From fc04ddfe40831f8c97faa59089c10e50bda5b2d7 Mon Sep 17 00:00:00 2001
From: Henri DF <henridf@gmail.com>
Date: Wed, 4 May 2016 17:39:30 -0700
Subject: [PATCH] Move output code into output.lua

---
 userspace/falco/lua/output.lua      | 22 ++++++++++++++++++++++
 userspace/falco/lua/rule_loader.lua | 24 +++---------------------
 2 files changed, 25 insertions(+), 21 deletions(-)

diff --git a/userspace/falco/lua/output.lua b/userspace/falco/lua/output.lua
index 33e8f063..d4098d99 100644
--- a/userspace/falco/lua/output.lua
+++ b/userspace/falco/lua/output.lua
@@ -2,6 +2,8 @@ local mod = {}
 
 levels = {"Emergency", "Alert", "Critical", "Error", "Warning", "Notice", "Informational", "Debug"}
 
+local outputs = {}
+
 function mod.stdout(evt, level, format)
    format = "%evt.time: "..levels[level+1].." "..format
    formatter = falco.formatter(format)
@@ -39,4 +41,24 @@ function mod.syslog(evt, level, format)
    falco.syslog(level, msg)
 end
 
+function mod.event(event, level, format)
+   for index,o in ipairs(outputs) do
+      o.output(event, level, format, o.config)
+   end
+end
+
+function add_output(output_name, config)
+   if not (type(mod[output_name]) == 'function') then
+      error("rule_loader.add_output(): invalid output_name: "..output_name)
+   end
+
+   -- outputs can optionally define a validation function so that we don't
+   -- find out at runtime (when an event finally matches a rule!) that the config is invalid
+   if (type(mod[output_name.."_validate"]) == 'function') then
+     mod[output_name.."_validate"](config)
+   end
+
+   table.insert(outputs, {output = mod[output_name], config=config})
+end
+
 return mod
diff --git a/userspace/falco/lua/rule_loader.lua b/userspace/falco/lua/rule_loader.lua
index c17c7ced..b6c0ea7d 100644
--- a/userspace/falco/lua/rule_loader.lua
+++ b/userspace/falco/lua/rule_loader.lua
@@ -9,9 +9,11 @@ local DEFAULT_OUTPUT_FORMAT = "%evt.time: %evt.num %evt.cpu %proc.name (%thread.
 local DEFAULT_PRIORITY = "WARNING"
 
 
+local output = require('output')
 local compiler = require "compiler"
 local yaml = require"lyaml"
 
+
 --[[
    Traverse AST, adding the passed-in 'index' to each node that contains a relational expression
 --]]
@@ -175,32 +177,12 @@ function load_rules(filename)
    io.flush()
 end
 
-local output_functions = require('output')
-outputs = {}
-
-function add_output(output_name, config)
-   if not (type(output_functions[output_name]) == 'function') then
-      error("rule_loader.add_output(): invalid output_name: "..output_name)
-   end
-
-   -- outputs can optionally define a validation function so that we don't
-   -- find out at runtime (when an event finally matches a rule!) that the config is invalid
-   if (type(output_functions[output_name.."_validate"]) == 'function') then
-     output_functions[output_name.."_validate"](config)
-   end
-
-   table.insert(outputs, {output = output_functions[output_name], config=config})
-end
-
 function on_event(evt_, rule_id)
 
    if state.outputs[rule_id] == nil then
       error ("rule_loader.on_event(): event with invalid rule_id: ", rule_id)
    end
 
-   for index,o in ipairs(outputs) do
-      o.output(evt_, state.outputs[rule_id].level, state.outputs[rule_id].format, o.config)
-   end
-
+   output.event(evt_, state.outputs[rule_id].level, state.outputs[rule_id].format)
 end