Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-10 18:48:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Updates for syslog analyzer to prepare it for merging.

Browse source 
- Integrated with CMake.
- Analyzer only support syslog over UDP right now.
- Fixed small bug in the analyzer to make it generate events correctly.
This commit is contained in:
Seth Hall 2011-06-03 10:28:10 -04:00
parent b621b8eccc
commit 6322130c37
5 changed files with 15 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

10
policy/syslog.bro
View file

@ -6,10 +6,10 @@ redef dpd_config += { [ANALYZER_SYSLOG_BINPAC] = [$ports = syslog_ports] };
module Syslog; module Syslog;
export { export {
redef enum Notice += { #redef enum Notice += {
Syslog_New_Source, # Syslog_New_Source,
Syslog_New_Destination, # Syslog_New_Destination,
}; #};
const facility_codes: table[count] of string = { const facility_codes: table[count] of string = {
[0] = "KERN", [0] = "KERN",
@ -53,5 +53,5 @@ export {
event syslog_message(c: connection, facility: count, severity: count, msg: string) event syslog_message(c: connection, facility: count, severity: count, msg: string)
{ {
print msg;
} }

3
src/CMakeLists.txt
View file

@ -201,6 +201,8 @@ binpac_target(ssl.pac
ssl-defs.pac ssl-protocol.pac ssl-analyzer.pac) ssl-defs.pac ssl-protocol.pac ssl-analyzer.pac)
binpac_target(ssl-record-layer.pac binpac_target(ssl-record-layer.pac
ssl-defs.pac ssl.pac) ssl-defs.pac ssl.pac)
binpac_target(syslog.pac
syslog-protocol.pac syslog-analyzer.pac)
######################################################################## ########################################################################
## bro target ## bro target
@ -391,6 +393,7 @@ set(bro_SRCS
Stats.cc Stats.cc
SteppingStone.cc SteppingStone.cc
Stmt.cc Stmt.cc
Syslog-binpac.cc
TCP.cc TCP.cc
TCP_Endpoint.cc TCP_Endpoint.cc
TCP_Reassembler.cc TCP_Reassembler.cc

2
src/Syslog-binpac.cc
View file

@ -1,5 +1,3 @@
// $Id:$
#include "Syslog-binpac.h" #include "Syslog-binpac.h"
#include "TCP_Reassembler.h" #include "TCP_Reassembler.h"

5
src/Syslog-binpac.h
View file

@ -1,5 +1,3 @@
// $Id:$
#ifndef Syslog_binpac_h #ifndef Syslog_binpac_h
#define Syslog_binpac_h #define Syslog_binpac_h
@ -21,8 +19,7 @@ public:
{ return new Syslog_Analyzer_binpac(conn); } { return new Syslog_Analyzer_binpac(conn); }
static bool Available() static bool Available()
{ return true; } { return syslog_message; }
//{ return (Syslog_request || Syslog_full_request) && FLAGS_use_binpac; }
protected: protected:
friend class AnalyzerTimer; friend class AnalyzerTimer;

2
src/syslog-analyzer.pac
View file

@ -11,7 +11,7 @@ flow Syslog_Flow
function process_syslog_message(m: Syslog_Message): bool function process_syslog_message(m: Syslog_Message): bool
%{ %{
bro_event_syslog_message(connection()->bro_analyzer(), BifEvent::generate_syslog_message(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
${m.PRI.facility}, ${m.PRI.facility},
${m.PRI.severity}, ${m.PRI.severity},