Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-09 18:18:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Add input interface to forward data for file analysis.

Browse source 
The new Input::add_analysis function is used to automatically forward
input data on to the file analysis framework.
This commit is contained in:
Jon Siwek 2013-05-21 10:29:22 -05:00
parent 90fa331279
commit 0ef074594d
9 changed files with 219 additions and 45 deletions
Download patch file Download diff file Expand all files Collapse all files

24
testing/btest/scripts/base/frameworks/file-analysis/input/basic.bro
View file

@ -18,28 +18,12 @@ redef test_get_file_name = function(f: fa_file): string
T -42 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30 EMPTY 4242
@TEST-END-FILE
module A;
type Val: record {
s: string;
};
event line(description: Input::EventDescription, tpe: Input::Event, s: string)
{
FileAnalysis::data_stream(description$source, s);
}
event Input::end_of_data(name: string, source: string)
{
FileAnalysis::eof(source);
}
event bro_init()
{
Input::add_event([$source="../input.log", $reader=Input::READER_BINARY,
$mode=Input::MANUAL, $name="input", $fields=Val,
$ev=line, $want_record=F]);
Input::remove("input");
local source: string = "../input.log";
Input::add_analysis([$source=source, $reader=Input::READER_BINARY,
$mode=Input::MANUAL, $name=source]);
Input::remove(source);
}
event file_state_remove(f: fa_file) &priority=-10