From: Jason Ish Date: Thu, 10 Apr 2025 22:52:40 +0000 (-0600) Subject: lua: fix fast.lua example X-Git-Tag: suricata-8.0.0-rc1~428 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=13de319b010f947d5b5e292497b1dfaa1a8a338b;p=thirdparty%2Fsuricata.git lua: fix fast.lua example This one is a little different as it logs to a file, and is the same fast.lua used in the new Suricata-Verify test. Ticket: #7656 --- diff --git a/lua/fast.lua b/lua/fast.lua index ffb3b01f6e..f72283ef00 100644 --- a/lua/fast.lua +++ b/lua/fast.lua @@ -1,17 +1,24 @@ --- This is a simple example script to show what you can do with lua output scripts. --- It prints logs similar to the ones produced by the builtin fast.log output --- facility to stdout, hence its name. - --- In the init() function we tell suricata, that we want the log function to be --- called for every packet that produces an alert (see needs variable) - --- Then in the log() function we get various informations about this packet via --- SCRuleMsg() and all the other API functions and print them to stdout with print() - --- To learn more about all the API functions suricata provides for your lua scripts --- and the lua output extension in general see: +-- This is a simple example script to show what you can do with lua +-- output scripts. +-- +-- It prints logs similar to the ones produced by the builtin fast.log +-- output facility to stdout, hence its name. +-- +-- In the init() function we tell suricata, that we want the log +-- function to be called for every packet that produces an alert (see +-- needs variable) +-- +-- Then in the log() function we get various informations about this +-- packet via the "suricata.packet" and "suricata.rule" library and +-- print them to a file. +-- +-- To learn more about all the API functions suricata provides for +-- your lua scripts and the lua output extension in general see: -- http://docs.suricata.io/en/latest/output/lua-output.html +local packet = require("suricata.packet") +local rule = require("suricata.rule") + function init() local needs = {} needs["type"] = "packet" @@ -20,29 +27,40 @@ function init() end function setup() + filename = SCLogPath() .. "/fast.log" + file = assert(io.open(filename, "a")) alert_count = 0 end function log() - timestring = SCPacketTimeString() - sid, rev, gid = SCRuleIds() - msg = SCRuleMsg() - class, priority = SCRuleClass() + local p = packet.get() + local s = rule.get_rule() + + local timestring = p:timestring_legacy() + local sid = s:sid() + local rev = s:rev() + local gid = s:gid() + local msg = s:msg() + local class = s:class_description() + local priority = s:priority() - ip_version, src_ip, dst_ip, protocol, src_port, dst_port = SCPacketTuple() + local ip_version, src_ip, dst_ip, protocol, src_port, dst_port = p:tuple() if class == nil then class = "unknown" end - print (timestring .. " [**] [" .. gid .. ":" .. sid .. ":" .. rev .. "] " .. + local alert = (timestring .. " [**] [" .. gid .. ":" .. sid .. ":" .. rev .. "] " .. msg .. " [**] [Classification: " .. class .. "] [Priority: " .. priority .. "] {" .. protocol .. "} " .. src_ip .. ":" .. src_port .. " -> " .. dst_ip .. ":" .. dst_port) + file:write(alert) + alert_count = alert_count + 1; end function deinit() + file:close(file) print ("Alerted " .. alert_count .. " times"); end