projects / people / stevee / guardian.git / blame
| Commit | Line | Data |
|---|---|---|
| 88d9af2c SS |
1 | package Guardian::Parser; |
| 2 | use strict; | |
| 3 | use warnings; | |
| 4 | ||
| 5 | use Exporter qw(import); | |
| 6 | ||
| 7 | our @EXPORT_OK = qw(Parser); | |
| 8 | ||
| 9 | # This hash contains all supported logfiles and which function | |
| 10 | # has to be called to parse them in the right way. | |
| 11 | my %logfile_parsers = ( | |
| 12 | "/var/log/snort/alert" => \&message_parser_snort, | |
| 13 | ); | |
| 14 | ||
| 15 | # | |
| 16 | ## The main parsing function. | |
| 17 | # | |
| 18 | ## It is used to determine which sub-parser has to be used to | |
| 19 | ## parse the given message in the right way and to return if | |
| 20 | ## any action should be performed. | |
| 21 | # | |
| 22 | sub Parser ($$) { | |
| 23 | my ($file, @message) = @_; | |
| 24 | ||
| 25 | # If no responsible message parser could be found, just return nothing. | |
| 26 | unless (exists($logfile_parsers{$file})) { | |
| 27 | return; | |
| 28 | } | |
| 29 | ||
| 30 | # Call responsible logfile parser. | |
| 31 | my $action = $logfile_parsers{$file}->(@message); | |
| 32 | ||
| 33 | # Return which action should be performed. | |
| 34 | return $action; | |
| 35 | } | |
| 36 | ||
| 37 | # | |
| 38 | ## The Snort message parser. | |
| 39 | # | |
| 40 | ## This subfunction is responsible for parsing sort alerts and determine if | |
| 41 | ## an action should be performed. | |
| 42 | # | |
| 43 | sub message_parser_snort($) { | |
| 44 | my @message = @_; | |
| 45 | ||
| 46 | # XXX | |
| 47 | # Currently this parser just returns a simple message. | |
| 48 | return "snort_parser_return\n"; | |
| 49 | } | |
| 50 | ||
| 51 | 1; |