this packet via
+-- SCRuleMsg() and all the other API functions and print them to stdout with print()
+
+-- To learn more about all the API functions suricata provides for your lua scripts
+-- and the lua output extension in general see:
+-- http://suricata.readthedocs.io/en/latest/output/lua-output.html
+
+function init()
+    local needs     = {}
+    needs["type"]   = "packet"
     needs["filter"] = "alerts"
     return needs
 end
 
-function setup (args)
-    alerts = 0
+function setup()
+    alert_count = 0
 end
 
-function log(args)
-    ts = SCPacketTimeString()
-    sid, rev, gid = SCRuleIds()
-    ipver, srcip, dstip, proto, sp, dp = SCPacketTuple()
-    msg = SCRuleMsg()
-    class, prio = SCRuleClass()
+function log()
+    timestring      = SCPacketTimeString()
+    sid, rev, gid   = SCRuleIds()
+    msg             = SCRuleMsg()
+    class, priority = SCRuleClass()
+
+    ip_version, src_ip, dst_ip, protocol, src_port, dst_port = SCPacketTuple()
+
     if class == nil then
         class = "unknown"
     end
 
-    print (ts .. "  [**] [" .. gid .. ":" .. sid .. ":" .. rev .. "] " ..
+    print (timestring .. "  [**] [" .. gid .. ":" .. sid .. ":" .. rev .. "] " ..
            msg .. " [**] [Classification: " .. class .. "] [Priority: " ..
-           prio .. "] {" .. proto .. "} " ..
-           srcip .. ":" .. sp .. " -> " .. dstip .. ":" .. dp)
+           priority .. "] {" .. protocol .. "} " ..
+           src_ip .. ":" .. src_port .. " -> " .. dst_ip .. ":" .. dst_port)
 
-    alerts = alerts + 1;
+    alert_count = alert_count + 1;
 end
 
-function deinit (args)
-    print ("Alerted " .. alerts .. " times");
+function deinit()
+    print ("Alerted " .. alert_count .. " times");
 end