spo_csv.c File Reference

#include <sys/types.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include "event.h"
#include "decode.h"
#include "plugbase.h"
#include "spo_plugbase.h"
#include "parser.h"
#include "debug.h"
#include "mstring.h"
#include "util.h"
#include "log.h"
#include "snort.h"

Go to the source code of this file.

Defines
#define	DEFAULT_CSV   "timestamp,sig_generator,sig_id,sig_rev,msg,proto,src,srcport,dst,dstport,ethsrc,ethdst,ethlen,tcpflags,tcpseq,tcpack,tcpln,tcpwindow,ttl,tos,id,dgmlen,iplen,icmptype,icmpcode,icmpid,icmpseq"
Typedefs
typedef _AlertCSVConfig	AlertCSVConfig
typedef _AlertCSVData	AlertCSVData
Functions
void	AlertCSVInit (u_char *)
AlertCSVData *	AlertCSVParseArgs (char *)
void	AlertCSV (Packet *, char *, void *, Event *)
void	AlertCSVCleanExit (int, void *)
void	AlertCSVRestart (int, void *)
void	RealAlertCSV (Packet *p, char *msg, FILE *file, char **args, int numargs, Event *event)
static char *	CSVEscape (char *input)
void	AlertCSVSetup (void)

---

Define Documentation

#define DEFAULT_CSV   "timestamp,sig_generator,sig_id,sig_rev,msg,proto,src,srcport,dst,dstport,ethsrc,ethdst,ethlen,tcpflags,tcpseq,tcpack,tcpln,tcpwindow,ttl,tos,id,dgmlen,iplen,icmptype,icmpcode,icmpid,icmpseq"

Definition at line 65 of file spo_csv.c. Referenced by AlertCSVParseArgs().

---

Typedef Documentation

typedef struct _AlertCSVConfig AlertCSVConfig

typedef struct _AlertCSVData AlertCSVData

---

Function Documentation

void AlertCSV (  Packet *  , char *  , void *  , Event *  )

Definition at line 225 of file spo_csv.c. References _AlertCSVData::args, _AlertCSVData::file, _AlertCSVData::numargs, and RealAlertCSV(). Referenced by AlertCSVInit().

void AlertCSVCleanExit (  int  , void *  )

Definition at line 204 of file spo_csv.c. References DEBUG_LOG, DEBUG_WRAP, and _AlertCSVData::file. Referenced by AlertCSVInit().

void AlertCSVInit (  u_char *   )

Definition at line 126 of file spo_csv.c. References AddFuncToCleanExitList(), AddFuncToOutputList(), AddFuncToRestartList(), _progvars::alert_plugin_active, AlertCSV(), AlertCSVCleanExit(), AlertCSVParseArgs(), AlertCSVRestart(), DEBUG_INIT, DEBUG_WRAP, NT_OUTPUT_ALERT, and pv. Referenced by AlertCSVSetup().

AlertCSVData * AlertCSVParseArgs (  char *   )

Definition at line 157 of file spo_csv.c. References _AlertCSVData::args, _AlertCSVData::csvargs, DEBUG_INIT, DEBUG_LOG, DEBUG_WRAP, DEFAULT_CSV, FatalError(), _AlertCSVData::file, mSplit(), _AlertCSVData::numargs, OpenAlertFile(), ProcessFileOption(), SnortAlloc(), and strncasecmp. Referenced by AlertCSVInit().

void AlertCSVRestart (  int  , void *  )

Definition at line 214 of file spo_csv.c. References DEBUG_LOG, DEBUG_WRAP, and _AlertCSVData::file. Referenced by AlertCSVInit().

void AlertCSVSetup (  void   )

Definition at line 105 of file spo_csv.c. References AlertCSVInit(), DEBUG_INIT, DEBUG_WRAP, NT_OUTPUT_ALERT, and RegisterOutputPlugin(). Referenced by InitOutputPlugins().

char * CSVEscape (  char *  input  )  [static]

Definition at line 488 of file spo_csv.c. References buffer, NULL, and SnortAlloc(). Referenced by RealAlertCSV().

void RealAlertCSV (  Packet *  p, char *  msg, FILE *  file, char **  args, int  numargs, Event *  event )

Definition at line 248 of file spo_csv.c. References bzero, _ICMPHdr::code, CreateTCPFlagString(), CSVEscape(), DEBUG_LOG, DEBUG_WRAP, _Packet::dp, _Packet::eh, _EtherHdr::ether_dst, _EtherHdr::ether_src, _EtherHdr::ether_type, FatalError(), _Packet::icmph, _IPHdr::ip_dst, IP_HLEN, _IPHdr::ip_id, _IPHdr::ip_len, _IPHdr::ip_proto, _IPHdr::ip_src, _IPHdr::ip_tos, _IPHdr::ip_ttl, _Packet::iph, pcap_pkthdr::len, NULL, _Packet::pkth, PrintTrHeader(), _Event::sig_generator, _Event::sig_id, _Event::sig_rev, _Packet::sp, strncasecmp, TCP_OFFSET, _Packet::tcph, _TCPHdr::th_ack, _TCPHdr::th_seq, _TCPHdr::th_win, TIMEBUF_SIZE, _Packet::trh, pcap_pkthdr::ts, ts_print(), _ICMPHdr::type, _Packet::udph, and _UDPHdr::uh_len. Referenced by AlertCSV().

---