Perl Extensions

Net::Nmsg

NAME

Net::Nmsg::IO - Net::Nmsg - Perl interface for the nmsg IO loop

SYNOPSIS

  use Net::Nmsg::IO;

  my $io = Net::Nmsg::IO->new();

  my $cb = sub {
    my $msg = shift;
    print $msg->as_str, "\n";
  };

  $io->add_input('infile.nmsg');
  $io->add_output('127.0.0.1/9430');
  $io->add_output($cb);

  $io->loop;

DESCRIPTION

Net::Nmsg::IO is a perl interface to the IO manager of the nmsg network data capture library.

CONSTRUCTOR

new(%options)

Creates a new Net::Nmsg::IO object. Valid options are:

mirrored

When enabled, mirrors input messages across all assigned outputs. The default is to stripe incoming messages across outputs.

count

Stop processing after having written count input messages to outputs (mirrored messages count as one message)

interval

Stop processing after interval seconds have passed.

interval_randomized

Randomize the initial second within the defined interval, rather than on the zeroth second of the interval.

filter_vendor

filter_msgtype

Filter messages for the specified message type. Both parameters are required. If set, all inputs and outputs will share this filter.

filter_source

Specify a source filter for all inputs.

filter_operator

Specify an operator filter for all inputs.

filter_group

Specify a group filter for all inputs.

ACCESSORS

set_mirrored($bool)

get_mirrored()

set_count($int)

get_count()

set_interval($secs)

get_interval()

set_interval_randomized($mode)

get_interval_randomized()

set_filter_msgtype($vendor, $msgtype)

get_filter_msgtype()

set_filter_source($source)

get_filter_source()

set_filter_operator($operator)

get_filter_operator()

set_filter_group($group)

get_filter_group()

METHODS

loop()

Initiate processing on the assigned inputs and outputs. Processing ceases when either the inputs are exausted or until breakloop() is called from within a callback.

breakloop()

When invoked from a callback, causes the processing loop to halt.

add_input($spec, %options)

Add an input to the IO loop. A reasonable attempt is made to determine whether the specification is a file name (nmsg, pcap), file handle (nmsg), channel alias or socket specification (nmsg), network device name (pcap), or reference to a Net::Nmsg::Input object, and is opened accordingly. If for some reason this reasonable guess is not so reasonable, use one of the specific input methods detailed below.

See Net::Nmsg::Input for details on valid options.

add_output($spec, %options)

Add an output to the IO loop. A reasonable attempt is made to determine whether the output specification is a socket specification (nmsg), callback reference (per message), file name/handle (nmsg), or reference to a Net::Nmsg::Output object. For other output types (such as presentation format), use one of the specific output methods detailed below.

See Net::Nmsg::Output for details on valid options.

add_input_channel($channel, %opt)

Add input sockets associated with the given channel alias as defined by the local nmsgtool installation.

add_input_file($file, %opt)

Add a NMSG formatted file as an input, specified either as a file name or file handle.

add_input_sock($socket, %opt) =item add_input_sock($host, $port, %opt)

Add a NMSG socket as an input, specified either as a socket specification, socket handle, or host/port pair.

add_input_pcap($file, vendor => $v, msgtype => $m, %opt)

Add a file in pcap format as an input, specefied as a file name. The vendor and msgtype parameters are required.

add_input_iface($interface, vendor => $v, msgtype => $m, %opt)

Add a network interface (live pcap) as an input, specified as a network device name. The vendor and msgtype parameters are required.

add_output_channel($channel, %opt)

Add output sockets assosicated with the given channel alias as defined by the local nmsgtool installation.

add_output_file($file, %opt)

Add a NMSG formatted file as an output, specified either as a file name or handle.

add_output_sock($socket, %opt)

add_output_sock($host, $pair, %opt)

Add an output socket for NMSG formatted data, specified either as a socket specification, socket handle, or host/port pair.

add_output_pres($file, %opt)

Add a file in presentation format as an output, specified either as a file name or handle.

add_output_cb($code_ref, %opt)

Add the given callback reference as an output. The callback is passed a reference to a message object for each message that makes it through the filters. The process loop can be stopped by calling the loop() method on the IO object. See Net::Nmsg::Msg for more details on message objects.

SEE ALSO

Net::Nmsg, Net::Nmsg::Input, Net::Nmsg::Output, Net::Nmsg::Msg, nmsgtool(1)

AUTHOR

Matthew Sisk, <sisk@cert.org>

COPYRIGHT & LICENSE

Copyright (C) 2010-2015 by Carnegie Mellon University

Use of the Net-Silk library and related source code is subject to the terms of the following licenses:

GNU General Public License (GPL) Rights pursuant to Version 2, June 1991 Government Purpose License Rights (GPLR) pursuant to DFARS 252.227.7013

NO WARRANTY

See GPL.txt and LICENSE.txt for more details.

© 2006-2019 Carnegie Mellon University Legal | Privacy Notice |