lua: fix fast.lua example

This one is a little different as it logs to a file, and is the same
fast.lua used in the new Suricata-Verify test.

Ticket: #7656

diff --git a/lua/fast.lua b/lua/fast.lua
index ffb3b01f6e7c61a9d905eeeab607a7ca7d99d13d..f72283ef00c90694cfbd98b1b965951194e10bde 100644 (file)
--- a/lua/fast.lua
+++ b/lua/fast.lua
@@ -1,17 +1,24 @@
--- This is a simple example script to show what you can do with lua output scripts.
--- It prints logs similar to the ones produced by the builtin fast.log output
--- facility to stdout, hence its name.
-
--- In the init() function we tell suricata, that we want the log function to be
--- called for every packet that produces an alert (see needs variable)
-
--- Then in the log() function we get various informations about this packet via
--- SCRuleMsg() and all the other API functions and print them to stdout with print()
-
--- To learn more about all the API functions suricata provides for your lua scripts
--- and the lua output extension in general see:
+-- This is a simple example script to show what you can do with lua
+-- output scripts.
+--
+-- It prints logs similar to the ones produced by the builtin fast.log
+-- output facility to stdout, hence its name.
+--
+-- In the init() function we tell suricata, that we want the log
+-- function to be called for every packet that produces an alert (see
+-- needs variable)
+--
+-- Then in the log() function we get various informations about this
+-- packet via the "suricata.packet" and "suricata.rule" library and
+-- print them to a file.
+--
+-- To learn more about all the API functions suricata provides for
+-- your lua scripts and the lua output extension in general see:
 -- http://docs.suricata.io/en/latest/output/lua-output.html
 
+local packet = require("suricata.packet")
+local rule = require("suricata.rule")
+
 function init()
     local needs     = {}
     needs["type"]   = "packet"
@@ -20,29 +27,40 @@ function init()
 end
 
 function setup()
+    filename = SCLogPath() .. "/fast.log"
+    file = assert(io.open(filename, "a"))
     alert_count = 0
 end
 
 function log()
-    timestring      = SCPacketTimeString()
-    sid, rev, gid   = SCRuleIds()
-    msg             = SCRuleMsg()
-    class, priority = SCRuleClass()
+    local p = packet.get()
+    local s = rule.get_rule()
+
+    local timestring = p:timestring_legacy()
+    local sid = s:sid()
+    local rev = s:rev()
+    local gid = s:gid()
+    local msg = s:msg()
+    local class = s:class_description()
+    local priority = s:priority()
 
-    ip_version, src_ip, dst_ip, protocol, src_port, dst_port = SCPacketTuple()
+    local ip_version, src_ip, dst_ip, protocol, src_port, dst_port = p:tuple()
 
     if class == nil then
         class = "unknown"
     end
 
-    print (timestring .. "  [**] [" .. gid .. ":" .. sid .. ":" .. rev .. "] " ..
+    local alert = (timestring .. "  [**] [" .. gid .. ":" .. sid .. ":" .. rev .. "] " ..
            msg .. " [**] [Classification: " .. class .. "] [Priority: " ..
            priority .. "] {" .. protocol .. "} " ..
            src_ip .. ":" .. src_port .. " -> " .. dst_ip .. ":" .. dst_port)
 
+    file:write(alert)
+
     alert_count = alert_count + 1;
 end
 
 function deinit()
+    file:close(file)
     print ("Alerted " .. alert_count .. " times");
 end