Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Updates for syslog analyzer to prepare it for merging.

Browse source 
- Integrated with CMake.
- Analyzer only support syslog over UDP right now.
- Fixed small bug in the analyzer to make it generate events correctly.
This commit is contained in:
Seth Hall 2011-06-03 10:28:10 -04:00
parent b621b8eccc
commit 6322130c37
5 changed files with 15 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

10
policy/syslog.bro
View file

@ -6,10 +6,10 @@ redef dpd_config += { [ANALYZER_SYSLOG_BINPAC] = [$ports = syslog_ports] };
module Syslog;
export {
redef enum Notice += {
Syslog_New_Source,
Syslog_New_Destination,
};
#redef enum Notice += {
# Syslog_New_Source,
# Syslog_New_Destination,
#};
const facility_codes: table[count] of string = {
[0] = "KERN",
@ -53,5 +53,5 @@ export {
event syslog_message(c: connection, facility: count, severity: count, msg: string)
{
print msg;
}

3
src/CMakeLists.txt
View file

@ -201,6 +201,8 @@ binpac_target(ssl.pac
ssl-defs.pac ssl-protocol.pac ssl-analyzer.pac)
binpac_target(ssl-record-layer.pac
ssl-defs.pac ssl.pac)
binpac_target(syslog.pac
syslog-protocol.pac syslog-analyzer.pac)
########################################################################
## bro target
@ -391,6 +393,7 @@ set(bro_SRCS
Stats.cc
SteppingStone.cc
Stmt.cc
Syslog-binpac.cc
TCP.cc
TCP_Endpoint.cc
TCP_Reassembler.cc

2
src/Syslog-binpac.cc
View file

@ -1,5 +1,3 @@
// $Id:$
#include "Syslog-binpac.h"
#include "TCP_Reassembler.h"

5
src/Syslog-binpac.h
View file

@ -1,5 +1,3 @@
// $Id:$
#ifndef Syslog_binpac_h
#define Syslog_binpac_h
@ -21,8 +19,7 @@ public:
{ return new Syslog_Analyzer_binpac(conn); }
static bool Available()
{ return true; }
//{ return (Syslog_request || Syslog_full_request) && FLAGS_use_binpac; }
{ return syslog_message; }
protected:
friend class AnalyzerTimer;

12
src/syslog-analyzer.pac
View file

@ -11,12 +11,12 @@ flow Syslog_Flow
function process_syslog_message(m: Syslog_Message): bool
%{
bro_event_syslog_message(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(),
${m.PRI.facility},
${m.PRI.severity},
new StringVal(${m.msg}.length(), (const char*) ${m.msg}.begin())
);
BifEvent::generate_syslog_message(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(),
${m.PRI.facility},
${m.PRI.severity},
new StringVal(${m.msg}.length(), (const char*) ${m.msg}.begin())
);
return true;
%}