Class: Suricata::Logfile

Inherits:
Object
  • Object
show all
Defined in:
lib/suricata/logfile.rb

Overview

This class opens a logfile, offers methods for reading logfiles and calls the logfile-parser

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(logfile, autoopen = true, file = nil) ⇒ Logfile

constructor

Parameters:

  • logfile (String)

    path and filename of the logfile

  • autoopen (Boolean) (defaults to: true)

    calls open if true(default: true)


44
45
46
47
48
49
50
51
52
53
# File 'lib/suricata/logfile.rb', line 44

def initialize(logfile,autoopen=true,file=nil)
	@logfile = logfile
	@parser = Suricata::Fast.new

	if autoopen == true
		open
	else
		@file = file if not file.nil?
	end
end

Instance Attribute Details

#fileObject

file-descriptor for logfile


39
40
41
# File 'lib/suricata/logfile.rb', line 39

def file
  @file
end

#lineObject

Returns the value of attribute line


39
# File 'lib/suricata/logfile.rb', line 39

attr_reader :file, :line

#logfileObject

path and filename of the logfile


34
35
36
# File 'lib/suricata/logfile.rb', line 34

def logfile
  @logfile
end

#parserObject

parser to use(default: Suricata::Fast)


34
# File 'lib/suricata/logfile.rb', line 34

attr_accessor :logfile, :parser

Instance Method Details

#closeObject

this method closes the logfile


127
128
129
# File 'lib/suricata/logfile.rb', line 127

def close
	@file.close()
end

#openObject

this method opens the logfile and initialises file


122
123
124
# File 'lib/suricata/logfile.rb', line 122

def open
	@file = File.new(@logfile,"r")
end

#parse(string) ⇒ Object

this method calls parser.parse(string)

Parameters:

  • string (String)

    logfile-entry to parse

Returns:

  • (Object)

    parser

Raises:

  • (Exception)

    “Invalid argument” if string is nil

  • (Exception)

    “Invalid parser” if parser is nil


60
61
62
63
64
65
66
67
68
69
70
71
72
73
# File 'lib/suricata/logfile.rb', line 60

def parse(string)
	if string.nil?
		raise "Invalid argument"
	end

	if @parser.nil?
		raise "Invalid parser"
	end

	@parser.parse(string)

	return @parser

end

#readline {|@line| ... } ⇒ String, Boolean

this method reads a line of the logfile

Examples:

readline with a block

log = Suricata::Logfile.new("misc/fast.log")
log.readline do |n|
   puts n
end

Yield Parameters:

  • @line (String)

    current logfile entry

Returns:

  • (String)

    line current logfile entry

  • (Boolean)

    false when EOF reached


104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
# File 'lib/suricata/logfile.rb', line 104

def readline
	begin
	if block_given?
		while @line = @file.readline
			yield(@line)
		end
	else
		@line = @file.readline
		return @line
	end
	rescue EOFError
		return false
	end


end

#readline_parse {|@line| ... } ⇒ Object, false

this method reads a line of the logfile and calls the parser

Yield Parameters:

  • @line (Object)

    parsed object(default Suricata::Fast)

Returns:

  • (Object)

    parsed object if not called with a block(default: Surricata::Fast)

  • (false)

    if there is nothing to read and if not called with a block


79
80
81
82
83
84
85
86
87
88
89
90
91
# File 'lib/suricata/logfile.rb', line 79

def readline_parse
	if block_given?
		while readline
			yield(parse(@line))
		end
	else
		if not readline
			return false
		else
			return parse(@line)
		end
	end
end