Provide infrastructure to migrate legacy analyzers to Spicy.

As initial examples, this branch ports the Syslog and Finger analyzers over. We leave the old analyzers in place for now and activate them iff we compile without any Spicy. Needs `zeek-spicy-infra` branches in `spicy/`, `spicy-plugin/`, `CMake/`, and `zeek/zeek-testing-private`. Note that the analyzer events remain associated with the Spicy plugin for now: that's where they will show up with `-NN`, and also inside the Zeekygen documentation. We switch CMake over to linking the runtime library into the plugin, vs. at the top-level through object libraries.
2025-10-02 14:48:21 +00:00 · 2022-11-08 09:54:08 +01:00 · 2022-11-08 09:54:08 +01:00 · 04a1ead978
commit 04a1ead978
parent 283bea346b
48 changed files with 359 additions and 124 deletions
--- a/scripts/base/protocols/syslog/load.zeek
+++ b/scripts/base/protocols/syslog/load.zeek
@ -1,2 +1,3 @@
+@load ./spicy-events
@load ./consts
-@load ./main
+@load ./main
--- a/scripts/base/protocols/syslog/spicy-events.zeek
+++ b/scripts/base/protocols/syslog/spicy-events.zeek
@ -0,0 +1,21 @@
+##! Events generated by the Syslog analyzer.
+
+@ifdef ( Spicy::available ) # must not be used with legacy analyzer
+
+## Generated for monitored Syslog messages.
+##
+## See `Wikipedia <http://en.wikipedia.org/wiki/Syslog>`__ for more
+## information about the Syslog protocol.
+##
+## c: The connection record for the underlying transport-layer session/flow.
+##
+## facility: The "facility" included in the message.
+##
+## severity: The "severity" included in the message.
+##
+## msg: The message logged.
+##
+## .. note:: Zeek currently parses only UDP syslog traffic.
+global syslog_message: event(c: connection, facility: count, severity: count, msg: string);
+
+@endif