]>
Commit | Line | Data |
---|---|---|
88d9af2c SS |
1 | package Guardian::Parser; |
2 | use strict; | |
3 | use warnings; | |
4 | ||
5 | use Exporter qw(import); | |
6 | ||
7 | our @EXPORT_OK = qw(Parser); | |
8 | ||
9 | # This hash contains all supported logfiles and which function | |
10 | # has to be called to parse them in the right way. | |
11 | my %logfile_parsers = ( | |
12 | "/var/log/snort/alert" => \&message_parser_snort, | |
13 | ); | |
14 | ||
15 | # | |
16 | ## The main parsing function. | |
17 | # | |
18 | ## It is used to determine which sub-parser has to be used to | |
19 | ## parse the given message in the right way and to return if | |
20 | ## any action should be performed. | |
21 | # | |
22 | sub Parser ($$) { | |
23 | my ($file, @message) = @_; | |
24 | ||
25 | # If no responsible message parser could be found, just return nothing. | |
26 | unless (exists($logfile_parsers{$file})) { | |
27 | return; | |
28 | } | |
29 | ||
30 | # Call responsible logfile parser. | |
31 | my $action = $logfile_parsers{$file}->(@message); | |
32 | ||
33 | # Return which action should be performed. | |
34 | return $action; | |
35 | } | |
36 | ||
37 | # | |
38 | ## The Snort message parser. | |
39 | # | |
40 | ## This subfunction is responsible for parsing sort alerts and determine if | |
41 | ## an action should be performed. | |
42 | # | |
43 | sub message_parser_snort($) { | |
44 | my @message = @_; | |
45 | ||
46 | # XXX | |
47 | # Currently this parser just returns a simple message. | |
48 | return "snort_parser_return\n"; | |
49 | } | |
50 | ||
51 | 1; |