[Oisf-users] Lua output - flow
Martin Petracek
martin.petracek at nic.cz
Tue Jul 4 15:32:48 UTC 2017
Hello there!
I have a question about Suricata Lua scripts.
I have a simple Lua script to get info about flows:
function init (args)
local needs = {}
needs["type"] = "flow"
return needs
end
function log(args)
ipver, srcip, dstip, proto, sp, dp = SCFlowTuple()
print (src " .. srcip .. " dst " .. dstip)
end
The thing that bothers me is that this script (its log function) gets
called only when the flow ended (if I got right what's happening).
Am I right? Or when exactly is this Lua script called?
I would like to get this function called when the flow starts (and
ideally in some intervals then, when the flow is active), not only when
it already ended.
Is there a way how to accomplish this?
I know it's possible to set needs["type"] to "packet" and then this
function is called for every packet, but I don't want to do this for
performance reasons. For me it's enough to have some information about
the flow, not about every single packet. But I need this information
when the the flow is still active, not when it ended already...
I'm using Suricata 3.2, if that makes any difference.
Thanks for any help!
Regards
Martin Petracek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170704/88bb7e5b/attachment.sig>
More information about the Oisf-users
mailing list