Henri DF
42de0507fa
search for yaml config file
...
In order:
1) cmdline opt
2) in-tree path
3) /etc/digwatch.yaml
2016-04-12 23:14:44 +00:00
Henri DF
73ec593931
Add a configuration::init() that just sets up defaults
...
(For when no config file is being used)
2016-04-12 23:13:18 +00:00
Henri DF
dc099bfb91
Add configuration object and Yaml parser
...
These aren't wired up yet.
2016-04-12 23:13:15 +00:00
Henri DF
af4089dac3
Build and link yaml-cpp lib
2016-04-12 23:13:12 +00:00
Henri DF
b4859015ea
Add support for reading .scap files
2016-04-08 16:51:16 -07:00
Henri DF
709568b578
Command-line options simplification
...
Remove -N and always turn resolution off. Given the possible performance
impact, there shouldn't even be a way to have it on.
2016-04-07 15:12:15 -07:00
Henri DF
dcbae750c8
Remove the need for DIGWATCH_LUA_DIR env var
2016-04-06 23:05:41 +00:00
Henri DF
c7d0c7dbd9
Remove unneeded -m <lua_main_filename> param
2016-04-06 23:05:41 +00:00
Henri DF
f7ba825023
Remove dep on nixio by adding simple syslog lua function
2016-04-06 11:44:00 -07:00
Henri DF
77440750e6
Load probe
2016-04-04 18:39:42 -07:00
Henri DF
86e1eeffb2
Statically link in lpeg lua library
2016-04-04 15:07:16 -07:00
Henri DF
39b1f64510
Packaging: Bundle lua files
2016-03-31 21:18:23 -07:00
Henri DF
37d0f7d3e0
Build .deb, .rpm, and .tgz
2016-03-31 18:54:52 -07:00
Henri DF
8ae908fe85
Rework cmake files
...
Rather than do include_directory() on the whole sysdig repo, just do it
for driver, libscap, and libsinp.
This is a step on the way to building a digwatch package.
2016-03-31 18:39:49 -07:00
Henri DF
c9806407e8
Priority level internal handling
...
Handle internally as ints, then translate as appropriate in outputs
2016-03-30 14:38:18 -07:00
Henri DF
d6dee28bbe
Output simplification
...
The Output is now chosen globally (for all rules), on the command line.
2016-03-30 14:27:19 -07:00
Henri DF
f44bd06f1d
Remove unused/unimplemented options
2016-03-30 13:20:31 -07:00
Henri DF
5f0123317a
Remove function outputs from grammar
2016-03-30 13:00:51 -07:00
Henri DF
6158168a97
Grammar support for priorities
2016-03-29 21:35:07 -07:00
Henri DF
38957d3b14
Add timestamp in function outputs
2016-03-29 19:54:15 -07:00
Henri DF
97d7b125ba
Implicit time in output formats
...
As pointed out by Loris, timestamping output messages should be a
responsibility of the output/collection system.
So as a first step towards this, add timestamps automatically for output
formats, and remove them from rules.
2016-03-29 19:47:57 -07:00
Henri DF
aea9b0054b
Minor error handling improvements
2016-03-29 19:31:34 -07:00
Henri DF
faf36cd8d7
Use new sysdig support for fast processing of in-exprs
2016-03-24 14:25:48 -07:00
Henri DF
aa31d0a0fb
Optimization: don't nest at every boolean op
2016-03-18 13:10:07 -07:00
Henri DF
9043c89a9b
Nice formatting when printing ASTs
2016-03-16 13:00:03 -07:00
Henri DF
7104d52466
minor cmakefile cleanup
2016-03-07 17:27:20 -08:00
Henri DF
8c6bb8a236
Set Lua cpath along with path
2016-03-04 17:54:18 -08:00
Henri DF
331042858f
Initial version of outputs.lua
2016-03-03 16:13:08 -08:00
Henri DF
5f681b1bd8
Signal handlers and clean(er) exit
2016-03-04 00:11:09 +00:00
Henri DF
ea158baa8d
Fix error string
2016-03-02 22:24:12 +00:00
Henri DF
33ad92e98b
Fix typo-bug in lua code
2016-03-01 22:01:45 -08:00
Henri DF
f0da1c724b
formats.cpp: print lua error string (like elsewherE)
2016-03-01 22:01:14 -08:00
Henri DF
8343d23c3f
remove debugging print from rules_loader.lua
2016-03-01 20:10:34 -08:00
Henri DF
26fcf3415d
Add digwatch.fields() to Lua API
2016-03-01 21:54:20 +00:00
Henri DF
3195c8abea
formats.{cpp,h}: Get rid of global vars
2016-03-01 21:54:18 +00:00
Henri DF
0cdbdf9215
minor include cleanups
2016-03-01 10:49:19 -08:00
Henri DF
6a99c1a978
Basic support for function calls in outputs
2016-02-29 20:15:50 -08:00
Henri DF
1b7a5bd119
compiler: keep source in FunctionCall ASTs
2016-02-29 13:37:16 -08:00
Henri DF
55b2490314
coding convention
2016-02-28 21:14:46 -08:00
Henri DF
1c04ed7874
rework digwatch event output handling
...
the high-level change is that events matching a rule are now send into a
lua "on_event" function for handling, rather than doing the handling
down in c++.
more specifics:
before, the lua "load_rule" function registered formatters with
associated IDs with the c++ side, which later used this state to
reconcile events with formats and print output accordingly.
now, no such state is kept on the c++ side. the lua "load_rule" function
maintains the id->formatters map, and uses it to print outputs when it
receives events.
this change simplifies the existing flow and will also make the forthcoming
implementation of function outputs far simpler than it would have been
in the current setup.
2016-02-28 21:06:29 -08:00
Henri DF
f71de57a90
fix unused vars warning in digwatch.cpp
2016-02-28 20:28:47 -08:00
Henri DF
c695051990
rule_loader.lua: comments cleanups
2016-02-28 23:50:10 +00:00
Henri DF
6569f0372d
Grammar: support function-call syntax in outputs
...
This change adds syntax support for function call outputs. For example:
... | syslog(evt, WARN)
Regular outputs are still allowed and parsed in the same way.
2016-02-28 14:28:00 -08:00
Henri DF
733548b80b
Grammar: fix commas in lists
...
commas were (unintentionally) optional in lists. so a list like (a b c)
was a valid three-element list.
2016-02-28 14:24:54 -08:00
Henri DF
96942f8034
Grammar: parse array lookup in fields
2016-02-28 13:20:35 -08:00
Henri DF
4053b7241e
Fix 'in' clause expansion
2016-02-25 10:54:42 -08:00
Henri DF
eaeb360b31
Fix macro expansion
2016-02-25 10:54:28 -08:00
Henri DF
d62ea1df24
Support for comments in rules files
2016-02-24 15:47:19 -08:00
Henri DF
2428231c7a
Remove unneeded code from digwatch main
2016-02-24 10:32:14 -08:00
Henri DF
1a70d12525
whitespace
2016-02-24 09:17:26 -08:00