=> 'notice',
console => 'no',
console_json => 0,
file => 'yes',
file_level => 'info',
file_json => 0,
syslog => 'no',
syslog_facility => 'local5',
syslog_format => '[%i] <%d> -- ',
syslog_json => 0,
},
update => {
enable => 0,
no_reload => 0,
no_test => 0,
offline => 0,
noreHosts => '',
env_proxy => 0,
stats_file => '/var/cache/suricata_extract_submit_stats.json',
stats_dir => '/var/cache/suricata_extract_submit_stats/',
interval => '*/2 * * * *',ie -> /var/log/suricata/alert.json
Sagan -> $hostname-lae -> /var/log/sagan/alert.json
CAPEv2 -> $hostname-malware -> /opt/CAPEv2/log/eve.json
For multi-instance it is done aslog/suricata/alert-$instance.json
Sagan -> $hostname-$instance -> /var/log/sagan/alert-$instance.json
CAPEv2 -> $hostname-malware -> /opt/CAPEv2/log/eve.json (or wherever .cape.eve set ',
eve => '/var/log/suricata/alert.json',
};
$self->status_add( status => $instance_name . ': type=suricata, eve="/var/log/suricata/alert.json"', );
} elsif ( $self->{config}{suricata::Actions::github_fetch_release_asset;
use 5.006;
use strict;
use warnings;
use File::Slurp;
use JSON;
use Ixchel::functions::github_fetch_release_asset;
use base 'Ixchel::Actions::base';
=head1 NAMpackage Ixchel::Actions::xeno;
use 5.006;
use strict;
use warnings;
use File::Slurp;
use JSON::Path;
use YAML::XS qw(Load);
use Ixchel::functions::file_get;
use base 'Ixchel::Actions::base';
=head1 ions::sys_info;
use 5.006;
use strict;
use warnings;
use Ixchel::functions::sys_info;
use JSON qw(to_json);
use YAML::XS qw(Dump);
use Data::Dumper;
use base 'Ixchel::Actions::base';
=head1 NAMEs it in various formats.
=head1 Switches
=head2 -o <format>
Format to print it in.
Available: json, yaml, toml, dumper
Default: toml
=cut
sub new_extra { }
sub action_extra {
my $self = $_[0]$self->{opts}->{o} = 'toml';
}
if ( $self->{opts}->{o} ne 'toml'
&& $self->{opts}->{o} ne 'json'
&& $self->{opts}->{o} ne 'dumper'
&& $self->{opts}->{o} ne 'yaml' )
{
$self->status_add(
;
use strict;
use warnings;
use Ixchel::functions::sys_info;
use JSON qw(to_json);
use YAML::XS qw(Dump);
use Data::Dumper;
use JSON::Path;
use base 'Ixchel::Actions::base';
=head1 NAME
Ixchel::mat to print it in.
Available: json, yaml, toml, dumper
Default: yaml
=head2 -s <section>
A JSON style path used for fetching a sub section of the
config via L<JSON::Path>.
Default: undef
=head1{
$self->{opts}->{o} = 'yaml';
}
if ( $self->{opts}{o} ne 'toml'
&& $self->{opts}{o} ne 'json'
&& $self->{opts}{o} ne 'dumper'
&& $self->{opts}{o} ne 'yaml' )
{
self->status_add(
stFile::Slurp;
use Exporter 'import';
our @EXPORT = qw(github_releases);
use LWP::UserAgent ();
use JSON;
=head1 NAME
Ixchel::functions::github_releases - Fetches release information for the specifiedrepo :: Repo to fetch the releases for.
The following are optional.
- raw :: Return the raw JSON and don't decode it.
Default :: 0
If the $ENV variables below are set, they will be used {
return $content;
}
my $json;
eval { $json = decode_json($content); };
if ($@) {
die( 'Decoding JSON from "' . $url . '" failed... ' . $@ );
}
return $json;
} ## end sub github_releases
->status_add( status => 'Installing Monitoring::Sneck depends via packages' );
my @depends = ( 'JSON', 'File::Slurp', 'MIME::Base64', 'Pod::Usage' );
$self->status_add( status => 'Perl Depends: ' Lilith depends via packages' );
my @depends = (
'TOML', 'DBI', 'JSON', 'File::ReadBackwards',
'Digest::SHA', 'POE', 'File::Slurp', 'w(github_fetch_release_asset);
use Ixchel::functions::github_releases;
use LWP::UserAgent ();
use JSON;
=head1 NAME
Ixchel::functions::github_fetch_release_asset - Fetches a release asset from a Git json-c
- libmaxminddb
Debian:
- liblognrom-dev
- libpcre3-dev
- build-eesential
- libesmtp-dev
- libhiredis-dev
- libjson