NAME
Net::Nmsg::IO - Net::Nmsg - Perl interface for the nmsg IO loop
SYNOPSIS
use Net::Nmsg::IO;
my $io = Net::Nmsg::IO->new();
my $cb = sub {
my $msg = shift;
print $msg->as_str, "\n";
};
$io->add_input('infile.nmsg');
$io->add_output('127.0.0.1/9430');
$io->add_output($cb);
$io->loop;
DESCRIPTION
Net::Nmsg::IO is a perl interface to the IO manager of the nmsg network data capture library.
CONSTRUCTOR
- new(%options)
-
Creates a new Net::Nmsg::IO object. Valid options are:
- mirrored
-
When enabled, mirrors input messages across all assigned outputs. The default is to stripe incoming messages across outputs.
- count
-
Stop processing after having written count input messages to outputs (mirrored messages count as one message)
- interval
-
Stop processing after interval seconds have passed.
- filter_vendor
- filter_msgtype
-
Filter messages for the specified message type. Both parameters are required. If set, all inputs and outputs will share this filter.
- filter_source
-
Specify a source filter for all inputs.
- filter_operator
-
Specify an operator filter for all inputs.
- filter_group
-
Specify a group filter for all inputs.
ACCESSORS
- set_mirrored($bool)
- get_mirrored()
- set_count($int)
- get_count()
- set_interval($secs)
- get_interval()
- set_filter_msgtype($vendor, $msgtype)
- get_filter_msgtype()
- set_filter_source($source)
- get_filter_source()
- set_filter_operator($operator)
- get_filter_operator()
- set_filter_group($group)
- get_filter_group()
METHODS
- loop()
-
Initiate processing on the assigned inputs and outputs. Processing ceases when either the inputs are exausted or until
breakloop()
is called from within a callback. - breakloop()
-
When invoked from a callback, causes the processing loop to halt.
- add_input($spec, %options)
-
Add an input to the IO loop. A reasonable attempt is made to determine whether the specification is a file name (nmsg, pcap, pres), file handle (nmsg), channel alias or socket specification (nmsg), network device name (pcap), or reference to a Net::Nmsg::Input object, and is opened accordingly. If for some reason this reasonable guess is not so reasonable, use one of the specific input methods detailed below.
See Net::Nmsg::Input for details on valid options.
- add_output($spec, %options)
-
Add an output to the IO loop. A reasonable attempt is made to determine whether the output specification is a socket specification (nmsg), callback reference (per message), file name/handle (nmsg), or reference to a Net::Nmsg::Output object. For other output types (such as presentation format), use one of the specific output methods detailed below.
See Net::Nmsg::Output for details on valid options.
- add_input_channel($channel, %opt)
-
Add input sockets associated with the given channel alias as defined by the local nmsgtool installation.
- add_input_file($file, %opt)
-
Add a NMSG formatted file as an input, specified either as a file name or file handle.
- add_input_sock($socket, %opt) =item add_input_sock($host, $port, %opt)
-
Add a NMSG socket as an input, specified either as a socket specification, socket handle, or host/port pair.
- add_input_pcap($file, vendor => $v, msgtype => $m, %opt)
-
Add a file in pcap format as an input, specefied as a file name. The vendor and msgtype parameters are required.
- add_input_iface($interface, vendor => $v, msgtype => $m, %opt)
-
Add a network interface (live pcap) as an input, specified as a network device name. The vendor and msgtype parameters are required.
- add_output_channel($channel, %opt)
-
Add output sockets assosicated with the given channel alias as defined by the local nmsgtool installation.
- add_output_file($file, %opt)
-
Add a NMSG formatted file as an output, specified either as a file name or handle.
- add_output_sock($socket, %opt)
- add_output_sock($host, $pair, %opt)
-
Add an output socket for NMSG formatted data, specified either as a socket specification, socket handle, or host/port pair.
- add_output_pres($file, %opt)
-
Add a file in presentation format as an output, specified either as a file name or handle.
- add_output_cb($code_ref, %opt)
-
Add the given callback reference as an output. The callback is passed a reference to a message object for each message that makes it through the filters. The process loop can be stopped by calling the loop() method on the IO object. See Net::Nmsg::Msg for more details on message objects.
SEE ALSO
Net::Nmsg, Net::Nmsg::Input, Net::Nmsg::Output, Net::Nmsg::Msg, nmsgtool(1)
AUTHOR
Matthew Sisk, <sisk@cert.org>
COPYRIGHT & LICENSE
Copyright (C) 2010-2015 by Carnegie Mellon University
Use of the Net-Silk library and related source code is subject to the terms of the following licenses:
GNU Public License (GPL) Rights pursuant to Version 2, June 1991 Government Purpose License Rights (GPLR) pursuant to DFARS 252.227.7013
NO WARRANTY
See GPL.txt and LICENSE.txt for more details.