Project

General

Profile

Actions

Feature #2450

closed

lua: scripts access to calling rule informations

Added by Anonymous over 6 years ago. Updated almost 3 years ago.

Status:
Closed
Priority:
Normal
Target version:
Effort:
low
Difficulty:
low
Label:
Beginner

Description

Hi,
I'm looking for a way to to identify the rule triggered in the lua script called.
That should be useful when several rules are calling the same lua script which have a slightly different behaviour depending on the rule.

All the functions that return informations about the rule (SCRuleIds, SCRuleMsg and SCRuleClass) are not working with "match" lua scripts (reserved for "logging" lua scripts ?)

I also tried to use the ScFlowintGet and ScFlowvarGet functions.
The first one is not useful there because flowints are set in last, so after the call to the lua script.
The second one seems to not work. Bug #2094 is still open and I was not able to get a "not nil" result by myself.

Thank you

Actions #1

Updated by Andreas Herz over 6 years ago

  • Assignee set to OISF Dev
  • Target version set to TBD
Actions #2

Updated by Victor Julien over 6 years ago

  • Assignee changed from OISF Dev to Anonymous
  • Effort set to low
  • Difficulty set to low
Actions #3

Updated by Andreas Herz over 5 years ago

  • Assignee set to Community Ticket
Actions #4

Updated by Victor Julien about 5 years ago

  • Label Beginner added
Actions #5

Updated by Benjamin Wilkins about 3 years ago

I've started work on this ticket(https://github.com/OISF/suricata/pull/6520)and would like to claim it (but can't since I don't have the developer role)

Actions #6

Updated by Victor Julien about 3 years ago

  • Status changed from New to Assigned
  • Assignee changed from Community Ticket to Benjamin Wilkins
  • Target version changed from TBD to 7.0.0-beta1
Actions #7

Updated by Victor Julien almost 3 years ago

  • Subject changed from lua scripts access to calling rule informations to lua: scripts access to calling rule informations
  • Status changed from Assigned to Closed
Actions

Also available in: Atom PDF