Module: Unified2
- Defined in:
- lib/unified2.rb,
lib/unified2/event.rb,
lib/unified2/sensor.rb,
lib/unified2/payload.rb,
lib/unified2/version.rb,
lib/unified2/protocol.rb,
lib/unified2/signature.rb,
lib/unified2/config_file.rb,
lib/unified2/classification.rb,
lib/unified2/constructor/packet.rb,
lib/unified2/constructor/construct.rb,
lib/unified2/constructor/event_ip4.rb,
lib/unified2/constructor/event_ip6.rb,
lib/unified2/constructor/record_header.rb,
lib/unified2/exceptions/file_not_found.rb,
lib/unified2/constructor/primitive/ipv4.rb,
lib/unified2/exceptions/file_not_readable.rb,
lib/unified2/exceptions/unknown_load_type.rb
Overview
Unified2 Namespace
Defined Under Namespace
Modules: Constructor Classes: Classification, ConfigFile, Event, FileNotFound, FileNotReadable, Payload, Protocol, Sensor, Signature, UnknownLoadType
Constant Summary collapse
- TYPES =
Configuration File Types
Holds the available configuration file types current supported.
[ :signatures, :generators, :classifications ]
- VERSION =
Unified2 version
"0.5.0"
Class Attribute Summary collapse
-
.classifications ⇒ Object
Returns the value of attribute classifications.
-
.generators ⇒ Object
Returns the value of attribute generators.
-
.hostname ⇒ Object
Returns the value of attribute hostname.
-
.interface ⇒ Object
Returns the value of attribute interface.
-
.sensor(options = {}) {|Sensor| ... } ⇒ nil
Sensor.
-
.signatures ⇒ Object
Returns the value of attribute signatures.
Class Method Summary collapse
-
.configuration(options = {}) {|ConfigFile| ... } ⇒ nil
Configuration.
-
.load(type, path) ⇒ nil
Load.
-
.read(path) {|Event| ... } ⇒ nil
Read.
-
.watch(path, position = :first) {|Event| ... } ⇒ nil
Watch.
Class Attribute Details
.classifications ⇒ Object
Returns the value of attribute classifications.
30 31 32 |
# File 'lib/unified2.rb', line 30 def classifications @classifications end |
.generators ⇒ Object
Returns the value of attribute generators.
30 31 32 |
# File 'lib/unified2.rb', line 30 def generators @generators end |
.hostname ⇒ Object
Returns the value of attribute hostname.
30 31 32 |
# File 'lib/unified2.rb', line 30 def hostname @hostname end |
.interface ⇒ Object
Returns the value of attribute interface.
30 31 32 |
# File 'lib/unified2.rb', line 30 def interface @interface end |
.sensor(options = {}) {|Sensor| ... } ⇒ nil
Sensor
65 66 67 |
# File 'lib/unified2.rb', line 65 def sensor @sensor end |
.signatures ⇒ Object
Returns the value of attribute signatures.
30 31 32 |
# File 'lib/unified2.rb', line 30 def signatures @signatures end |
Class Method Details
.configuration(options = {}) {|ConfigFile| ... } ⇒ nil
Configuration
47 48 49 50 |
# File 'lib/unified2.rb', line 47 def self.configuration(={}, &block) @sensor ||= Sensor.new() self.instance_eval(&block) end |
.load(type, path) ⇒ nil
Load
83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 |
# File 'lib/unified2.rb', line 83 def self.load(type, path) unless TYPES.include?(type.to_sym) raise UnknownLoadType, "Error - #{@type} is unknown." end if File.exists?(path) if File.readable?(path) instance_variable_set("@#{type}", ConfigFile.new(type, path)) else raise FileNotReadable, "Error - #{path} not readable." end else raise FileNotFound, "Error - #{path} not found." end end |
.read(path) {|Event| ... } ⇒ nil
Read
Read the unified2 log until EOF and process events.
192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 |
# File 'lib/unified2.rb', line 192 def self.read(path, &block) unless File.exists?(path) raise FileNotFound, "Error - #{path} not found." end if File.readable?(path) io = File.open(path) first_open = File.open(path) first_event = Unified2::Constructor::Construct.read(first_open) first_open.close @event = Event.new(first_event.data.event_id) until io.eof? event = Unified2::Constructor::Construct.read(io) check_event(event, block) end else raise FileNotReadable, "Error - #{path} not readable." end end |
.watch(path, position = :first) {|Event| ... } ⇒ nil
Watch
Monitor the unified2 file for events and process.
113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 |
# File 'lib/unified2.rb', line 113 def self.watch(path, position=:first, &block) unless File.exists?(path) raise FileNotFound, "Error - #{path} not found." end if File.readable?(path) io = File.open(path) case position when Integer, Fixnum event_id = position.to_i.zero? ? 1 : position.to_i @event = Event.new(event_id) when Symbol, String case position.to_sym when :last until io.eof? event = Unified2::Constructor::Construct.read(io) event_id = event.data.event_id if event end @event = Event.new(event_id + 1) # set event_id to false to catch # beginning loop and process event_id = false when :first first_open = File.open(path) first_event = Unified2::Constructor::Construct.read(first_open) first_open.close event_id = first_event.data.event_id @event = Event.new(event_id) end end loop do begin event = Unified2::Constructor::Construct.read(io) if event_id if event.data.event_id.to_i > (event_id - 1) check_event(event, block) end else check_event(event, block) end rescue EOFError sleep 5 retry end end else raise FileNotReadable, "Error - #{path} not readable." end end |