Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
zeek/testing/btest/plugins/publish-event-metadata-plugin/src/Plugin.cc
Arne Welzel bda70067ec cluster: Move cluster::detail::Event to cluster::Event 
This class is a parameter of virtual methods of the Backend API for users
to implement and also a parameter to the HookPublishEvent() API. Seems it
shouldn't be in detail and instead we should own it.

Alternatively, could mark the cluster APIs as not-stable-yet, but I
think we can move forward and make it non-detail for 8.0.
2025-07-29 18:13:59 +02:00

95 lines
3.6 KiB
C++
Raw Permalink Blame History

#include "Plugin.h"
#include <zeek/Desc.h>
#include <zeek/ID.h>
#include <zeek/Reporter.h>
#include <zeek/Val.h>
#include <zeek/cluster/Backend.h>
#include <cstdio>
#include <string>
namespace btest::plugin::Demo_PublishEventMetadata {
Plugin plugin;
}
using namespace btest::plugin::Demo_PublishEventMetadata;
zeek::plugin::Configuration Plugin::Configure() {
EnableHook(zeek::plugin::HOOK_PUBLISH_EVENT);
zeek::plugin::Configuration config;
config.name = "Demo::PublishEventMetadata";
config.description = "For testing metadata publish";
config.version.major = 1;
config.version.minor = 0;
config.version.patch = 0;
return config;
}
void Plugin::InitPostScript() {
std::fprintf(stdout, "%.6f %-15s\n", zeek::run_state::network_time, " InitPostScript");
}
bool Plugin::HookPublishEvent(zeek::cluster::Backend& backend, const std::string& topic, zeek::cluster::Event& event) {
std::fprintf(stdout, "%.6f %s backend=%s topic=%s event=%s\n", zeek::run_state::network_time, "HookPublishEvent",
backend.Name().c_str(), topic.c_str(), std::string(event.HandlerName()).c_str());
const auto& table_type = zeek::id::find_type<zeek::TableType>("table_string_of_string");
const auto& string_md = zeek::id::find_val<zeek::EnumVal>("App::CUSTOM_METADATA_STRING");
auto count_md = zeek::id::find_val<zeek::EnumVal>("App::CUSTOM_METADATA_COUNT");
auto table_md = zeek::id::find_val<zeek::EnumVal>("App::CUSTOM_METADATA_TABLE");
if ( ! count_md || ! table_md )
zeek::reporter->FatalError("Could not find required enum values");
if ( topic == "topic1" ) {
if ( ! event.AddMetadata(string_md, zeek::make_intrusive<zeek::StringVal>("testing string metadata")) ) {
zeek::reporter->FatalError("Failed to add string metadata");
}
}
else if ( topic == "topic2" ) {
if ( ! event.AddMetadata(count_md, zeek::val_mgr->Count(42424242)) ) {
zeek::reporter->FatalError("Failed to add count metadata");
}
}
else if ( topic == "topic3" ) {
auto tv = zeek::make_intrusive<zeek::TableVal>(table_type);
if ( ! tv->Assign(zeek::make_intrusive<zeek::StringVal>("key1"),
zeek::make_intrusive<zeek::StringVal>("val1")) )
zeek::reporter->FatalError("Could not update table value");
if ( ! event.AddMetadata(table_md, tv) ) {
zeek::reporter->FatalError("Failed to add table metadata");
}
}
else if ( topic == "topic4" ) {
auto tv = zeek::make_intrusive<zeek::TableVal>(table_type);
if ( ! tv->Assign(zeek::make_intrusive<zeek::StringVal>("key1"),
zeek::make_intrusive<zeek::StringVal>("val1")) )
zeek::reporter->FatalError("Could not update table value");
if ( ! event.AddMetadata(table_md, tv) ) {
zeek::reporter->FatalError("Failed to add table metadata");
}
if ( ! event.AddMetadata(count_md, zeek::val_mgr->Count(41414242)) ) {
zeek::reporter->FatalError("Failed to add string metadata");
}
if ( ! event.AddMetadata(string_md, zeek::make_intrusive<zeek::StringVal>("testing string metadata")) ) {
zeek::reporter->FatalError("Failed to add string metadata");
}
// Event metadata is just a vector, so can have duplicate entries.
if ( ! event.AddMetadata(string_md, zeek::make_intrusive<zeek::StringVal>("more string metadata")) ) {
zeek::reporter->FatalError("Failed to add string metadata");
}
}
else {
zeek::reporter->FatalError("Unhandled topic %s", topic.c_str());
}
return true;
}
Reference in a new issue View git blame Copy permalink