0ct0pu5/crowdsec
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

add for parsers

Browse source
This commit is contained in:
AlteredCoder 2020-05-26 12:54:42 +02:00
parent 782f43c5a0
commit 9f88bc576c
4 changed files with 17 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
cmd/crowdsec/main.go
View file

@ -105,12 +105,12 @@ func main() {
log.Infof("Loading grok library") log.Infof("Loading grok library")
/* load base regexps for two grok parsers */ /* load base regexps for two grok parsers */
parserCTX, err = p.Init(map[string]interface{}{"patterns": cConfig.ConfigFolder + string("/patterns/")}) parserCTX, err = p.Init(map[string]interface{}{"patterns": cConfig.ConfigFolder + string("/patterns/"), "data": cConfig.DataFolder})
if err != nil { if err != nil {
log.Errorf("failed to initialize parser : %v", err) log.Errorf("failed to initialize parser : %v", err)
return return
} }
postOverflowCTX, err = p.Init(map[string]interface{}{"patterns": cConfig.ConfigFolder + string("/patterns/")}) postOverflowCTX, err = p.Init(map[string]interface{}{"patterns": cConfig.ConfigFolder + string("/patterns/"), "data": cConfig.DataFolder})
if err != nil { if err != nil {
log.Errorf("failed to initialize postoverflow : %v", err) log.Errorf("failed to initialize postoverflow : %v", err)
return return

3
pkg/parser/node.go
View file

@ -53,7 +53,8 @@ type Node struct {
//Statics can be present in any type of node and is executed last //Statics can be present in any type of node and is executed last
Statics []types.ExtraField `yaml:"statics,omitempty"` Statics []types.ExtraField `yaml:"statics,omitempty"`
//Whitelists //Whitelists
Whitelist types.Whitelist `yaml:"whitelist,omitempty"` Whitelist types.Whitelist `yaml:"whitelist,omitempty"`
Data []*types.DataSource `yaml:"data,omitempty"`
} }
func (n *Node) validate(pctx *UnixParserCtx) error { func (n *Node) validate(pctx *UnixParserCtx) error {

8
pkg/parser/stage.go
View file

@ -19,6 +19,7 @@ import (
"time" "time"
"github.com/crowdsecurity/crowdsec/pkg/cwversion" "github.com/crowdsecurity/crowdsec/pkg/cwversion"
"github.com/crowdsecurity/crowdsec/pkg/exprhelpers"
log "github.com/sirupsen/logrus" log "github.com/sirupsen/logrus"
@ -42,6 +43,7 @@ func LoadStages(stageFiles []Stagefile, pctx *UnixParserCtx) ([]Node, error) {
tmpstages := make(map[string]bool) tmpstages := make(map[string]bool)
pctx.Stages = []string{} pctx.Stages = []string{}
exprhelpers.Init()
for _, stageFile := range stageFiles { for _, stageFile := range stageFiles {
if !strings.HasSuffix(stageFile.Filename, ".yaml") { if !strings.HasSuffix(stageFile.Filename, ".yaml") {
log.Warningf("skip non yaml : %s", stageFile.Filename) log.Warningf("skip non yaml : %s", stageFile.Filename)
@ -109,6 +111,12 @@ func LoadStages(stageFiles []Stagefile, pctx *UnixParserCtx) ([]Node, error) {
if node.Stage == "" { if node.Stage == "" {
continue continue
} }
if len(node.Data) > 0 {
for _, data := range node.Data {
err = exprhelpers.FileInit(pctx.DataFolder, data.DestPath)
}
}
nodes = append(nodes, node) nodes = append(nodes, node)
nodesCount++ nodesCount++
} }

8
pkg/parser/unix_parser.go
View file

@ -12,9 +12,10 @@ type UnixParser struct {
} }
type UnixParserCtx struct { type UnixParserCtx struct {
Grok grokky.Host Grok grokky.Host
Stages []string Stages []string
Profiling bool Profiling bool
DataFolder string
} }
func (u UnixParser) IsParsable(ctx interface{}, l types.Line) (bool, error) { func (u UnixParser) IsParsable(ctx interface{}, l types.Line) (bool, error) {
@ -28,6 +29,7 @@ func (u UnixParser) Init(c map[string]interface{}) (*UnixParserCtx, error) {
if err != nil { if err != nil {
return nil, err return nil, err
} }
r.DataFolder = c["data"].(string)
for _, f := range files { for _, f := range files {
log.Debugf("Loading %s", f.Name()) log.Debugf("Loading %s", f.Name())
if err := r.Grok.AddFromFile(c["patterns"].(string) + f.Name()); err != nil { if err := r.Grok.AddFromFile(c["patterns"].(string) + f.Name()); err != nil {