Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-05 08:08:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
zeek/src/syslog-analyzer.pac
Robin Sommer 6e6af4c541 Merge remote branch 'origin/topic/seth/syslog-analyzer' 
Note: I didn't merge anything in policy/*. Seems there was some
unrelated stuff in there, and the ticket says that the policy script
was a dummy for now anyway.

* origin/topic/seth/syslog-analyzer:
  Updates for syslog analyzer to prepare it for merging.
  Added the initial syslog analyzer and policy script.
  Adding some of the initial scripts that are going to be merged from my script repository.
2011-06-05 18:37:48 -07:00

27 lines
772 B
JavaScript
Raw Blame History

connection Syslog_Conn(bro_analyzer: BroAnalyzer)
{
upflow = Syslog_Flow;
downflow = Syslog_Flow;
};
flow Syslog_Flow
{
datagram = Syslog_Message withcontext(connection, this);
function process_syslog_message(m: Syslog_Message): bool
%{
BifEvent::generate_syslog_message(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(),
${m.PRI.facility},
${m.PRI.severity},
new StringVal(${m.msg}.length(), (const char*) ${m.msg}.begin())
);
return true;
%}
};
refine typeattr Syslog_Message += &let {
proc_syslog_message = $context.flow.process_syslog_message(this);
};
Reference in a new issue View git blame Copy permalink