Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-05 16:18:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

New script misc/dump-events.bro, along with core support, that dumps events Bro is raising

Browse source 
in an easily readable form.

This is for debugging purposes, obviously.

Example, including only SMTP events:

    > bro -r smtp.trace misc/dump-events.bro DumpEvents::include=/smtp/

    [...]
    1254722768.219663 smtp_reply
                  [0] c: connection   = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, [...]
                  [1] is_orig: bool   = F
                  [2] code: count     = 220
                  [3] cmd: string     = >
                  [4] msg: string     = xc90.websitewelcome.com ESMTP Exim 4.69 #1 Mon, 05 Oct 2009 01:05:54 -0500
                  [5] cont_resp: bool = T

    1254722768.219663 smtp_reply
                  [0] c: connection   = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, [...]
                  [1] is_orig: bool   = F
                  [2] code: count     = 220
                  [3] cmd: string     = >
                  [4] msg: string     = We do not authorize the use of this system to transport unsolicited,
                  [5] cont_resp: bool = T
    [...]
This commit is contained in:
Robin Sommer 2013-11-22 14:17:15 -08:00
parent 08c7dd3d71
commit de9f03b0bf
7 changed files with 126 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

54
src/EventHandler.cc
View file

@ -3,6 +3,7 @@
#include "Func.h"
#include "Scope.h"
#include "RemoteSerializer.h"
#include "NetVar.h"
EventHandler::EventHandler(const char* arg_name)
{
@ -56,6 +57,9 @@ void EventHandler::Call(val_list* vl, bool no_remote)
DEBUG_MSG("Event: %s\n", Name());
#endif
if ( new_event )
NewEvent(vl);
if ( ! no_remote )
{
loop_over_list(receivers, i)
@ -75,6 +79,56 @@ void EventHandler::Call(val_list* vl, bool no_remote)
}
}
void EventHandler::NewEvent(val_list* vl)
{
if ( ! new_event )
return;
if ( this == new_event.Ptr() )
return;
RecordType* args = FType()->Args();
VectorVal* vargs = new VectorVal(call_argument_vector);
for ( int i = 0; i < args->NumFields(); i++ )
{
const char* fname = args->FieldName(i);
BroType* ftype = args->FieldType(i);
Val* fdefault = args->FieldDefault(i);
RecordVal* rec = new RecordVal(call_argument);
rec->Assign(0, new StringVal(fname));
ODesc d;
d.SetShort();
ftype->Describe(&d);
rec->Assign(1, new StringVal(d.Description()));
if ( fdefault )
{
Ref(fdefault);
rec->Assign(2, fdefault);
}
if ( i < vl->length() && (*vl)[i] )
{
Val* val = (*vl)[i];
Ref(val);
rec->Assign(3, val);
}
vargs->Assign(i, rec);
}
val_list* mvl = new val_list(2);
mvl->append(new StringVal(name));
mvl->append(vargs);
Event* ev = new Event(new_event, mvl);
mgr.Dispatch(ev);
}
void EventHandler::AddRemoteHandler(SourceID peer)
{
receivers.append(peer);