From 88ed4433eaa37f5859420cc41487ec5ee080d477 Mon Sep 17 00:00:00 2001 From: Florian Forster Date: Fri, 22 Mar 2013 22:21:57 +0100 Subject: [PATCH] tail_csv plugin: Rename the "snort" plugin to "tail_csv". It's actually much more generic than just Snort, so give it an appropriately generic name. --- AUTHORS | 2 +- README | 8 +- configure.in | 13 +-- src/Makefile.am | 16 ++-- src/collectd.conf.in | 54 +++++------ src/collectd.conf.pod | 180 ++++++++++++++++++------------------ src/{snort.c => tail_csv.c} | 124 ++++++++++++------------- 7 files changed, 192 insertions(+), 205 deletions(-) rename src/{snort.c => tail_csv.c} (73%) diff --git a/AUTHORS b/AUTHORS index db480d50..45645d1a 100644 --- a/AUTHORS +++ b/AUTHORS @@ -92,7 +92,7 @@ Jérôme Renard - varnish plugin. Kris Nielander - - snort plugin. + - tail_csv plugin. Luboš Staněk - sensors plugin improvements. diff --git a/README b/README index ee09ddd0..8fdc7914 100644 --- a/README +++ b/README @@ -274,10 +274,6 @@ Features network devices such as switches, routers, thermometers, rack monitoring servers, etc. See collectd-snmp(5). - - snort - Reads the statistics file written by Snort, a network intrution detection - system (IDS) and dispatches the values according to the configuration. - - swap Pages swapped out onto harddisk or whatever is called `swap' by the OS.. @@ -288,6 +284,10 @@ Features Follows (tails) logfiles, parses them by lines and submits matched values. + - tail_csv + Follows (tails) files in CSV format, parses each line and submits + extracted values. + - tape Bytes and operations read and written on tape devices. Solaris only. diff --git a/configure.in b/configure.in index b07712e0..f0ced82e 100644 --- a/configure.in +++ b/configure.in @@ -327,15 +327,6 @@ else have_linux_raid_md_u_h="no" fi -# For the snort module -have_mman_h="no" -AC_CHECK_HEADERS(sys/mman.h, - [have_mman_h="yes"], - [have_mman_h="no"], -[ -#include -]) - # For the swap module have_linux_wireless_h="no" if test "x$ac_system" = "xLinux" @@ -4961,11 +4952,11 @@ AC_PLUGIN([rrdtool], [$with_librrd], [RRDTool output plugin]) AC_PLUGIN([sensors], [$with_libsensors], [lm_sensors statistics]) AC_PLUGIN([serial], [$plugin_serial], [serial port traffic]) AC_PLUGIN([snmp], [$with_libnetsnmp], [SNMP querying plugin]) -AC_PLUGIN([snort], [$have_mman_h], [Snort perfmon plugin]) AC_PLUGIN([swap], [$plugin_swap], [Swap usage statistics]) AC_PLUGIN([syslog], [$have_syslog], [Syslog logging plugin]) AC_PLUGIN([table], [yes], [Parsing of tabular data]) AC_PLUGIN([tail], [yes], [Parsing of logfiles]) +AC_PLUGIN([tail_csv], [yes], [Parsing of CSV files]) AC_PLUGIN([tape], [$plugin_tape], [Tape drive statistics]) AC_PLUGIN([target_notification], [yes], [The notification target]) AC_PLUGIN([target_replace], [yes], [The replace target]) @@ -5296,11 +5287,11 @@ Configuration: sensors . . . . . . . $enable_sensors serial . . . . . . . $enable_serial snmp . . . . . . . . $enable_snmp - snort . . . . . . . . $enable_snort swap . . . . . . . . $enable_swap syslog . . . . . . . $enable_syslog table . . . . . . . . $enable_table tail . . . . . . . . $enable_tail + tail_csv . . . . . . $enable_tail_csv tape . . . . . . . . $enable_tape target_notification . $enable_target_notification target_replace . . . $enable_target_replace diff --git a/src/Makefile.am b/src/Makefile.am index e0d5b9df..f2d418c6 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1049,14 +1049,6 @@ collectd_LDADD += "-dlopen" snmp.la collectd_DEPENDENCIES += snmp.la endif -if BUILD_PLUGIN_SNORT -pkglib_LTLIBRARIES += snort.la -snort_la_SOURCES = snort.c -snort_la_LDFLAGS = -module -avoid-version -collectd_LDADD += "-dlopen" snort.la -collectd_DEPENDENCIES += snort.la -endif - if BUILD_PLUGIN_SWAP pkglib_LTLIBRARIES += swap.la swap_la_SOURCES = swap.c @@ -1108,6 +1100,14 @@ collectd_LDADD += "-dlopen" tail.la collectd_DEPENDENCIES += tail.la endif +if BUILD_PLUGIN_TAIL_CSV +pkglib_LTLIBRARIES += tail_csv.la +tail_csv_la_SOURCES = tail_csv.c +tail_csv_la_LDFLAGS = -module -avoid-version +collectd_LDADD += "-dlopen" tail_csv.la +collectd_DEPENDENCIES += tail_csv.la +endif + if BUILD_PLUGIN_TAPE pkglib_LTLIBRARIES += tape.la tape_la_SOURCES = tape.c diff --git a/src/collectd.conf.in b/src/collectd.conf.in index 8065b030..fa4cccfe 100644 --- a/src/collectd.conf.in +++ b/src/collectd.conf.in @@ -141,10 +141,10 @@ #@BUILD_PLUGIN_SENSORS_TRUE@LoadPlugin sensors #@BUILD_PLUGIN_SERIAL_TRUE@LoadPlugin serial #@BUILD_PLUGIN_SNMP_TRUE@LoadPlugin snmp -#@BUILD_PLUGIN_SNORT_TRUE@LoadPlugin snort #@BUILD_PLUGIN_SWAP_TRUE@LoadPlugin swap #@BUILD_PLUGIN_TABLE_TRUE@LoadPlugin table #@BUILD_PLUGIN_TAIL_TRUE@LoadPlugin tail +#@BUILD_PLUGIN_TAIL_CSV_TRUE@LoadPlugin tail_csv #@BUILD_PLUGIN_TAPE_TRUE@LoadPlugin tape #@BUILD_PLUGIN_TCPCONNS_TRUE@LoadPlugin tcpconns #@BUILD_PLUGIN_TEAMSPEAK2_TRUE@LoadPlugin teamspeak2 @@ -914,32 +914,6 @@ # # -# -# -# Type "percent" -# Instance "dropped" -# Index 1 -# -# -# Type "bytes" -# Instance "wire-realtime" -# Index 2 -# -# -# Type "alerts_per_second" -# Index 3 -# -# -# Type "kpackets_wire_per_sec.realtime" -# Index 4 -# -# -# Path "/var/log/snort/snort.stats" -# Interval 600 -# Collect "dropped" "mbps" "alerts" "kpps" -# -# - # # ReportByDevice false # ReportBytes true @@ -983,6 +957,32 @@ # # +# +# +# Type "percent" +# Instance "dropped" +# Index 1 +# +# +# Type "bytes" +# Instance "wire-realtime" +# Index 2 +# +# +# Type "alerts_per_second" +# Index 3 +# +# +# Type "kpackets_wire_per_sec.realtime" +# Index 4 +# +# +# Path "/var/log/snort/snort.stats" +# Interval 600 +# Collect "dropped" "mbps" "alerts" "kpps" +# +# + # # ListeningPorts false # LocalPort "25" diff --git a/src/collectd.conf.pod b/src/collectd.conf.pod index b1b9bd22..ee148152 100644 --- a/src/collectd.conf.pod +++ b/src/collectd.conf.pod @@ -4845,98 +4845,6 @@ Since the configuration of the C is a little more complicated than other plugins, its documentation has been moved to an own manpage, L. Please see there for details. -=head2 Plugin C - -The I reads the statistics file written by I, a free -network intrusion detection system (IDS). The file is written by Snort's -I preprocessor and needs to be configured to write to a -file. - -B - - - - Type "percent" - Instance "dropped" - Index 1 - - - Path "/var/log/snort/snort.stats" - Interval 600 - Collect "dropped" - - - -The configuration consists of one or more B blocks that define an index -into the line written by I and how this value is mapped to I -internal representation. These are followed by one or more B blocks -which configure which file to read, in which interval and which metrics to -extract. - -=over 4 - -=item EB IE - -The B block configures a new metric to be extracted from the statistics -file and how it is mapped on I data model. The string I is -only used inside the B blocks to refer to this block, so you can use -one B block for multiple I instances. - -=over 4 - -=item B I - -Configures which I to use when dispatching this metric. Types are defined -in the L file, see the appropriate manual page for more -information on specifying types. Only types with a single I are -supported by the I. The information whether the value is an -absolute value (i.e. a C) or a rate (i.e. a C) is taken from the -I definition. - -=item B I - -If set, I is used to populate the type instance field of the -created value lists. Otherwise, no type instance is used. - -=item B I - -Each line in the statistics file is broken into many fields with the first -field, the timestamp of the line, is index with zero. This option configures to -read the value from the field with index I. Since the first field is -always the timestamp, I must be greater than zero. - -=back - -=item EB IE - -Configures an instance of I to extract values for. The block's I -will be used as I when dispatching the values and is used to -support multiple separate I instances. There must be at least one -I block but there can be multiple if you have multiple instances of -I running. - -=over 4 - -=item B I - -Configures the I to the statistics file to read. - -=item B I - -Specifies which I to collect. This option must be specified at least -once, and you can use this option multiple times to specify more than one -metric to be extracted from this statistic file. - -=item B I - -Configures the interval in which to read values from this instance / file. This -should match the interval in which I performance monitor is writing to -the file. Defaults to the plugin's default interval. - -=back - -=back - =head2 Plugin C The I collects information about used and available swap space. On @@ -5211,6 +5119,94 @@ This optional setting sets the type instance to use. =back +=head2 Plugin C + +The I reads files in the CSV format, e.g. the statistics file +written by I. + +B + + + + Type "percent" + Instance "dropped" + Index 1 + + + Path "/var/log/snort/snort.stats" + Interval 600 + Collect "dropped" + + + +The configuration consists of one or more B blocks that define an index +into the line of the CSV file and how this value is mapped to I +internal representation. These are followed by one or more B blocks +which configure which file to read, in which interval and which metrics to +extract. + +=over 4 + +=item EB IE + +The B block configures a new metric to be extracted from the statistics +file and how it is mapped on I data model. The string I is +only used inside the B blocks to refer to this block, so you can use +one B block for multiple CSV files. + +=over 4 + +=item B I + +Configures which I to use when dispatching this metric. Types are defined +in the L file, see the appropriate manual page for more +information on specifying types. Only types with a single I are +supported by the I. The information whether the value is an +absolute value (i.e. a C) or a rate (i.e. a C) is taken from the +I definition. + +=item B I + +If set, I is used to populate the type instance field of the +created value lists. Otherwise, no type instance is used. + +=item B I + +Each line in the statistics file is broken into many fields with the first +field, the timestamp of the line, is index with zero. This option configures to +read the value from the field with index I. Since the first field is +always the timestamp, I must be greater than zero. + +=back + +=item EB IE + +Each B block represents on CSV file to read. The block's I +will be used as I when dispatching the values and is used to +support multiple separate CSV files. There must be at least one I +block but there can be multiple if you have multiple CSV files. + +=over 4 + +=item B I + +Configures the I to the statistics file to read. + +=item B I + +Specifies which I to collect. This option must be specified at least +once, and you can use this option multiple times to specify more than one +metric to be extracted from this statistic file. + +=item B I + +Configures the interval in which to read values from this instance / file. +Defaults to the plugin's default interval. + +=back + +=back + =head2 Plugin C The C connects to the query port of a teamspeak2 server and diff --git a/src/snort.c b/src/tail_csv.c similarity index 73% rename from src/snort.c rename to src/tail_csv.c index e8a15000..cab26416 100644 --- a/src/snort.c +++ b/src/tail_csv.c @@ -1,5 +1,5 @@ /** - * collectd - src/snort.c + * collectd - src/tail_csv.c * Copyright (C) 2013 Kris Nielander * Copyright (C) 2013 Florian Forster * @@ -56,7 +56,7 @@ typedef struct instance_definition_s instance_definition_t; /* Private */ static metric_definition_t *metric_head = NULL; -static int snort_submit (instance_definition_t *id, +static int tcsv_submit (instance_definition_t *id, metric_definition_t *md, value_t v, cdtime_t t) { @@ -68,7 +68,7 @@ static int snort_submit (instance_definition_t *id, vl.values = &v; sstrncpy(vl.host, hostname_g, sizeof (vl.host)); - sstrncpy(vl.plugin, "snort", sizeof(vl.plugin)); + sstrncpy(vl.plugin, "tail_csv", sizeof(vl.plugin)); sstrncpy(vl.plugin_instance, id->name, sizeof(vl.plugin_instance)); sstrncpy(vl.type, md->type, sizeof(vl.type)); if (md->instance != NULL) @@ -77,7 +77,7 @@ static int snort_submit (instance_definition_t *id, vl.time = t; vl.interval = id->interval; - DEBUG("snort plugin: -> plugin_dispatch_values (&vl);"); + DEBUG("tail_csv plugin: -> plugin_dispatch_values (&vl);"); plugin_dispatch_values(&vl); return (0); @@ -96,7 +96,7 @@ static cdtime_t parse_time (char const *tbuf) return (DOUBLE_TO_CDTIME_T (t)); } -static int snort_read_metric (instance_definition_t *id, +static int tcsv_read_metric (instance_definition_t *id, metric_definition_t *md, char **fields, size_t fields_num) { @@ -113,10 +113,10 @@ static int snort_read_metric (instance_definition_t *id, if (status != 0) return (status); - return (snort_submit (id, md, v, t)); + return (tcsv_submit (id, md, v, t)); } -static int snort_read_buffer (instance_definition_t *id, +static int tcsv_read_buffer (instance_definition_t *id, char *buffer, size_t buffer_size) { char **metrics; @@ -148,7 +148,7 @@ static int snort_read_buffer (instance_definition_t *id, } if (metrics_num == 1) { - ERROR("snort plugin: last line of `%s' does not contain " + ERROR("tail_csv plugin: last line of `%s' does not contain " "enough values.", id->path); return (-1); } @@ -156,7 +156,7 @@ static int snort_read_buffer (instance_definition_t *id, /* Create a list of all values */ metrics = calloc (metrics_num, sizeof (*metrics)); if (metrics == NULL) { - ERROR ("snort plugin: calloc failed."); + ERROR ("tail_csv plugin: calloc failed."); return (ENOMEM); } @@ -178,13 +178,13 @@ static int snort_read_buffer (instance_definition_t *id, metric_definition_t *md = id->metric_list[i]; if (((size_t) md->index) >= metrics_num) { - ERROR ("snort plugin: Metric \"%s\": Request for index %i when " + ERROR ("tail_csv plugin: Metric \"%s\": Request for index %i when " "only %zu fields are available.", md->name, md->index, metrics_num); continue; } - snort_read_metric (id, md, metrics, metrics_num); + tcsv_read_metric (id, md, metrics, metrics_num); } /* Free up resources */ @@ -192,18 +192,18 @@ static int snort_read_buffer (instance_definition_t *id, return (0); } -static int snort_read (user_data_t *ud) { +static int tcsv_read (user_data_t *ud) { instance_definition_t *id; id = ud->data; - DEBUG("snort plugin: snort_read (instance = %s)", id->name); + DEBUG("tail_csv plugin: tcsv_read (instance = %s)", id->name); if (id->tail == NULL) { id->tail = cu_tail_create (id->path); if (id->tail == NULL) { - ERROR ("snort plugin: cu_tail_create (\"%s\") failed.", + ERROR ("tail_csv plugin: cu_tail_create (\"%s\") failed.", id->path); return (-1); } @@ -218,7 +218,7 @@ static int snort_read (user_data_t *ud) { status = cu_tail_readline (id->tail, buffer, (int) sizeof (buffer)); if (status != 0) { - ERROR ("snort plugin: Instance \"%s\": cu_tail_readline failed " + ERROR ("tail_csv plugin: Instance \"%s\": cu_tail_readline failed " "with status %i.", id->name, status); return (-1); } @@ -227,13 +227,13 @@ static int snort_read (user_data_t *ud) { if (buffer_len == 0) break; - snort_read_buffer (id, buffer, buffer_len); + tcsv_read_buffer (id, buffer, buffer_len); } return (0); } -static void snort_metric_definition_destroy(void *arg){ +static void tcsv_metric_definition_destroy(void *arg){ metric_definition_t *md; md = arg; @@ -241,7 +241,7 @@ static void snort_metric_definition_destroy(void *arg){ return; if (md->name != NULL) - DEBUG("snort plugin: Destroying metric definition `%s'.", md->name); + DEBUG("tail_csv plugin: Destroying metric definition `%s'.", md->name); sfree(md->name); sfree(md->type); @@ -249,15 +249,15 @@ static void snort_metric_definition_destroy(void *arg){ sfree(md); } -static int snort_config_add_metric_index(metric_definition_t *md, oconfig_item_t *ci){ +static int tcsv_config_add_metric_index(metric_definition_t *md, oconfig_item_t *ci){ if ((ci->values_num != 1) || (ci->values[0].type != OCONFIG_TYPE_NUMBER)){ - WARNING("snort plugin: `Index' needs exactly one integer argument."); + WARNING("tail_csv plugin: `Index' needs exactly one integer argument."); return (-1); } md->index = (int)ci->values[0].value.number; if (md->index <= 0){ - WARNING("snort plugin: `Index' must be higher than 0."); + WARNING("tail_csv plugin: `Index' must be higher than 0."); return (-1); } @@ -265,7 +265,7 @@ static int snort_config_add_metric_index(metric_definition_t *md, oconfig_item_t } /* Parse metric */ -static int snort_config_add_metric(oconfig_item_t *ci){ +static int tcsv_config_add_metric(oconfig_item_t *ci){ metric_definition_t *md; const data_set_t *ds; int status = 0; @@ -295,9 +295,9 @@ static int snort_config_add_metric(oconfig_item_t *ci){ else if (strcasecmp("Instance", option->key) == 0) status = cf_util_get_string(option, &md->instance); else if (strcasecmp("Index", option->key) == 0) - status = snort_config_add_metric_index(md, option); + status = tcsv_config_add_metric_index(md, option); else { - WARNING("snort plugin: Option `%s' not allowed here.", option->key); + WARNING("tail_csv plugin: Option `%s' not allowed here.", option->key); status = -1; } @@ -306,35 +306,35 @@ static int snort_config_add_metric(oconfig_item_t *ci){ } if (status != 0){ - snort_metric_definition_destroy(md); + tcsv_metric_definition_destroy(md); return (-1); } /* Verify all necessary options have been set. */ if (md->type == NULL){ - WARNING("snort plugin: Option `Type' must be set."); + WARNING("tail_csv plugin: Option `Type' must be set."); status = -1; } else if (md->index == 0){ - WARNING("snort plugin: Option `Index' must be set."); + WARNING("tail_csv plugin: Option `Index' must be set."); status = -1; } if (status != 0){ - snort_metric_definition_destroy(md); + tcsv_metric_definition_destroy(md); return (-1); } /* Retrieve the data source type from the types db. */ ds = plugin_get_ds(md->type); if (ds == NULL){ - ERROR ("snort plugin: Failed to look up type \"%s\". " + ERROR ("tail_csv plugin: Failed to look up type \"%s\". " "It may not be defined in the types.db file. " "Please read the types.db(5) manual page for more details.", md->type); - snort_metric_definition_destroy(md); + tcsv_metric_definition_destroy(md); return (-1); } else if (ds->ds_num != 1) { - ERROR ("snort plugin: The type \"%s\" has %i data sources. " + ERROR ("tail_csv plugin: The type \"%s\" has %i data sources. " "Only types with a single data soure are supported.", ds->type, ds->ds_num); return (-1); @@ -342,7 +342,7 @@ static int snort_config_add_metric(oconfig_item_t *ci){ md->data_source_type = ds->ds->type; } - DEBUG("snort plugin: md = { name = %s, type = %s, data_source_type = %d, index = %d }", + DEBUG("tail_csv plugin: md = { name = %s, type = %s, data_source_type = %d, index = %d }", md->name, md->type, md->data_source_type, md->index); if (metric_head == NULL) @@ -358,7 +358,7 @@ static int snort_config_add_metric(oconfig_item_t *ci){ return (0); } -static void snort_instance_definition_destroy(void *arg){ +static void tcsv_instance_definition_destroy(void *arg){ instance_definition_t *id; id = arg; @@ -366,7 +366,7 @@ static void snort_instance_definition_destroy(void *arg){ return; if (id->name != NULL) - DEBUG("snort plugin: Destroying instance definition `%s'.", id->name); + DEBUG("tail_csv plugin: Destroying instance definition `%s'.", id->name); cu_tail_destroy (id->tail); id->tail = NULL; @@ -377,19 +377,19 @@ static void snort_instance_definition_destroy(void *arg){ sfree(id); } -static int snort_config_add_instance_collect(instance_definition_t *id, oconfig_item_t *ci){ +static int tcsv_config_add_instance_collect(instance_definition_t *id, oconfig_item_t *ci){ metric_definition_t *metric; int i; if (ci->values_num < 1){ - WARNING("snort plugin: The `Collect' config option needs at least one argument."); + WARNING("tail_csv plugin: The `Collect' config option needs at least one argument."); return (-1); } /* Verify string arguments */ for (i = 0; i < ci->values_num; ++i) if (ci->values[i].type != OCONFIG_TYPE_STRING){ - WARNING("snort plugin: All arguments to `Collect' must be strings."); + WARNING("tail_csv plugin: All arguments to `Collect' must be strings."); return (-1); } @@ -403,11 +403,11 @@ static int snort_config_add_instance_collect(instance_definition_t *id, oconfig_ break; if (metric == NULL){ - WARNING("snort plugin: `Collect' argument not found `%s'.", ci->values[i].value.string); + WARNING("tail_csv plugin: `Collect' argument not found `%s'.", ci->values[i].value.string); return (-1); } - DEBUG("snort plugin: id { name=%s md->name=%s }", id->name, metric->name); + DEBUG("tail_csv plugin: id { name=%s md->name=%s }", id->name, metric->name); id->metric_list[i] = metric; id->metric_list_len++; @@ -417,7 +417,7 @@ static int snort_config_add_instance_collect(instance_definition_t *id, oconfig_ } /* Parse instance */ -static int snort_config_add_instance(oconfig_item_t *ci){ +static int tcsv_config_add_instance(oconfig_item_t *ci){ instance_definition_t* id; int status = 0; @@ -429,7 +429,7 @@ static int snort_config_add_instance(oconfig_item_t *ci){ struct timespec cb_interval; if ((ci->values_num != 1) || (ci->values[0].type != OCONFIG_TYPE_STRING)){ - WARNING("snort plugin: The `Instance' config option needs exactly one string argument."); + WARNING("tail_csv plugin: The `Instance' config option needs exactly one string argument."); return (-1); } @@ -454,11 +454,11 @@ static int snort_config_add_instance(oconfig_item_t *ci){ if (strcasecmp("Path", option->key) == 0) status = cf_util_get_string(option, &id->path); else if (strcasecmp("Collect", option->key) == 0) - status = snort_config_add_instance_collect(id, option); + status = tcsv_config_add_instance_collect(id, option); else if (strcasecmp("Interval", option->key) == 0) cf_util_get_cdtime(option, &id->interval); else { - WARNING("snort plugin: Option `%s' not allowed here.", option->key); + WARNING("tail_csv plugin: Option `%s' not allowed here.", option->key); status = -1; } @@ -467,36 +467,36 @@ static int snort_config_add_instance(oconfig_item_t *ci){ } if (status != 0){ - snort_instance_definition_destroy(id); + tcsv_instance_definition_destroy(id); return (-1); } /* Verify all necessary options have been set. */ if (id->path == NULL){ - WARNING("snort plugin: Option `Path' must be set."); + WARNING("tail_csv plugin: Option `Path' must be set."); status = -1; } else if (id->metric_list == NULL){ - WARNING("snort plugin: Option `Collect' must be set."); + WARNING("tail_csv plugin: Option `Collect' must be set."); status = -1; } if (status != 0){ - snort_instance_definition_destroy(id); + tcsv_instance_definition_destroy(id); return (-1); } - DEBUG("snort plugin: id = { name = %s, path = %s }", id->name, id->path); + DEBUG("tail_csv plugin: id = { name = %s, path = %s }", id->name, id->path); - ssnprintf (cb_name, sizeof (cb_name), "snort-%s", id->name); + ssnprintf (cb_name, sizeof (cb_name), "tail_csv/%s", id->name); memset(&cb_data, 0, sizeof(cb_data)); cb_data.data = id; - cb_data.free_func = snort_instance_definition_destroy; + cb_data.free_func = tcsv_instance_definition_destroy; CDTIME_T_TO_TIMESPEC(id->interval, &cb_interval); - status = plugin_register_complex_read(NULL, cb_name, snort_read, &cb_interval, &cb_data); + status = plugin_register_complex_read(NULL, cb_name, tcsv_read, &cb_interval, &cb_data); if (status != 0){ - ERROR("snort plugin: Registering complex read function failed."); - snort_instance_definition_destroy(id); + ERROR("tail_csv plugin: Registering complex read function failed."); + tcsv_instance_definition_destroy(id); return (-1); } @@ -504,22 +504,22 @@ static int snort_config_add_instance(oconfig_item_t *ci){ } /* Parse blocks */ -static int snort_config(oconfig_item_t *ci){ +static int tcsv_config(oconfig_item_t *ci){ int i; for (i = 0; i < ci->children_num; ++i){ oconfig_item_t *child = ci->children + i; if (strcasecmp("Metric", child->key) == 0) - snort_config_add_metric(child); + tcsv_config_add_metric(child); else if (strcasecmp("Instance", child->key) == 0) - snort_config_add_instance(child); + tcsv_config_add_instance(child); else - WARNING("snort plugin: Ignore unknown config option `%s'.", child->key); + WARNING("tail_csv plugin: Ignore unknown config option `%s'.", child->key); } return (0); -} /* int snort_config */ +} /* int tcsv_config */ -static int snort_shutdown(void){ +static int tcsv_shutdown(void){ metric_definition_t *metric_this; metric_definition_t *metric_next; @@ -528,7 +528,7 @@ static int snort_shutdown(void){ while (metric_this != NULL){ metric_next = metric_this->next; - snort_metric_definition_destroy(metric_this); + tcsv_metric_definition_destroy(metric_this); metric_this = metric_next; } @@ -536,8 +536,8 @@ static int snort_shutdown(void){ } void module_register(void){ - plugin_register_complex_config("snort", snort_config); - plugin_register_shutdown("snort", snort_shutdown); + plugin_register_complex_config("tail_csv", tcsv_config); + plugin_register_shutdown("tail_csv", tcsv_shutdown); } /* vim: set sw=4 sts=4 et : */ -- 2.30.2