From e179cbc236b431ac88ef48a1ad002ee2bf2333bc Mon Sep 17 00:00:00 2001
From: Martin Holste <mcholste@gmail.com>
Date: Sat, 21 Apr 2012 09:32:58 -0500
Subject: [PATCH] Added Syslog action for logging to local syslog

---
 contrib/file_processor/Action/Syslog.pm | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 contrib/file_processor/Action/Syslog.pm

diff --git a/contrib/file_processor/Action/Syslog.pm b/contrib/file_processor/Action/Syslog.pm
new file mode 100644
index 0000000000..6b7c31a152
--- /dev/null
+++ b/contrib/file_processor/Action/Syslog.pm
@@ -0,0 +1,20 @@
+package Action::Syslog;
+use Moose;
+extends 'Processor';
+use Sys::Syslog qw(:standard :macros);
+
+our $Program = 'suricata_file';
+our $Facility = LOG_LOCAL0;
+has 'data' => (is => 'rw', isa => 'HashRef', required => 1);
+
+sub name { 'syslog' }
+sub description { 'Log to local syslog' }
+
+sub perform {
+	my $self = shift;
+	openlog($Program, undef, $Facility);
+	syslog(LOG_INFO, $self->json->encode($self->data));
+	closelog;
+}
+
+1