Module: Unified2

Defined in:

lib/unified2.rb,
lib/unified2/event.rb,
lib/unified2/packet.rb,
lib/unified2/sensor.rb,
lib/unified2/payload.rb,
lib/unified2/version.rb,
lib/unified2/construct.rb,
lib/unified2/event_ip4.rb,
lib/unified2/event_ip6.rb,
lib/unified2/signature.rb,
lib/unified2/config_file.rb,
lib/unified2/record_header.rb,
lib/unified2/classification.rb,
lib/unified2/primitive/ipv4.rb,
lib/unified2/exceptions/file_not_found.rb,
lib/unified2/exceptions/file_not_readable.rb,
lib/unified2/exceptions/unknown_load_type.rb

Defined Under Namespace

Modules: Primitive Classes: Classification, ConfigFile, Construct, Event, EventIP4, EventIP6, FileNotFound, FileNotReadable, Packet, Payload, RecordHeader, Sensor, Signature, UnknownLoadType

Constant Summary

TYPES =

[
  :signatures,
  :generators,
  :classifications
]

VERSION =

unified2 version

"0.4.0"

Class Attribute Summary

• .classifications ⇒ Object

  Returns the value of attribute classifications.

• .generators ⇒ Object

  Returns the value of attribute generators.

• .hostname ⇒ Object

  Returns the value of attribute hostname.

• .interface ⇒ Object

  Returns the value of attribute interface.

• .sensor(options = {}, &block) ⇒ Object

  Returns the value of attribute sensor.

• .signatures ⇒ Object

  Returns the value of attribute signatures.

Class Method Summary

• .configuration(options = {}, &block) ⇒ Object
• .load(type, path) ⇒ Object
• .read(path, &block) ⇒ Object
• .watch(path, position = :first, &block) ⇒ Object

Class Attribute Details

.classifications ⇒ Object

Returns the value of attribute classifications.

# File 'lib/unified2.rb', line 22

def classifications
  @classifications
end

.generators ⇒ Object

Returns the value of attribute generators.

# File 'lib/unified2.rb', line 22

def generators
  @generators
end

.hostname ⇒ Object

Returns the value of attribute hostname.

# File 'lib/unified2.rb', line 22

def hostname
  @hostname
end

.interface ⇒ Object

Returns the value of attribute interface.

# File 'lib/unified2.rb', line 22

def interface
  @interface
end

.sensor(options = {}, &block) ⇒ Object

Returns the value of attribute sensor.

# File 'lib/unified2.rb', line 22

def sensor
  @sensor
end

.signatures ⇒ Object

Returns the value of attribute signatures.

# File 'lib/unified2.rb', line 22

def signatures
  @signatures
end

Class Method Details

.configuration(options = {}, &block) ⇒ Object

# File 'lib/unified2.rb', line 27

def self.configuration(options={}, &block)
  @sensor ||= Sensor.new
  self.instance_eval(&block)
end

.load(type, path) ⇒ Object

# File 'lib/unified2.rb', line 39

def self.load(type, path)
  unless TYPES.include?(type.to_sym)
    raise UnknownLoadType, "Error - #{@type} is unknown."
  end

  if File.exists?(path)
    if File.readable?(path)
      instance_variable_set("@#{type}", ConfigFile.new(type, path))
    else
      raise FileNotReadable, "Error - #{path} not readable."
    end
  else
    raise FileNotFound, "Error - #{path} not found."
  end
end

.read(path, &block) ⇒ Object

# File 'lib/unified2.rb', line 120

def self.read(path, &block)

  unless File.exists?(path)
    raise FileNotFound, "Error - #{path} not found."
  end

  if File.readable?(path)
    io = File.open(path)

    first_open = File.open(path)
    first_event = Unified2::Construct.read(first_open)
    first_open.close

    @event = Event.new(first_event.data.event_id)

    until io.eof?
      event = Unified2::Construct.read(io)
      check_event(event, block)
    end

  else
    raise FileNotReadable, "Error - #{path} not readable."
  end
end

.watch(path, position = :first, &block) ⇒ Object

# File 'lib/unified2.rb', line 55

def self.watch(path, position=:first, &block)

  unless File.exists?(path)
    raise FileNotFound, "Error - #{path} not found."
  end

  if File.readable?(path)
    io = File.open(path)

    case position
    when Integer, Fixnum

      event_id = position.to_i.zero? ? 1 : position.to_i
      @event = Event.new(event_id)

    when Symbol, String

      case position.to_sym
      when :last

        until io.eof?
          event = Unified2::Construct.read(io)
          event_id = event.data.event_id if event
        end

        @event = Event.new(event_id + 1)

        # set event_id to false to catch
        # beginning loop and process
        event_id = false

      when :first

        first_open = File.open(path)
        first_event = Unified2::Construct.read(first_open)
        first_open.close
        event_id = first_event.data.event_id
        @event = Event.new(event_id)

      end
    end

    loop do
      begin
        event = Unified2::Construct.read(io)

        if event_id
          if event.data.event_id.to_i > (event_id - 1)
            check_event(event, block)
          end
        else
          check_event(event, block)
        end

      rescue EOFError
        sleep 5
        retry
      end
    end

  else
    raise FileNotReadable, "Error - #{path} not readable."
  end
end