github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-07-31 14:11:41 +00:00
Code Issues Projects Releases Wiki Activity

Output simplification

Browse Source 
The Output is now chosen globally (for all rules), on the command line.
This commit is contained in:
Henri DF 2016-03-30 14:27:19 -07:00
parent f44bd06f1d
commit d6dee28bbe
3 changed files with 34 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
userspace/digwatch/digwatch.cpp
View File

@ -31,6 +31,8 @@ static void signal_callback(int signal)
} }
std::vector<string> valid_output_names {"stdout", "syslog"};
// //
// Program help // Program help
// //
@ -44,6 +46,7 @@ static void usage()
" Name of lua compiler main file\n" " Name of lua compiler main file\n"
" (default: rules_loader.lua)\n" " (default: rules_loader.lua)\n"
" -N Don't convert port numbers to names.\n" " -N Don't convert port numbers to names.\n"
" -o Output type (options are 'stdout', 'syslog', default is 'stdout')\n"
" process or into a script.\n" " process or into a script.\n"
"\n" "\n"
); );
@ -56,6 +59,7 @@ string lua_on_event = "on_event";
// //
void do_inspect(sinsp* inspector, void do_inspect(sinsp* inspector,
digwatch_rules* rules, digwatch_rules* rules,
string output_name,
lua_State* ls) lua_State* ls)
{ {
int32_t res; int32_t res;
@ -105,8 +109,9 @@ void do_inspect(sinsp* inspector,
{ {
lua_pushlightuserdata(ls, ev); lua_pushlightuserdata(ls, ev);
lua_pushnumber(ls, ev->get_check_id()); lua_pushnumber(ls, ev->get_check_id());
lua_pushstring(ls, output_name.c_str());
if(lua_pcall(ls, 2, 0, 0) != 0) if(lua_pcall(ls, 3, 0, 0) != 0)
{ {
const char* lerr = lua_tostring(ls, -1); const char* lerr = lua_tostring(ls, -1);
string err = "Error invoking function output: " + string(lerr); string err = "Error invoking function output: " + string(lerr);
@ -163,6 +168,7 @@ int digwatch_init(int argc, char **argv)
sinsp_evt::param_fmt event_buffer_format = sinsp_evt::PF_NORMAL; sinsp_evt::param_fmt event_buffer_format = sinsp_evt::PF_NORMAL;
int long_index = 0; int long_index = 0;
string lua_main_filename; string lua_main_filename;
string output_name = "stdout";
string lua_dir = DIGWATCH_INSTALLATION_DIR; string lua_dir = DIGWATCH_INSTALLATION_DIR;
lua_State* ls = NULL; lua_State* ls = NULL;
@ -176,13 +182,13 @@ int digwatch_init(int argc, char **argv)
try try
{ {
inspector = new sinsp(); inspector = new sinsp();
bool valid;
// //
// Parse the args // Parse the args
// //
while((op = getopt_long(argc, argv, while((op = getopt_long(argc, argv,
"hm:N", "hm:No:",
long_options, &long_index)) != -1) long_options, &long_index)) != -1)
{ {
switch(op) switch(op)
@ -196,6 +202,14 @@ int digwatch_init(int argc, char **argv)
case 'N': case 'N':
inspector->set_hostname_and_port_resolution_mode(false); inspector->set_hostname_and_port_resolution_mode(false);
break; break;
case 'o':
valid = std::find(valid_output_names.begin(), valid_output_names.end(), optarg) != valid_output_names.end();
if (!valid)
{
throw sinsp_exception(string("Invalid output name ") + optarg);
}
output_name = optarg;
break;
case '?': case '?':
result = EXIT_FAILURE; result = EXIT_FAILURE;
goto exit; goto exit;
@ -280,6 +294,7 @@ int digwatch_init(int argc, char **argv)
do_inspect(inspector, do_inspect(inspector,
rules, rules,
output_name,
ls); ls);
inspector->close(); inspector->close();

8
userspace/digwatch/lua/output.lua
View File

@ -1,8 +1,14 @@
local mod = {} local mod = {}
function mod.stdout(evt, level, format)
format = "%evt.time: "..level.." "..format
formatter = digwatch.formatter(format)
msg = digwatch.format_event(evt, formatter)
print (msg)
end
function mod.syslog(evt, level, format) function mod.syslog(evt, level, format)
nixio = require("nixio") nixio = require("nixio")
format = "%evt.time: "..format
formatter = digwatch.formatter(format) formatter = digwatch.formatter(format)
msg = digwatch.format_event(evt, formatter) msg = digwatch.format_event(evt, formatter)
nixio.syslog(level, msg) nixio.syslog(level, msg)

22
userspace/digwatch/lua/rule_loader.lua
View File

@ -113,11 +113,8 @@ function set_output(output_ast)
format = output_ast.value format = output_ast.value
end end
state.outputs[state.n_rules] = {type="format", formatter=digwatch.formatter("%evt.time: "..format)} state.outputs[state.n_rules] = {format=format, level = output_ast.level}
elseif (output_ast.type == "FunctionCall") then
require(output_ast.mname)
state.outputs[state.n_rules] = {type="function", mname = output_ast.mname, source=output_ast.source}
else else
error ("Unexpected type in set_output: ".. output_ast.type) error ("Unexpected type in set_output: ".. output_ast.type)
end end
@ -162,18 +159,17 @@ function on_done()
io.flush() io.flush()
end end
evt = nil local outputs = require('output')
function on_event(evt_, rule_id)
function on_event(evt_, rule_id, output_name)
if not (type(outputs[output_name]) == 'function') then
error("rule_loader.on_event(): invalid output_name: ", output_name)
end
if state.outputs[rule_id] == nil then if state.outputs[rule_id] == nil then
error ("rule_loader.on_event(): event with invalid rule_id: ", rule_id) error ("rule_loader.on_event(): event with invalid rule_id: ", rule_id)
end end
if state.outputs[rule_id].type == "format" then outputs[output_name](evt_, state.outputs[rule_id].level, state.outputs[rule_id].format)
print(digwatch.format_event(evt_, state.outputs[rule_id].formatter))
elseif state.outputs[rule_id].type == "function" then
local reqmod = "local "..state.outputs[rule_id].mname.." = require('" ..state.outputs[rule_id].mname .. "')";
evt = evt_
assert(loadstring(reqmod .. state.outputs[rule_id].source))()
end
end end