Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-04 23:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Add reporter hook.

Browse source 
The hook being added is:

bool HookReporter(const std::string& prefix, const EventHandlerPtr event,
                  const Connection* conn, const val_list* addl, bool location,
                  const Location* location1, const Location* location2,
                  bool time, const std::string& buffer) override;

This hook gives access to basically all information that is available in
the function in Reporter.cc that performs the logging. The hook is
called each time when anything passes through the reporter in the cases
in which an event usually would be called. This includes weirds. The
hook can return false to prevent the normal reporter events from being
raised.
This commit is contained in:
Johanna Amann 2017-11-16 12:45:11 -08:00
parent bde4404b5e
commit b852437126
11 changed files with 275 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

33
src/plugin/Manager.h
View file

@ -355,6 +355,39 @@ public:
int num_fields, const threading::Field* const* fields,
threading::Value** vals) const;
/**
* Hook into reporting. This method will be called for each reporter call
* made; this includes weirds. The method cannot manipulate the data at
* the current time; however it is possible to prevent script-side events
* from being called by returning false.
*
* @param prefix The prefix passed by the reporter framework
*
* @param event The event to be called
*
* @param conn The associated connection
*
* @param addl Additional Bro values; typically will be passed to the event
* by the reporter framework.
*
* @param location True if event expects location information
*
* @param location1 First location
*
* @param location2 Second location
*
* @param time True if event expects time information
*
* @param message Message supplied by the reporter framework
*
* @return true if event should be called by the reporter framework, false
* if the event call should be skipped
*/
bool HookReporter(const std::string& prefix, const EventHandlerPtr event,
const Connection* conn, const val_list* addl, bool location,
const Location* location1, const Location* location2,
bool time, const std::string& message);
/**
* Internal method that registers a freshly instantiated plugin with
* the manager.