github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-16 06:48:31 +00:00
Code Issues Projects Releases Wiki Activity

Remove function outputs from grammar

Browse Source
This commit is contained in:
Henri DF
2016-03-30 13:00:51 -07:00
parent a9fc4d2b09
commit 5f0123317a
3 changed files with 2 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
userspace/digwatch/lua/compiler.lua
View File

@@ -179,10 +179,6 @@ local function outputformat (level, format)
return {type = "OutputFormat", level = normalize_level(level), value = format}
end
local function functioncall (level, str, mname, fname, args)
return {type = "FunctionCall", level = normalize_level(level), mname = mname, fname = fname, arguments = args, source = str}
end
local function rule(filter, output)
if not output then
output = outputformat(nil)
@@ -229,7 +225,7 @@ local G = {
MacroDef = (C(V"Macro") * V"Skip" * V"Colon" * (V"Filter"));
FuncArgs = symb("(") * list(V"Value", symb(",")) * symb(")");
Output = (C(V"Identifier") * V"Skip" * C(V"Name" * P(".") * V"Name" * V"FuncArgs") / functioncall) + (C(V"Identifier") * V"Skip" * C(P(1)^0) / outputformat);
Output = C(V"Identifier") * V"Skip" * C(P(1)^0) / outputformat;
-- Terminals
Value = terminal "Number" + terminal "String" + terminal "BareString";
@@ -473,11 +469,6 @@ function print_ast(ast, level)
elseif t == "OutputFormat" then
print(ast.value)
elseif t == "FunctionCall" then
print(ast.mname..ast.fname .. "(" )
print_ast(ast.arguments)
print(")")
elseif t == "Filter" then
print_ast(ast.value, level)

27
userspace/digwatch/lua/output.lua
View File

@@ -8,31 +8,4 @@ function mod.syslog(evt, level, format)
nixio.syslog(level, msg)
end
local first_sequence_state = {}
function mod.first_sequence(evt, fieldname, key, format)
local field_value = digwatch.field(evt, fieldname)
local now = os.time()
format = "%evt.time: "..format
if first_sequence_state[key] == nil then
first_sequence_state[key] = {}
end
if first_sequence_state[key][field_value] == nil or
now - first_sequence_state[key][field_value] > 5 then
formatter = digwatch.formatter(format)
msg = digwatch.format_event(evt, formatter)
print (msg)
end
if field_value == nil then
formatter = digwatch.formatter(format)
s = digwatch.format_event(evt, formatter)
error("first_sequence: field '"..fieldname.."' is nil in event ("..s..")")
end
first_sequence_state[key][field_value] = now
end
return mod