mirror of
https://github.com/rsyslog/rsyslog.git
synced 2025-12-15 19:50:40 +01:00
37 lines
1003 B
Bash
37 lines
1003 B
Bash
#!/bin/bash
|
|
# released under ASL 2.0
|
|
|
|
. ${srcdir:=.}/diag.sh init
|
|
generate_conf
|
|
|
|
socketpath=$1
|
|
|
|
if [ -z "$socketpath" ]; then
|
|
socketpath='/var/sockets/darwin/reputation_1.sock'
|
|
fi
|
|
|
|
add_conf '
|
|
template(name="darwin-output" type="list") {
|
|
property(name="$!all-json")
|
|
}
|
|
|
|
module(load="../plugins/imptcp/.libs/imptcp")
|
|
module(load="../plugins/mmjsonparse/.libs/mmjsonparse")
|
|
module(load="../contrib/mmdarwin/.libs/mmdarwin")
|
|
input(type="imptcp" port="0" listenPortFileName="'$RSYSLOG_DYNNAME'.tcpflood_port" ruleset="testing")
|
|
|
|
ruleset(name="testing") {
|
|
action(type="mmjsonparse" cookie="")
|
|
action(type="mmdarwin" socketpath="'$socketpath'" key="" fields=["!srcip", "ATTACK;TOR"] response="back" filtercode="0x72657075")
|
|
action(type="omfile" file="'$RSYSLOG_OUT_LOG'" template="darwin-output")
|
|
}
|
|
'
|
|
|
|
startup
|
|
tcpflood -m 1 -M '{\"srcip\":\"2.59.151.0\"}'
|
|
shutdown_when_empty
|
|
wait_shutdown
|
|
content_check --regex '.*"":\s*.*' # it should match the saved certitude with an empty key
|
|
|
|
exit_test
|