Merge branch 'topic/corelight/reporter-hook' of https://github.com/corelight/bro

* 'topic/corelight/reporter-hook' of https://github.com/corelight/bro: Add reporter hook.
2025-10-04 15:48:19 +00:00 · 2017-11-21 12:19:28 -06:00 · 2017-11-21 12:19:28 -06:00 · 787b1e6bf2
commit 787b1e6bf2
parent deced3795c b852437126
13 changed files with 287 additions and 3 deletions
--- a/src/plugin/Manager.h
+++ b/src/plugin/Manager.h
@ -355,6 +355,39 @@ public:
 	                  int num_fields, const threading::Field* const* fields,
 	                  threading::Value** vals) const;

+	/**
+	 * Hook into reporting. This method will be called for each reporter call
+	 * made; this includes weirds. The method cannot manipulate the data at
+	 * the current time; however it is possible to prevent script-side events
+	 * from being called by returning false.
+	 *
+	 * @param prefix The prefix passed by the reporter framework
+	 *
+	 * @param event The event to be called
+	 *
+	 * @param conn The associated connection
+	 *
+	 * @param addl Additional Bro values; typically will be passed to the event
+	 *             by the reporter framework.
+	 *
+	 * @param location True if event expects location information
+	 *
+	 * @param location1 First location
+	 *
+	 * @param location2 Second location
+	 *
+	 * @param time True if event expects time information
+	 *
+	 * @param message Message supplied by the reporter framework
+	 *
+	 * @return true if event should be called by the reporter framework, false
+	 *         if the event call should be skipped
+	 */
+	bool HookReporter(const std::string& prefix, const EventHandlerPtr event,
+	                  const Connection* conn, const val_list* addl, bool location,
+	                  const Location* location1, const Location* location2,
+	                  bool time, const std::string& message);
+
 	/**
 	 * Internal method that registers a freshly instantiated plugin with
 	 * the manager.