diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 17:39:49 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 17:39:49 +0000 |
commit | a0aa2307322cd47bbf416810ac0292925e03be87 (patch) | |
tree | 37076262a026c4b48c8a0e84f44ff9187556ca35 /lua/fast.lua | |
parent | Initial commit. (diff) | |
download | suricata-a0aa2307322cd47bbf416810ac0292925e03be87.tar.xz suricata-a0aa2307322cd47bbf416810ac0292925e03be87.zip |
Adding upstream version 1:7.0.3.upstream/1%7.0.3
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'lua/fast.lua')
-rw-r--r-- | lua/fast.lua | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/lua/fast.lua b/lua/fast.lua new file mode 100644 index 0000000..ffb3b01 --- /dev/null +++ b/lua/fast.lua @@ -0,0 +1,48 @@ +-- This is a simple example script to show what you can do with lua output scripts. +-- It prints logs similar to the ones produced by the builtin fast.log output +-- facility to stdout, hence its name. + +-- In the init() function we tell suricata, that we want the log function to be +-- called for every packet that produces an alert (see needs variable) + +-- Then in the log() function we get various informations about this packet via +-- SCRuleMsg() and all the other API functions and print them to stdout with print() + +-- To learn more about all the API functions suricata provides for your lua scripts +-- and the lua output extension in general see: +-- http://docs.suricata.io/en/latest/output/lua-output.html + +function init() + local needs = {} + needs["type"] = "packet" + needs["filter"] = "alerts" + return needs +end + +function setup() + alert_count = 0 +end + +function log() + timestring = SCPacketTimeString() + sid, rev, gid = SCRuleIds() + msg = SCRuleMsg() + class, priority = SCRuleClass() + + ip_version, src_ip, dst_ip, protocol, src_port, dst_port = SCPacketTuple() + + if class == nil then + class = "unknown" + end + + print (timestring .. " [**] [" .. gid .. ":" .. sid .. ":" .. rev .. "] " .. + msg .. " [**] [Classification: " .. class .. "] [Priority: " .. + priority .. "] {" .. protocol .. "} " .. + src_ip .. ":" .. src_port .. " -> " .. dst_ip .. ":" .. dst_port) + + alert_count = alert_count + 1; +end + +function deinit() + print ("Alerted " .. alert_count .. " times"); +end |