[Oisf-users] Lua output question.... flowint
Edward Fjellskål
edwardfjellskaal at gmail.com
Mon Apr 20 05:47:01 UTC 2020
Is it then a error in the doc? or error in the code?
I hope it's an error in the code :D
Should I make a bug report out of it?
e
On Sun, Apr 19, 2020 at 6:54 PM Victor Julien <lists at inliniac.net> wrote:
> On 19-04-2020 18:46, Edward Fjellskål wrote:
> >
> > According to the docs, one should be able to use all the functions in
> > eater lua rules or lua output. But I cant seem to get ScFlowintGet to
> > work. Just errors here:
> >
> > [110340] 17/4/2020 -- 08:21:24 - (output-lua.c:289) <Info>
> > (LuaPacketLogger) -- failed to run script:
> > /etc/suricata/lua-output//test.lua:19: attempt to call global
> > 'ScFlowintGet' (a nil value)
> >
> > Script is as follows:
> >
> > -- START
> > function init(args)
> > local needs = {}
> > needs["type"] = "flow"
> > needs["type"] = "packet"
> > needs["flowint"] = {"test"}
> > return needs
> > end
> >
> > function setup (args)
> > SCLogInfo("TEST setup")
> > end
> >
> > function deinit (args)
> > SCLogInfo("TEST deinit")
> > end
> >
> > function log(args)
> > --ipver, srcip, dstip, proto, sp, dp = SCFlowTuple()
> > a = ScFlowintGet(0) -- Fails here!
> > if a then
> > ScFlowintSet(0, a + 1)
> > else
> > ScFlowintSet(0, 1)
> > end
> > SCLogInfo("TEST log")
> > end
> > -- END
> >
> > Is this supposed to work?
>
> Looks like it's only registered for the detection lua support, not for
> output.
>
> --
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: https://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Forum: https://forum.suricata.io
> Trainings: https://suricata-ids.org/training/
--
Edward Bjarte Fjellskål
Senior Security Analyst
http://www.gamelinux.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20200420/1b8eba91/attachment.html>
More information about the Oisf-users
mailing list