1#!/usr/bin/perl
2
3# config_inc_flds_db.pl, distributed as part of Snortsnarf v021111.1
4# Author: James Hoagland, Silicon Defense (hoagland@SiliconDefense.com)
5# copyright (c) 2000 by Silicon Defense (http://www.silicondefense.com/)
6# Released under GNU General Public License, see the COPYING file included
7# with the distribution or http://www.silicondefense.com/software/snortsnarf/
8# for details.
9
10# config_inc_flds_db.pl is a Pipeline module to extract inc field info and
11#   the incident db path from the given configuration file. The incident
12#   field info is encoded in a string in the form "field-name:value" with
13#   "\n" between entries
14# pipeline args: configuration file location, field info output field loc,
15#   inc database output field loc
16# side effect: sets the output fields appropriately
17
18# Please send complaints, kudos, and especially improvements and bugfixes to
19# hoagland@SiliconDefense.com.  As described in GNU General Public License, no
20# warranty is expressed for this program.
21
22sub process {
23    require "sisr_utils.pl";
24    my ($input)= shift;
25    @_ == 3 || (&reporterr("config_inc_flds_db.pl takes 3 arguments (config file location,fld info output loc,db output loc), but got:".join(' ',@_),0) && return 0);
26    my($dboutloc)= pop;
27    my($fldinfooutloc)= pop;
28
29    my ($configfile)= &arg_to_val($input,@_);
30
31    open(C,"<$configfile") || die "could not open config file \"$configfile\"";
32    my $incfile= undef;
33    my $fldinfo= '';
34    while (<C>) {
35        next if m/^\#/;
36        s/\s+$//;
37        if (s/^inc-db-loc\s*:\s*//) {
38            $incfile= $_;
39        } elsif (s/^ifield\s+(\S+)\s*:\s*//) {
40            $fldinfo.= "$1:$_\n";
41        }
42    }
43    chop $fldinfo; # remove trailing newline
44    close C;
45    defined($incfile) || (&reporterr("could not find labeled set database file \"inc-db-loc\" in $configfile".join(' ',@_),0) && return 0);;
46    $fldinfo ne '' || (&reporterr("could not find any incident field info \"ifield [name]: [info]\" in $configfile".join(' ',@_),0) && return 0);;
47
48    &write_out_to_arg($input,$dboutloc,$incfile);
49    &write_out_to_arg($input,$fldinfooutloc,$fldinfo);
50};
51
52\&process;
53
54# $Id: config_inc_flds_db.pl,v 1.11 2001/10/18 18:23:25 jim Exp $
55