Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-05 16:18:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Remove broxygen Sphinx integration

Browse source 
The broxygen-generated files now live in the git repo, have tests
that check that they are up-to-date, and a script to re-generate
them on-demand.
This commit is contained in:
Jon Siwek 2018-12-17 16:25:41 -06:00
parent 9e5e9d04b7
commit 7e9d48f532
549 changed files with 89909 additions and 100 deletions
Download patch file Download diff file Expand all files Collapse all files

14
doc/scripts/base/frameworks/input/__load__.bro.rst Normal file
View file

@ -0,0 +1,14 @@
:tocdepth: 3
base/frameworks/input/__load__.bro
==================================
:Imports: :doc:`base/frameworks/input/main.bro </scripts/base/frameworks/input/main.bro>`, :doc:`base/frameworks/input/readers/ascii.bro </scripts/base/frameworks/input/readers/ascii.bro>`, :doc:`base/frameworks/input/readers/benchmark.bro </scripts/base/frameworks/input/readers/benchmark.bro>`, :doc:`base/frameworks/input/readers/binary.bro </scripts/base/frameworks/input/readers/binary.bro>`, :doc:`base/frameworks/input/readers/config.bro </scripts/base/frameworks/input/readers/config.bro>`, :doc:`base/frameworks/input/readers/raw.bro </scripts/base/frameworks/input/readers/raw.bro>`, :doc:`base/frameworks/input/readers/sqlite.bro </scripts/base/frameworks/input/readers/sqlite.bro>`
Summary
~~~~~~~
Detailed Interface
~~~~~~~~~~~~~~~~~~

50
doc/scripts/base/frameworks/input/index.rst Normal file
View file

@ -0,0 +1,50 @@
:orphan:
Package: base/frameworks/input
==============================
The input framework provides a way to read previously stored data either as
an event stream or into a Bro table.
:doc:`/scripts/base/frameworks/input/__load__.bro`
:doc:`/scripts/base/frameworks/input/main.bro`
The input framework provides a way to read previously stored data either
as an event stream or into a Bro table.
:doc:`/scripts/base/frameworks/input/readers/ascii.bro`
Interface for the ascii input reader.
The defaults are set to match Bro's ASCII output.
:doc:`/scripts/base/frameworks/input/readers/raw.bro`
Interface for the raw input reader.
:doc:`/scripts/base/frameworks/input/readers/benchmark.bro`
Interface for the benchmark input reader.
:doc:`/scripts/base/frameworks/input/readers/binary.bro`
Interface for the binary input reader.
:doc:`/scripts/base/frameworks/input/readers/config.bro`
Interface for the config input reader.
:doc:`/scripts/base/frameworks/input/readers/sqlite.bro`
Interface for the SQLite input reader. Redefinable options are available
to tweak the input format of the SQLite reader.
See :doc:`/frameworks/logging-input-sqlite` for an introduction on how to
use the SQLite reader.
When using the SQLite reader, you have to specify the SQL query that returns
the desired data by setting ``query`` in the ``config`` table. See the
introduction mentioned above for an example.

418
doc/scripts/base/frameworks/input/main.bro.rst Normal file
View file

@ -0,0 +1,418 @@
:tocdepth: 3
base/frameworks/input/main.bro
==============================
.. bro:namespace:: Input
The input framework provides a way to read previously stored data either
as an event stream or into a Bro table.
:Namespace: Input
:Imports: :doc:`base/bif/input.bif.bro </scripts/base/bif/input.bif.bro>`
Summary
~~~~~~~
Runtime Options
###############
============================================================================= ==============================
:bro:id:`Input::default_mode`: :bro:type:`Input::Mode` :bro:attr:`&redef` The default reader mode used.
:bro:id:`Input::default_reader`: :bro:type:`Input::Reader` :bro:attr:`&redef` The default input reader used.
============================================================================= ==============================
Redefinable Options
###################
============================================================================== =========================================================
:bro:id:`Input::accept_unsupported_types`: :bro:type:`bool` :bro:attr:`&redef` Flag that controls if the input framework accepts records
that contain types that are not supported (at the moment
file and function).
:bro:id:`Input::empty_field`: :bro:type:`string` :bro:attr:`&redef` String to use for empty fields.
:bro:id:`Input::separator`: :bro:type:`string` :bro:attr:`&redef` Separator between fields.
:bro:id:`Input::set_separator`: :bro:type:`string` :bro:attr:`&redef` Separator between set elements.
:bro:id:`Input::unset_field`: :bro:type:`string` :bro:attr:`&redef` String to use for an unset &optional field.
============================================================================== =========================================================
Types
#####
========================================================== ===================================================================
:bro:type:`Input::AnalysisDescription`: :bro:type:`record` A file analysis input stream type used to forward input data to the
file analysis framework.
:bro:type:`Input::Event`: :bro:type:`enum`
:bro:type:`Input::EventDescription`: :bro:type:`record` An event input stream type used to send input data to a Bro event.
:bro:type:`Input::Mode`: :bro:type:`enum` Type that defines the input stream read mode.
:bro:type:`Input::TableDescription`: :bro:type:`record` A table input stream type used to send data to a Bro table.
:bro:type:`Input::Reader`: :bro:type:`enum`
========================================================== ===================================================================
Events
######
=============================================== ====================================================================
:bro:id:`Input::end_of_data`: :bro:type:`event` Event that is called when the end of a data source has been reached,
including after an update.
=============================================== ====================================================================
Functions
#########
=================================================== ============================================================
:bro:id:`Input::add_analysis`: :bro:type:`function` Create a new file analysis input stream from a given source.
:bro:id:`Input::add_event`: :bro:type:`function` Create a new event input stream from a given source.
:bro:id:`Input::add_table`: :bro:type:`function` Create a new table input stream from a given source.
:bro:id:`Input::force_update`: :bro:type:`function` Forces the current input to be checked for changes.
:bro:id:`Input::remove`: :bro:type:`function` Remove an input stream.
=================================================== ============================================================
Detailed Interface
~~~~~~~~~~~~~~~~~~
Runtime Options
###############
.. bro:id:: Input::default_mode
:Type: :bro:type:`Input::Mode`
:Attributes: :bro:attr:`&redef`
:Default: ``Input::MANUAL``
The default reader mode used. Defaults to `MANUAL`.
.. bro:id:: Input::default_reader
:Type: :bro:type:`Input::Reader`
:Attributes: :bro:attr:`&redef`
:Default: ``Input::READER_ASCII``
The default input reader used. Defaults to `READER_ASCII`.
Redefinable Options
###################
.. bro:id:: Input::accept_unsupported_types
:Type: :bro:type:`bool`
:Attributes: :bro:attr:`&redef`
:Default: ``F``
Flag that controls if the input framework accepts records
that contain types that are not supported (at the moment
file and function). If true, the input framework will
warn in these cases, but continue. If false, it will
abort. Defaults to false (abort).
.. bro:id:: Input::empty_field
:Type: :bro:type:`string`
:Attributes: :bro:attr:`&redef`
:Default: ``"(empty)"``
String to use for empty fields.
Individual readers can use a different value.
.. bro:id:: Input::separator
:Type: :bro:type:`string`
:Attributes: :bro:attr:`&redef`
:Default: ``"\x09"``
Separator between fields.
Please note that the separator has to be exactly one character long.
Individual readers can use a different value.
.. bro:id:: Input::set_separator
:Type: :bro:type:`string`
:Attributes: :bro:attr:`&redef`
:Default: ``","``
Separator between set elements.
Please note that the separator has to be exactly one character long.
Individual readers can use a different value.
.. bro:id:: Input::unset_field
:Type: :bro:type:`string`
:Attributes: :bro:attr:`&redef`
:Default: ``"-"``
String to use for an unset &optional field.
Individual readers can use a different value.
Types
#####
.. bro:type:: Input::AnalysisDescription
:Type: :bro:type:`record`
source: :bro:type:`string`
String that allows the reader to find the source.
For `READER_ASCII`, this is the filename.
reader: :bro:type:`Input::Reader` :bro:attr:`&default` = ``Input::READER_BINARY`` :bro:attr:`&optional`
Reader to use for this stream. Compatible readers must be
able to accept a filter of a single string type (i.e.
they read a byte stream).
mode: :bro:type:`Input::Mode` :bro:attr:`&default` = :bro:see:`Input::default_mode` :bro:attr:`&optional`
Read mode to use for this stream.
name: :bro:type:`string`
Descriptive name that uniquely identifies the input source.
Can be used to remove a stream at a later time.
This will also be used for the unique *source* field of
:bro:see:`fa_file`. Most of the time, the best choice for this
field will be the same value as the *source* field.
config: :bro:type:`table` [:bro:type:`string`] of :bro:type:`string` :bro:attr:`&default` = ``{ }`` :bro:attr:`&optional`
A key/value table that will be passed to the reader.
Interpretation of the values is left to the reader, but
usually they will be used for configuration purposes.
A file analysis input stream type used to forward input data to the
file analysis framework.
.. bro:type:: Input::Event
:Type: :bro:type:`enum`
.. bro:enum:: Input::EVENT_NEW Input::Event
New data has been imported.
.. bro:enum:: Input::EVENT_CHANGED Input::Event
Existing data has been changed.
.. bro:enum:: Input::EVENT_REMOVED Input::Event
Previously existing data has been removed.
.. bro:type:: Input::EventDescription
:Type: :bro:type:`record`
source: :bro:type:`string`
String that allows the reader to find the source.
For `READER_ASCII`, this is the filename.
reader: :bro:type:`Input::Reader` :bro:attr:`&default` = :bro:see:`Input::default_reader` :bro:attr:`&optional`
Reader to use for this stream.
mode: :bro:type:`Input::Mode` :bro:attr:`&default` = :bro:see:`Input::default_mode` :bro:attr:`&optional`
Read mode to use for this stream.
name: :bro:type:`string`
Descriptive name. Used to remove a stream at a later time.
fields: :bro:type:`any`
Record type describing the fields to be retrieved from the input
source.
want_record: :bro:type:`bool` :bro:attr:`&default` = ``T`` :bro:attr:`&optional`
If this is false, the event receives each value in *fields* as a
separate argument.
If this is set to true (default), the event receives all fields in
a single record value.
ev: :bro:type:`any`
The event that is raised each time a new line is received from the
reader. The event will receive an Input::EventDescription record
as the first argument, an Input::Event enum as the second
argument, and the fields (as specified in *fields*) as the following
arguments (this will either be a single record value containing
all fields, or each field value as a separate argument).
error_ev: :bro:type:`any` :bro:attr:`&optional`
Error event that is raised when an information, warning or error
is raised by the input stream. If the level is error, the stream will automatically
be closed.
The event receives the Input::EventDescription as the first argument, the
message as the second argument and the Reporter::Level as the third argument.
The event is raised like it had been declared as follows:
error_ev: function(desc: EventDescription, message: string, level: Reporter::Level) &optional;
The actual declaration uses the ``any`` type because of deficiencies of the Bro type system.
config: :bro:type:`table` [:bro:type:`string`] of :bro:type:`string` :bro:attr:`&default` = ``{ }`` :bro:attr:`&optional`
A key/value table that will be passed to the reader.
Interpretation of the values is left to the reader, but
usually they will be used for configuration purposes.
An event input stream type used to send input data to a Bro event.
.. bro:type:: Input::Mode
:Type: :bro:type:`enum`
.. bro:enum:: Input::MANUAL Input::Mode
Do not automatically reread the file after it has been read.
.. bro:enum:: Input::REREAD Input::Mode
Reread the entire file each time a change is found.
.. bro:enum:: Input::STREAM Input::Mode
Read data from end of file each time new data is appended.
Type that defines the input stream read mode.
.. bro:type:: Input::TableDescription
:Type: :bro:type:`record`
source: :bro:type:`string`
String that allows the reader to find the source of the data.
For `READER_ASCII`, this is the filename.
reader: :bro:type:`Input::Reader` :bro:attr:`&default` = :bro:see:`Input::default_reader` :bro:attr:`&optional`
Reader to use for this stream.
mode: :bro:type:`Input::Mode` :bro:attr:`&default` = :bro:see:`Input::default_mode` :bro:attr:`&optional`
Read mode to use for this stream.
name: :bro:type:`string`
Name of the input stream. This is used by some functions to
manipulate the stream.
destination: :bro:type:`any`
Table which will receive the data read by the input framework.
idx: :bro:type:`any`
Record that defines the values used as the index of the table.
val: :bro:type:`any` :bro:attr:`&optional`
Record that defines the values used as the elements of the table.
If this is undefined, then *destination* must be a set.
want_record: :bro:type:`bool` :bro:attr:`&default` = ``T`` :bro:attr:`&optional`
Defines if the value of the table is a record (default), or a single
value. When this is set to false, then *val* can only contain one
element.
ev: :bro:type:`any` :bro:attr:`&optional`
The event that is raised each time a value is added to, changed in,
or removed from the table. The event will receive an
Input::TableDescription as the first argument, an Input::Event
enum as the second argument, the *idx* record as the third argument
and the value (record) as the fourth argument.
pred: :bro:type:`function` (typ: :bro:type:`Input::Event`, left: :bro:type:`any`, right: :bro:type:`any`) : :bro:type:`bool` :bro:attr:`&optional`
Predicate function that can decide if an insertion, update or removal
should really be executed. Parameters have same meaning as for the
event.
If true is returned, the update is performed. If false is returned,
it is skipped.
error_ev: :bro:type:`any` :bro:attr:`&optional`
Error event that is raised when an information, warning or error
is raised by the input stream. If the level is error, the stream will automatically
be closed.
The event receives the Input::TableDescription as the first argument, the
message as the second argument and the Reporter::Level as the third argument.
The event is raised like if it had been declared as follows:
error_ev: function(desc: TableDescription, message: string, level: Reporter::Level) &optional;
The actual declaration uses the ``any`` type because of deficiencies of the Bro type system.
config: :bro:type:`table` [:bro:type:`string`] of :bro:type:`string` :bro:attr:`&default` = ``{ }`` :bro:attr:`&optional`
A key/value table that will be passed to the reader.
Interpretation of the values is left to the reader, but
usually they will be used for configuration purposes.
A table input stream type used to send data to a Bro table.
.. bro:type:: Input::Reader
:Type: :bro:type:`enum`
.. bro:enum:: Input::READER_ASCII Input::Reader
.. bro:enum:: Input::READER_BENCHMARK Input::Reader
.. bro:enum:: Input::READER_BINARY Input::Reader
.. bro:enum:: Input::READER_CONFIG Input::Reader
.. bro:enum:: Input::READER_RAW Input::Reader
.. bro:enum:: Input::READER_SQLITE Input::Reader
Events
######
.. bro:id:: Input::end_of_data
:Type: :bro:type:`event` (name: :bro:type:`string`, source: :bro:type:`string`)
Event that is called when the end of a data source has been reached,
including after an update.
:name: Name of the input stream.
:source: String that identifies the data source (such as the filename).
Functions
#########
.. bro:id:: Input::add_analysis
:Type: :bro:type:`function` (description: :bro:type:`Input::AnalysisDescription`) : :bro:type:`bool`
Create a new file analysis input stream from a given source. Data read
from the source is automatically forwarded to the file analysis
framework.
:description: A record describing the source.
:returns: true on success.
.. bro:id:: Input::add_event
:Type: :bro:type:`function` (description: :bro:type:`Input::EventDescription`) : :bro:type:`bool`
Create a new event input stream from a given source.
:description: `EventDescription` record describing the source.
:returns: true on success.
.. bro:id:: Input::add_table
:Type: :bro:type:`function` (description: :bro:type:`Input::TableDescription`) : :bro:type:`bool`
Create a new table input stream from a given source.
:description: `TableDescription` record describing the source.
:returns: true on success.
.. bro:id:: Input::force_update
:Type: :bro:type:`function` (id: :bro:type:`string`) : :bro:type:`bool`
Forces the current input to be checked for changes.
:id: string value identifying the stream.
:returns: true on success and false if the named stream was not found.
.. bro:id:: Input::remove
:Type: :bro:type:`function` (id: :bro:type:`string`) : :bro:type:`bool`
Remove an input stream.
:id: string value identifying the stream to be removed.
:returns: true on success and false if the named stream was not found.

104
doc/scripts/base/frameworks/input/readers/ascii.bro.rst Normal file
View file

@ -0,0 +1,104 @@
:tocdepth: 3
base/frameworks/input/readers/ascii.bro
=======================================
.. bro:namespace:: InputAscii
Interface for the ascii input reader.
The defaults are set to match Bro's ASCII output.
:Namespace: InputAscii
Summary
~~~~~~~
Redefinable Options
###################
================================================================================ ===========================================
:bro:id:`InputAscii::empty_field`: :bro:type:`string` :bro:attr:`&redef` String to use for empty fields.
:bro:id:`InputAscii::fail_on_file_problem`: :bro:type:`bool` :bro:attr:`&redef` Fail on file read problems.
:bro:id:`InputAscii::fail_on_invalid_lines`: :bro:type:`bool` :bro:attr:`&redef` Fail on invalid lines.
:bro:id:`InputAscii::separator`: :bro:type:`string` :bro:attr:`&redef` Separator between fields.
:bro:id:`InputAscii::set_separator`: :bro:type:`string` :bro:attr:`&redef` Separator between set and vector elements.
:bro:id:`InputAscii::unset_field`: :bro:type:`string` :bro:attr:`&redef` String to use for an unset &optional field.
================================================================================ ===========================================
Detailed Interface
~~~~~~~~~~~~~~~~~~
Redefinable Options
###################
.. bro:id:: InputAscii::empty_field
:Type: :bro:type:`string`
:Attributes: :bro:attr:`&redef`
:Default: ``"(empty)"``
String to use for empty fields.
.. bro:id:: InputAscii::fail_on_file_problem
:Type: :bro:type:`bool`
:Attributes: :bro:attr:`&redef`
:Default: ``F``
Fail on file read problems. If set to true, the ascii
input reader will fail when encountering any problems
while reading a file different from invalid lines.
Examples of such problems are permission problems, or
missing files.
When set to false, these problems will be ignored. This
has an especially big effect for the REREAD mode, which will
seamlessly recover from read errors when a file is
only temporarily inaccessible. For MANUAL or STREAM files,
errors will most likely still be fatal since no automatic
re-reading of the file is attempted.
Individual readers can use a different value using
the $config table.
fail_on_file_problem = T was the default behavior
until Bro 2.6.
.. bro:id:: InputAscii::fail_on_invalid_lines
:Type: :bro:type:`bool`
:Attributes: :bro:attr:`&redef`
:Default: ``F``
Fail on invalid lines. If set to false, the ascii
input reader will jump over invalid lines, reporting
warnings in reporter.log. If set to true, errors in
input lines will be handled as fatal errors for the
reader thread; reading will abort immediately and
an error will be logged to reporter.log.
Individual readers can use a different value using
the $config table.
fail_on_invalid_lines = T was the default behavior
until Bro 2.6.
.. bro:id:: InputAscii::separator
:Type: :bro:type:`string`
:Attributes: :bro:attr:`&redef`
:Default: ``"\x09"``
Separator between fields.
Please note that the separator has to be exactly one character long.
.. bro:id:: InputAscii::set_separator
:Type: :bro:type:`string`
:Attributes: :bro:attr:`&redef`
:Default: ``","``
Separator between set and vector elements.
Please note that the separator has to be exactly one character long.
.. bro:id:: InputAscii::unset_field
:Type: :bro:type:`string`
:Attributes: :bro:attr:`&redef`
:Default: ``"-"``
String to use for an unset &optional field.

77
doc/scripts/base/frameworks/input/readers/benchmark.bro.rst Normal file
View file

@ -0,0 +1,77 @@
:tocdepth: 3
base/frameworks/input/readers/benchmark.bro
===========================================
.. bro:namespace:: InputBenchmark
Interface for the benchmark input reader.
:Namespace: InputBenchmark
Summary
~~~~~~~
Redefinable Options
###################
============================================================================ =========================================================
:bro:id:`InputBenchmark::addfactor`: :bro:type:`count` :bro:attr:`&redef` Addition factor for each heartbeat.
:bro:id:`InputBenchmark::autospread`: :bro:type:`double` :bro:attr:`&redef` Spreading where usleep = 1000000 / autospread * num_lines
:bro:id:`InputBenchmark::factor`: :bro:type:`double` :bro:attr:`&redef` Multiplication factor for each second.
:bro:id:`InputBenchmark::spread`: :bro:type:`count` :bro:attr:`&redef` Spread factor between lines.
:bro:id:`InputBenchmark::stopspreadat`: :bro:type:`count` :bro:attr:`&redef` Stop spreading at x lines per heartbeat.
:bro:id:`InputBenchmark::timedspread`: :bro:type:`double` :bro:attr:`&redef` 1 -> enable timed spreading.
============================================================================ =========================================================
Detailed Interface
~~~~~~~~~~~~~~~~~~
Redefinable Options
###################
.. bro:id:: InputBenchmark::addfactor
:Type: :bro:type:`count`
:Attributes: :bro:attr:`&redef`
:Default: ``0``
Addition factor for each heartbeat.
.. bro:id:: InputBenchmark::autospread
:Type: :bro:type:`double`
:Attributes: :bro:attr:`&redef`
:Default: ``0.0``
Spreading where usleep = 1000000 / autospread * num_lines
.. bro:id:: InputBenchmark::factor
:Type: :bro:type:`double`
:Attributes: :bro:attr:`&redef`
:Default: ``1.0``
Multiplication factor for each second.
.. bro:id:: InputBenchmark::spread
:Type: :bro:type:`count`
:Attributes: :bro:attr:`&redef`
:Default: ``0``
Spread factor between lines.
.. bro:id:: InputBenchmark::stopspreadat
:Type: :bro:type:`count`
:Attributes: :bro:attr:`&redef`
:Default: ``0``
Stop spreading at x lines per heartbeat.
.. bro:id:: InputBenchmark::timedspread
:Type: :bro:type:`double`
:Attributes: :bro:attr:`&redef`
:Default: ``0.0``
1 -> enable timed spreading.

32
doc/scripts/base/frameworks/input/readers/binary.bro.rst Normal file
View file

@ -0,0 +1,32 @@
:tocdepth: 3
base/frameworks/input/readers/binary.bro
========================================
.. bro:namespace:: InputBinary
Interface for the binary input reader.
:Namespace: InputBinary
Summary
~~~~~~~
Redefinable Options
###################
======================================================================= ==========================================================
:bro:id:`InputBinary::chunk_size`: :bro:type:`count` :bro:attr:`&redef` Size of data chunks to read from the input file at a time.
======================================================================= ==========================================================
Detailed Interface
~~~~~~~~~~~~~~~~~~
Redefinable Options
###################
.. bro:id:: InputBinary::chunk_size
:Type: :bro:type:`count`
:Attributes: :bro:attr:`&redef`
:Default: ``1024``
Size of data chunks to read from the input file at a time.

95
doc/scripts/base/frameworks/input/readers/config.bro.rst Normal file
View file

@ -0,0 +1,95 @@
:tocdepth: 3
base/frameworks/input/readers/config.bro
========================================
.. bro:namespace:: InputConfig
Interface for the config input reader.
:Namespace: InputConfig
Summary
~~~~~~~
Redefinable Options
###################
================================================================================ ==========================================
:bro:id:`InputConfig::empty_field`: :bro:type:`string` :bro:attr:`&redef` String to use for empty fields.
:bro:id:`InputConfig::fail_on_file_problem`: :bro:type:`bool` :bro:attr:`&redef` Fail on file read problems.
:bro:id:`InputConfig::set_separator`: :bro:type:`string` :bro:attr:`&redef` Separator between set and vector elements.
================================================================================ ==========================================
Events
######
=================================================== ==============================================================
:bro:id:`InputConfig::new_value`: :bro:type:`event` Event that is called when a config option is added or changes.
=================================================== ==============================================================
Detailed Interface
~~~~~~~~~~~~~~~~~~
Redefinable Options
###################
.. bro:id:: InputConfig::empty_field
:Type: :bro:type:`string`
:Attributes: :bro:attr:`&redef`
:Default: ``""``
String to use for empty fields.
By default this is the empty string, meaning that an empty input field
will result in an empty set.
.. bro:id:: InputConfig::fail_on_file_problem
:Type: :bro:type:`bool`
:Attributes: :bro:attr:`&redef`
:Default: ``F``
Fail on file read problems. If set to true, the config
input reader will fail when encountering any problems
while reading a file different from invalid lines.
Examples of such problems are permission problems, or
missing files.
When set to false, these problems will be ignored. This
has an especially big effect for the REREAD mode, which will
seamlessly recover from read errors when a file is
only temporarily inaccessible. For MANUAL or STREAM files,
errors will most likely still be fatal since no automatic
re-reading of the file is attempted.
Individual readers can use a different value using
the $config table.
.. bro:id:: InputConfig::set_separator
:Type: :bro:type:`string`
:Attributes: :bro:attr:`&redef`
:Default: ``","``
Separator between set and vector elements.
Please note that the separator has to be exactly one character long.
Events
######
.. bro:id:: InputConfig::new_value
:Type: :bro:type:`event` (name: :bro:type:`string`, source: :bro:type:`string`, id: :bro:type:`string`, value: :bro:type:`any`)
Event that is called when a config option is added or changes.
Note - this does not track the reason for a change (new, changed),
and also does not track removals. If you need this, combine the event
with a table reader.
:name: Name of the input stream.
:source: Source of the input stream.
:id: ID of the configuration option being set.
:value: New value of the configuration option being set.

58
doc/scripts/base/frameworks/input/readers/raw.bro.rst Normal file
View file

@ -0,0 +1,58 @@
:tocdepth: 3
base/frameworks/input/readers/raw.bro
=====================================
.. bro:namespace:: InputRaw
Interface for the raw input reader.
:Namespace: InputRaw
Summary
~~~~~~~
Redefinable Options
###################
=========================================================================== ================================
:bro:id:`InputRaw::record_separator`: :bro:type:`string` :bro:attr:`&redef` Separator between input records.
=========================================================================== ================================
Events
######
======================================================= ====================================================================
:bro:id:`InputRaw::process_finished`: :bro:type:`event` Event that is called when a process created by the raw reader exits.
======================================================= ====================================================================
Detailed Interface
~~~~~~~~~~~~~~~~~~
Redefinable Options
###################
.. bro:id:: InputRaw::record_separator
:Type: :bro:type:`string`
:Attributes: :bro:attr:`&redef`
:Default: ``"\x0a"``
Separator between input records.
Please note that the separator has to be exactly one character long.
Events
######
.. bro:id:: InputRaw::process_finished
:Type: :bro:type:`event` (name: :bro:type:`string`, source: :bro:type:`string`, exit_code: :bro:type:`count`, signal_exit: :bro:type:`bool`)
Event that is called when a process created by the raw reader exits.
:name: name of the input stream.
:source: source of the input stream.
:exit_code: exit code of the program, or number of the signal that forced
the program to exit.
:signal_exit: false when program exited normally, true when program was
forced to exit by a signal.

59
doc/scripts/base/frameworks/input/readers/sqlite.bro.rst Normal file
View file

@ -0,0 +1,59 @@
:tocdepth: 3
base/frameworks/input/readers/sqlite.bro
========================================
.. bro:namespace:: InputSQLite
Interface for the SQLite input reader. Redefinable options are available
to tweak the input format of the SQLite reader.
See :doc:`/frameworks/logging-input-sqlite` for an introduction on how to
use the SQLite reader.
When using the SQLite reader, you have to specify the SQL query that returns
the desired data by setting ``query`` in the ``config`` table. See the
introduction mentioned above for an example.
:Namespace: InputSQLite
Summary
~~~~~~~
Redefinable Options
###################
=========================================================================== ===========================================
:bro:id:`InputSQLite::empty_field`: :bro:type:`string` :bro:attr:`&redef` String to use for empty fields.
:bro:id:`InputSQLite::set_separator`: :bro:type:`string` :bro:attr:`&redef` Separator between set elements.
:bro:id:`InputSQLite::unset_field`: :bro:type:`string` :bro:attr:`&redef` String to use for an unset &optional field.
=========================================================================== ===========================================
Detailed Interface
~~~~~~~~~~~~~~~~~~
Redefinable Options
###################
.. bro:id:: InputSQLite::empty_field
:Type: :bro:type:`string`
:Attributes: :bro:attr:`&redef`
:Default: ``"(empty)"``
String to use for empty fields.
.. bro:id:: InputSQLite::set_separator
:Type: :bro:type:`string`
:Attributes: :bro:attr:`&redef`
:Default: ``","``
Separator between set elements.
Please note that the separator has to be exactly one character long.
.. bro:id:: InputSQLite::unset_field
:Type: :bro:type:`string`
:Attributes: :bro:attr:`&redef`
:Default: ``"-"``
String to use for an unset &optional field.