mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
Merge branch 'topic/corelight/logging-hooks' of https://github.com/corelight/bro
* 'topic/corelight/logging-hooks' of https://github.com/corelight/bro: Plugin: Add hooks for log init and writing.
This commit is contained in:
Jon Siwek
commit
874d2b9fb0
18 changed files with 763 additions and 40 deletions
|
|
@ -10,6 +10,8 @@
|
|||
|
||||
#include "../Desc.h"
|
||||
#include "../Event.h"
|
||||
#include "../Conn.h"
|
||||
#include "threading/SerialTypes.h"
|
||||
|
||||
using namespace plugin;
|
||||
|
||||
|
|
@ -24,6 +26,8 @@ const char* plugin::hook_name(HookType h)
|
|||
"UpdateNetworkTime",
|
||||
"BroObjDtor",
|
||||
"SetupAnalyzerTree",
|
||||
"LogInit",
|
||||
"LogWrite",
|
||||
// MetaHooks
|
||||
"MetaHookPre",
|
||||
"MetaHookPost",
|
||||
|
|
@ -84,6 +88,11 @@ void HookArgument::Describe(ODesc* d) const
|
|||
d->Add("<null>");
|
||||
break;
|
||||
|
||||
case CONN:
|
||||
if ( arg.conn )
|
||||
arg.conn->Describe(d);
|
||||
break;
|
||||
|
||||
case FUNC_RESULT:
|
||||
if ( func_result.first )
|
||||
{
|
||||
|
|
@ -145,6 +154,60 @@ void HookArgument::Describe(ODesc* d) const
|
|||
case VOIDP:
|
||||
d->Add("<void ptr>");
|
||||
break;
|
||||
|
||||
case WRITER_INFO:
|
||||
{
|
||||
d->Add(arg.winfo->path);
|
||||
d->Add("(");
|
||||
d->Add(arg.winfo->network_time);
|
||||
d->Add(",");
|
||||
d->Add(arg.winfo->rotation_interval);
|
||||
d->Add(",");
|
||||
d->Add(arg.winfo->rotation_base);
|
||||
|
||||
if ( arg.winfo->config.size() > 0 )
|
||||
{
|
||||
bool first = true;
|
||||
d->Add("config: {");
|
||||
|
||||
for ( auto& v: arg.winfo->config )
|
||||
{
|
||||
if ( ! first )
|
||||
d->Add(", ");
|
||||
|
||||
d->Add(v.first);
|
||||
d->Add(": ");
|
||||
d->Add(v.second);
|
||||
first = false;
|
||||
}
|
||||
|
||||
d->Add("}");
|
||||
}
|
||||
|
||||
d->Add(")");
|
||||
}
|
||||
break;
|
||||
|
||||
case THREAD_FIELDS:
|
||||
{
|
||||
d->Add("{");
|
||||
|
||||
for ( int i=0; i < tfields.first; i++ )
|
||||
{
|
||||
const threading::Field* f = tfields.second[i];
|
||||
|
||||
if ( i > 0 )
|
||||
d->Add(", ");
|
||||
|
||||
d->Add(f->name);
|
||||
d->Add(" (");
|
||||
d->Add(f->TypeName());
|
||||
d->Add(")");
|
||||
}
|
||||
|
||||
d->Add("}");
|
||||
}
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -319,6 +382,22 @@ void Plugin::HookBroObjDtor(void* obj)
|
|||
{
|
||||
}
|
||||
|
||||
void Plugin::HookLogInit(const std::string& writer,
|
||||
const std::string& instantiating_filter,
|
||||
bool local, bool remote,
|
||||
const logging::WriterBackend::WriterInfo& info,
|
||||
int num_fields, const threading::Field* const* fields)
|
||||
{
|
||||
}
|
||||
|
||||
bool Plugin::HookLogWrite(const std::string& writer, const std::string& filter,
|
||||
const logging::WriterBackend::WriterInfo& info,
|
||||
int num_fields, const threading::Field* const* fields,
|
||||
threading::Value** vals)
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
void Plugin::MetaHookPre(HookType hook, const HookArgumentList& args)
|
||||
{
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue