Merge remote branch 'origin/topic/seth/syslog-analyzer'

Note: I didn't merge anything in policy/*. Seems there was some unrelated stuff in there, and the ticket says that the policy script was a dummy for now anyway. * origin/topic/seth/syslog-analyzer: Updates for syslog analyzer to prepare it for merging. Added the initial syslog analyzer and policy script. Adding some of the initial scripts that are going to be merged from my script repository.
2025-10-12 03:28:19 +00:00 · 2011-06-05 18:37:48 -07:00 · 2011-06-05 18:37:48 -07:00 · 6e6af4c541
commit 6e6af4c541
parent a236dd0d3d 6322130c37
9 changed files with 207 additions and 1 deletions
--- a/src/syslog-analyzer.pac
+++ b/src/syslog-analyzer.pac
@ -0,0 +1,27 @@
+
+connection Syslog_Conn(bro_analyzer: BroAnalyzer)
+{
+	upflow = Syslog_Flow;
+	downflow = Syslog_Flow;
+};
+
+flow Syslog_Flow
+{
+	datagram = Syslog_Message withcontext(connection, this);
+
+	function process_syslog_message(m: Syslog_Message): bool
+		%{
+		BifEvent::generate_syslog_message(connection()->bro_analyzer(),
+		                                  connection()->bro_analyzer()->Conn(),
+		                                  ${m.PRI.facility},
+		                                  ${m.PRI.severity},
+		                                  new StringVal(${m.msg}.length(), (const char*) ${m.msg}.begin())
+		                                  );
+		return true;
+		%}
+
+};
+
+refine typeattr Syslog_Message += &let {
+	proc_syslog_message = $context.flow.process_syslog_message(this);
+};