github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-06-29 16:17:32 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #24 from draios/read-files

Browse Source 
Add support for reading .scap files
This commit is contained in:
Henri DF 2016-04-08 16:53:04 -07:00
commit 997fec2d4b
1 changed files with 21 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
userspace/digwatch/digwatch.cpp
View File

@ -45,6 +45,8 @@ static void usage()
"Options:\n" "Options:\n"
" -h, --help Print this page\n" " -h, --help Print this page\n"
" -o Output type (options are 'stdout', 'syslog', default is 'stdout')\n" " -o Output type (options are 'stdout', 'syslog', default is 'stdout')\n"
" -r <readfile>, --read=<readfile>\n"
" Read the events from <readfile>.\n"
"\n" "\n"
); );
} }
@ -166,13 +168,14 @@ int digwatch_init(int argc, char **argv)
int long_index = 0; int long_index = 0;
string lua_main_filename; string lua_main_filename;
string output_name = "stdout"; string output_name = "stdout";
string infile;
string lua_dir = DIGWATCH_LUA_DIR; string lua_dir = DIGWATCH_LUA_DIR;
lua_State* ls = NULL; lua_State* ls = NULL;
static struct option long_options[] = static struct option long_options[] =
{ {
{"help", no_argument, 0, 'h' }, {"help", no_argument, 0, 'h' },
{"main-lua", required_argument, 0, 'u' }, {"readfile", required_argument, 0, 'r' },
{0, 0, 0, 0} {0, 0, 0, 0}
}; };
@ -185,7 +188,7 @@ int digwatch_init(int argc, char **argv)
// Parse the args // Parse the args
// //
while((op = getopt_long(argc, argv, while((op = getopt_long(argc, argv,
"ho:", "ho:r:",
long_options, &long_index)) != -1) long_options, &long_index)) != -1)
{ {
switch(op) switch(op)
@ -201,6 +204,9 @@ int digwatch_init(int argc, char **argv)
} }
output_name = optarg; output_name = optarg;
break; break;
case 'r':
infile = optarg;
break;
case '?': case '?':
result = EXIT_FAILURE; result = EXIT_FAILURE;
goto exit; goto exit;
@ -288,19 +294,25 @@ int digwatch_init(int argc, char **argv)
inspector->set_hostname_and_port_resolution_mode(false); inspector->set_hostname_and_port_resolution_mode(false);
try if (infile.size())
{ {
inspector->open(""); inspector->open(infile);
} }
catch(sinsp_exception e) else
{ {
if(system("modprobe " PROBE_NAME " > /dev/null 2> /dev/null")) try
{ {
fprintf(stderr, "Unable to load the driver\n"); inspector->open();
}
catch(sinsp_exception e)
{
if(system("modprobe " PROBE_NAME " > /dev/null 2> /dev/null"))
{
fprintf(stderr, "Unable to load the driver\n");
}
inspector->open();
} }
inspector->open("");
} }
do_inspect(inspector, do_inspect(inspector,
rules, rules,
output_name, output_name,