[Oisf-users] Playing with luajit and flowvars...
Edward Fjellskål
edwardfjellskaal at gmail.com
Thu May 29 21:37:13 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --[[
Rule to trigger the script and hopefully setting the flowvar?
alert http any any -> any any (msg:"LUAJIT TEST (GET)";
flow:established,to_server; content:"GET"; nocase; http_method;
pcre:"/^(?P<flow_method>GET) /i"; luajit:luajit-test.lua; rev:1;
sid:9900000;)
But all I see is: "We have no A :("
What Im I doing wrong?
]]--
function init (args)
local needs = {}
needs["flowvar"] = {"method"}
return needs
end
function match(args)
local a = ScFlowvarGet(0);
local l = io.open("/tmp/luajit-test.log", "a")
if a then
l:write("We have an A: " .. (a) .. "\n")
else
l:write("We have no A :(\n")
end
l:close()
return 0;
end
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQEcBAEBAgAGBQJTh6iGAAoJEAf3kNGaI009KjUH/RsoKRnwgPsAUMrUClyEmVEX
1J0CojCb/nOC3nD9qWbKRWvRdyQNI8H4/SRCwFImoVv+DZoHyD1qX0/flTirbVce
5avOUSt+E2tk0x58FACqdrj0yJ3fN0z40Hia+G2qd196NYwL0LCdavcsJLHsY+y+
U+VaGvW152+UC7qVgvFe2voHne0QwjMDCoXjAr00FHJ96klZ0VQnihbZHyTf4gb8
+CmEzjezEjQ90ciHQtWiOGLM4VZcf6F+jgvGmu+bW1OhBY3NE7ExXHQ7ct27eyzV
ptA+dwJ2BU7aN5APS3GVYsK2UCSsgmjrbNPWE8FjGT6f8hkiHboV09bwNR4iO20=
=MZe/
-----END PGP SIGNATURE-----
More information about the Oisf-users
mailing list