2016-07-26 08:21 AM
Hi,
Can RSA create a guide for log parsers in Lua ?
Marcin
2016-07-26 08:55 AM
I intend to eventually add a section to the parsers book regarding log parsers in lua.
It's straightforward if you're already at least somewhat comfortable writing a packet parser in lua. The structure and fundamental concepts are the same. The parser defines tokens to match upon, functions to run when a token matches, and keys with which to register meta.
The "payload" is the log message itself. The same payload functions available to a packet parser operate on an object representing the log message rather than an object representing session payload.
As well, a lua log parser matching a log message does not preclude a "normal" log parser from parsing the same message.
2016-07-27 09:14 AM
Hey Marcin, if you are looking for an example, I've created a proof of concept a while ago: Customizing the platform: generate a hash for each log message
2016-08-10 05:27 AM
Thanks for info.