upstream/suricata
1
0
Fork 0
mirror of https://github.com/OISF/suricata.git synced 2026-05-28 04:32:12 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

output-lua: add SCPacketTimeString

Browse source 
Add SCPacketTimeString to get the packets time string in the format:
    11/24/2009-18:57:25.179869

Example use:

    function log(args)
        ts = SCPacketTimeString()
This commit is contained in:
Victor Julien 2014-03-19 12:36:01 +01:00
parent b3dfd3cd8e
commit 3343060d85
3 changed files with 35 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
lua/fast.lua
View file

@ -12,6 +12,7 @@ function setup (args)
end
function log(args)
ts = SCPacketTimeString()
sid, rev, gid = SCRuleIds()
ipver, srcip, dstip, proto, sp, dp = SCPacketTuple()
msg = SCRuleMsg()
@ -19,7 +20,6 @@ function log(args)
if class == nil then
class = "unknown"
end
ts = args['ts'];
print (ts .. " [**] [" .. gid .. ":" .. sid .. ":" .. rev .. "] " ..
msg .. " [**] [Classification: " .. class .. "] [Priority: " ..

32
src/output-lua-common.c
View file

@ -118,6 +118,35 @@ void LogLuaPushTableKeyValueArray(lua_State *luastate, const char *key, const ui
lua_settable(luastate, -3);
}
/** \internal
* \brief fill lua stack with header info
* \param luastate the lua state
* \param p packet
* \retval cnt number of data items placed on the stack
*
* Places: ts (string)
*/
static int LuaCallbackTimeStringPushToStackFromPacket(lua_State *luastate, const Packet *p)
{
char timebuf[64];
CreateTimeString(&p->ts, timebuf, sizeof(timebuf));
lua_pushstring (luastate, timebuf);
return 1;
}
/** \internal
* \brief Wrapper for getting tuple info into a lua script
* \retval cnt number of items placed on the stack
*/
static int LuaCallbackPacketTimeString(lua_State *luastate)
{
const Packet *p = LuaStateGetPacket(luastate);
if (p == NULL)
return LuaCallbackError(luastate, "internal error: no packet");
return LuaCallbackTimeStringPushToStackFromPacket(luastate, p);
}
/** \internal
* \brief fill lua stack with header info
* \param luastate the lua state
@ -394,8 +423,11 @@ static int LuaCallbackLogError(lua_State *luastate)
int LogLuaRegisterFunctions(lua_State *luastate)
{
/* registration of the callbacks */
lua_pushcfunction(luastate, LuaCallbackPacketTimeString);
lua_setglobal(luastate, "SCPacketTimeString");
lua_pushcfunction(luastate, LuaCallbackTuple);
lua_setglobal(luastate, "SCPacketTuple");
lua_pushcfunction(luastate, LuaCallbackTupleFlow);
lua_setglobal(luastate, "SCFlowTuple");
lua_pushcfunction(luastate, LuaCallbackLogPath);

6
src/output-lua.c
View file

@ -149,11 +149,9 @@ static int LuaPacketLoggerAlerts(ThreadVars *tv, void *thread_data, const Packet
LuaStateSetPacketAlert(td->lua_ctx->luastate, (PacketAlert *)pa);
/* prepare data to pass to script */
lua_newtable(td->lua_ctx->luastate);
//lua_newtable(td->lua_ctx->luastate);
LogLuaPushTableKeyValueString(td->lua_ctx->luastate, "ts", timebuf);
int retval = lua_pcall(td->lua_ctx->luastate, 1, 0, 0);
int retval = lua_pcall(td->lua_ctx->luastate, 0, 0, 0);
if (retval != 0) {
SCLogInfo("failed to run script: %s", lua_tostring(td->lua_ctx->luastate, -1));
}