aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Included Action::Syslog by default in config

Browse Source
remotes/origin/HEAD
Martin Holste 13 years ago committed by Victor Julien
parent e179cbc236
commit cfd64c49ec
3 changed files with 12 additions and 9 deletions
Show Stats Download Patch File Download Diff File

2
contrib/file_processor/README
Unescape Escape View File

@ -4,5 +4,5 @@ To create new plugins, use the existing modules as a guide. Drop a new file wit
INSTALLATION INSTALLATION
You will need a few Perl modules to get going. I recommend using the excellent cpanm utility which can be installed by typing "cpan App::cpanminus." After cpanm is installed, you can install everything in one command like this: You will need a few Perl modules to get going. I recommend using the excellent cpanm utility which can be installed by typing "cpan App::cpanminus." After cpanm is installed, you can install everything in one command like this:
cpanm Moose Module::Pluggable Log::Log4perl Config::JSON File::Tail LWP::UserAgent cpanm Moose Module::Pluggable Log::Log4perl Config::JSON File::Tail LWP::UserAgent Sys::Syslog
Alternatively, you may wish to install using your operating system's package manager, though that may not use the latest code for these modules. Alternatively, you may wish to install using your operating system's package manager, though that may not use the latest code for these modules.

3
contrib/file_processor/file_processor.conf
Unescape Escape View File

@ -3,7 +3,8 @@
"debug_level": "INFO", "debug_level": "INFO",
#"virustotal_apikey": "xxx" #"virustotal_apikey": "xxx"
"actions": { "actions": {
"Action::Log": 1 "Action::Log": 1,
"Action::Syslog": 1
}, },
"processors": { "processors": {
"Processor::Anubis": 1, "Processor::Anubis": 1,

16
contrib/file_processor/file_processor.pl
Unescape Escape View File

@ -50,13 +50,14 @@ sub process {
#$self->log->debug('got line ' . $line); #$self->log->debug('got line ' . $line);
eval { eval {
my $data = $self->json->decode($line); my $data = $self->json->decode($line);
return unless $data->{md5};
$data->{processors} = {}; $data->{processors} = {};
foreach my $processor_plugin ($self->processors){ if($data->{md5}){
next unless exists $self->conf->{processors}->{$processor_plugin}; foreach my $processor_plugin ($self->processors){
my $processor = $processor_plugin->new(conf => $self->conf, log => $self->log, md5 => $data->{md5}); next unless exists $self->conf->{processors}->{$processor_plugin};
$self->log->debug('processing with plugin ' . $processor->description); my $processor = $processor_plugin->new(conf => $self->conf, log => $self->log, md5 => $data->{md5});
$data->{processors}->{ $processor->name } = $processor->process(); $self->log->debug('processing with plugin ' . $processor->description);
$data->{processors}->{ $processor->name } = $processor->process();
}
} }
#$self->log->debug('data: ' . Dumper($data)); #$self->log->debug('data: ' . Dumper($data));
foreach my $action_plugin ($self->actions){ foreach my $action_plugin ($self->actions){
@ -89,7 +90,8 @@ my $Conf = {
logdir => '/tmp', logdir => '/tmp',
debug_level => 'TRACE', debug_level => 'TRACE',
actions => { actions => {
'Action::Log' => 1 'Action::Log' => 1,
'Action::Syslog' => 1,
}, },
processors => { processors => {
'Processor::Anubis' => 1, 'Processor::Anubis' => 1,

Write Preview
Loading…
Cancel
Save