module Unified2

Unified2

Unified2

Unified2

Unified2

Unified2

Unified2

Unified2

Unified2

Unified2

Unified2

Unified2

Unified2

Unified2

Unified2

Unified2

Unified2

Unified2

Unified2

Unified2

Unified2

Unified2

Unified2

Unified2

Unified2

Unified2

Constants

TYPES

Configuration File Types

Holds the available configuration file types current supported.

VERSION

Unified2 version

Attributes

classifications[RW]
generators[RW]
hostname[RW]
interface[RW]
sensor[RW]
signatures[RW]

Public Class Methods

configuration(options={}, &block) click to toggle source

Configuration

@param [Hash] options Sensor Configuration @yield [ConfigFile] block Configurations

@option options [Integer] :id Sensor id @option options [String] :name Sensor name @option options [String] :interface Sensor interface

@return [nil]

# File lib/unified2.rb, line 47
def self.configuration(options={}, &block)
  @sensor ||= Sensor.new(options)
  self.instance_eval(&block)
end
load(type, path) click to toggle source

Load

@param [String] type Configuration type @param [String] path Configuration path

@return [nil]

@raise [FileNotReadable] Path not readable @raise [FileNotFound] File not found

# File lib/unified2.rb, line 83
def self.load(type, path)
  unless TYPES.include?(type.to_sym)
    raise UnknownLoadType, "Error - #{@type} is unknown."
  end

  if File.exists?(path)
    if File.readable?(path)
      instance_variable_set("@#{type}", ConfigFile.new(type, path))
    else
      raise FileNotReadable, "Error - #{path} not readable."
    end
  else
    raise FileNotFound, "Error - #{path} not found."
  end
end
read(path, &block) click to toggle source

Read

Read the unified2 log until EOF and process events.

@param [String] path Unified2 file path @yield [Event] block Event object

@raise [FileNotReadable] Path not readable @raise [FileNotFound] File not found

@return [nil]

# File lib/unified2.rb, line 172
def self.read(path, &block)
  validate_path(path)

  io = File.open(path)
  
  # Start with a null event.
  # This will always be ignored.
  @event = Event.new(0, 0)

  until io.eof?
    position = io.pos
    event = Unified2::Constructor::Construct.read(io)
    check_event(event, position, block)
  end

rescue Interrupt
ensure
  io.close if io
end
watch(path, position=:first, &block) click to toggle source

Watch

Monitor the unified2 file for events and process.

@param [String] path Unified2 file path @param [String,Symbol,Integer] position IO position @yield [Event] block Event object

@raise [FileNotReadable] Path not readable @raise [FileNotFound] File not found @raise [BinaryReadError] Invalid position or file

@return [nil]

# File lib/unified2.rb, line 114
def self.watch(path, position=:first, &block)
  validate_path(path)

  io = File.open(path)

  case position      
  when Integer
    io.sysseek(position, IO::SEEK_CUR)

  when Symbol, String
  
    if position == :last
      io.sysseek(0, IO::SEEK_END)
    else
      io.sysseek(0, IO::SEEK_SET)
    end
 
  else
    io.sysseek(0, IO::SEEK_SET)
  end

  # Start with a null event.
  # This will always be ignored.
  @event = Event.new(0, 0)

  loop do
    begin
      position = io.pos
      event = Unified2::Constructor::Construct.read(io)
      check_event(event, position, block)
    rescue EOFError
      sleep 5
      retry
    end
  end

rescue RuntimeError
  raise(BinaryReadError, "incorrect file format or position seek error")
rescue Interrupt
  io.pos if io
ensure
  io.close if io
end

Private Class Methods

check_event(event, position=0, block) click to toggle source
# File lib/unified2.rb, line 204
def self.check_event(event, position=0, block)
  
  if event.data.respond_to?(:event_id)
    if @event.id == event.data.event_id
      @event.load(event)
    else
      @event.next_position = position
      block.call(@event) unless @event.id.zero?
      @event = Event.new(event.data.event_id, position.to_i)
      @event.load(event)
    end
  else 
    @event.load(event)
  end

end
validate_path(path) click to toggle source
# File lib/unified2.rb, line 194
def self.validate_path(path)
  unless File.exists?(path)
    raise FileNotFound, "Error - #{path} not found."
  end

  unless File.readable?(path)
    raise FileNotReadable, "Error - #{path} not readable."
  end 
end