[Oisf-users] Playing with luajit and flowvars...
Edward Fjellskål
edwardfjellskaal at gmail.com
Wed Jun 11 21:35:59 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Could anyone confirm if Im doing it wrong, or if there is something wrong?
E
On 05/29/2014 11:37 PM, Edward Fjellskål wrote:
> --[[
>
> Rule to trigger the script and hopefully setting the flowvar?
>
> alert http any any -> any any (msg:"LUAJIT TEST (GET)";
> flow:established,to_server; content:"GET"; nocase; http_method;
> pcre:"/^(?P<flow_method>GET) /i"; luajit:luajit-test.lua; rev:1;
> sid:9900000;)
>
> But all I see is: "We have no A :("
>
> What Im I doing wrong?
>
> ]]--
>
> function init (args) local needs = {} needs["flowvar"] =
> {"method"} return needs end
>
> function match(args) local a = ScFlowvarGet(0); local l =
> io.open("/tmp/luajit-test.log", "a")
>
> if a then l:write("We have an A: " .. (a) .. "\n") else l:write("We
> have no A :(\n") end l:close() return 0; end
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQEcBAEBAgAGBQJTmMu8AAoJEAf3kNGaI009BM0H/Rvl7R9j4fqVfamKNWLFRs0D
t1m+PEdg/Ti7nWmyMQW6oEOITdXpopOqz3jcRBP+gUWlaqbR8JtsJWlq57Vx4Zc3
HpYql7rA0Bdo6ovHjxAE5jnrFcHjWIrOAB4xRQBzUBhoD0AsT+bD6jG4ENxpsRHN
B88Ls1RahkkfsktUKqmyr5MsDQfbmuluc9gnfJkQKiwlPisattMeAQ5hbKOjpHaO
sKoGP8gvt5zyntaRbutA/kjJ3Hz9VqG57vysPsmWl+igsSb9kUWPibPspEvBt+qD
7pDJUMPh/9WJ/gu8iAqcuwI6qB7XmbztThTOEJvJ8B5GxDBucqqugte3YTSGUyE=
=ozBp
-----END PGP SIGNATURE-----
More information about the Oisf-users
mailing list