You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
</pre><a class="anchor" name="act_conn"></a><a class="anchor" name="7-act_conn"></a><a class="anchor" name="7.3.2-act_conn"></a><a class="anchor" name="act_conn (Using ACLs and fetching samples)"></a><a class="anchor" name="act_conn (Fetching samples from internal states)"></a><div class="keyword"><b><a class="anchor" name="act_conn"></a><a href="#7.3.2-act_conn">act_conn</a></b> : integer</div><pre class="text">Returns the total number of active concurrent connections on the process.
25210
25216
</pre><a class="anchor" name="acl"></a><a class="anchor" name="7-acl"></a><a class="anchor" name="7.3.2-acl"></a><a class="anchor" name="acl (Using ACLs and fetching samples)"></a><a class="anchor" name="acl (Fetching samples from internal states)"></a><div class="keyword"><b><a class="anchor" name="acl"></a><a href="#7.3.2-acl">acl</a></b>(<span style="color: #008">[!]</span><span style="color: #080"><name></span><span style="color: #008">[,...]</span>) : boolean</div><pre class="text">Returns true if the evaluation of all the named ACL(s) is true, otherwise
</pre><a class="anchor" name="last_rule_file"></a><a class="anchor" name="7-last_rule_file"></a><a class="anchor" name="7.3.2-last_rule_file"></a><a class="anchor" name="last_rule_file (Using ACLs and fetching samples)"></a><a class="anchor" name="last_rule_file (Fetching samples from internal states)"></a><div class="keyword"><b><a class="anchor" name="last_rule_file"></a><a href="#7.3.2-last_rule_file">last_rule_file</a></b> : string</div><pre class="text">This returns the name of the configuration file containing the last final
25408
+
</pre><a class="anchor" name="last_entity"></a><a class="anchor" name="7-last_entity"></a><a class="anchor" name="7.3.2-last_entity"></a><a class="anchor" name="last_entity (Using ACLs and fetching samples)"></a><a class="anchor" name="last_entity (Fetching samples from internal states)"></a><div class="keyword"><b><a class="anchor" name="last_entity"></a><a href="#7.3.2-last_entity">last_entity</a></b> : string</div><pre class="text">This returns the identity of the last entity that was evaluated during stream
25409
+
analysis. It may be the final rule that matched or the filter that
25410
+
interrupted the processing.
25411
+
25412
+
A final rule is one that terminates the evaluation of the rule set (like an
25413
+
"<a href="#accept">accept</a>", "<a href="#deny">deny</a>" or "<span class="dropdown"><a class="dropdown-toggle" data-toggle="dropdown" href="#">redirect<span class="caret"></span></a><ul class="dropdown-menu"><li class="dropdown-header">This keyword is available in sections :</li><li><a href="#redirect%20%28Alphabetically%20sorted%20keywords%20reference%29">Alphabetically sorted keywords reference</a></li><li><a href="#redirect%20%28Alphabetically%20sorted%20actions%20reference%29">Alphabetically sorted actions reference</a></li></ul></span>"). This works for TCP request and response
25414
+
rules acting on the "content" rulesets, and on HTTP rules from
25415
+
"<a href="#http-request">http-request</a>", "<a href="#http-response">http-response</a>" and "<a href="#http-after-response">http-after-response</a>" rule sets. The
25416
+
legacy "<span class="dropdown"><a class="dropdown-toggle" data-toggle="dropdown" href="#">redirect<span class="caret"></span></a><ul class="dropdown-menu"><li class="dropdown-header">This keyword is available in sections :</li><li><a href="#redirect%20%28Alphabetically%20sorted%20keywords%20reference%29">Alphabetically sorted keywords reference</a></li><li><a href="#redirect%20%28Alphabetically%20sorted%20actions%20reference%29">Alphabetically sorted actions reference</a></li></ul></span>" rulesets are not supported (such information is not stored
25417
+
there), and neither "<a href="#tcp-request%20connection">tcp-request connection</a>" nor "<a href="#tcp-request%20session">tcp-request session</a>"
25418
+
rulesets are supported because the information is stored at the stream level
25419
+
and streams do not exist during these rules. In that case, the returned value
25420
+
is equivalent to "last_rule_file:last_rule_line".
25421
+
See also "<a href="#last_rule_file">last_rule_file</a>", "<a href="#last_rule_line">last_rule_line</a>".
25422
+
25423
+
For a filter, its identifier is returned as defined by the developers. If
25424
+
this identifier is not defined, an hexadecimal value is returned
25425
+
corresponding to an unique internal identifier.
25426
+
25427
+
The main purpose of this function is to be able to report in logs the last
25428
+
entity that interrupted a processing, in order to help debugging issues. The
25429
+
information returned on entities may changed in time and must not be used for
25430
+
something else than debugging.
25431
+
</pre><div class="separator">
25432
+
<span class="label label-success">Example:</span>
25433
+
<pre class="prettyprint">
25434
+
<code><span class="comment"># Log the last entity, if any, and only if an error is reported</span>
</div><a class="anchor" name="last_rule_file"></a><a class="anchor" name="7-last_rule_file"></a><a class="anchor" name="7.3.2-last_rule_file"></a><a class="anchor" name="last_rule_file (Using ACLs and fetching samples)"></a><a class="anchor" name="last_rule_file (Fetching samples from internal states)"></a><div class="keyword"><b><a class="anchor" name="last_rule_file"></a><a href="#7.3.2-last_rule_file">last_rule_file</a></b> : string</div><pre class="text">This returns the name of the configuration file containing the last final
25403
25438
rule that was matched during stream analysis. A final rule is one that
25404
25439
terminates the evaluation of the rule set (like an "<a href="#accept">accept</a>", "<a href="#deny">deny</a>" or
25405
25440
"<span class="dropdown"><a class="dropdown-toggle" data-toggle="dropdown" href="#">redirect<span class="caret"></span></a><ul class="dropdown-menu"><li class="dropdown-header">This keyword is available in sections :</li><li><a href="#redirect%20%28Alphabetically%20sorted%20keywords%20reference%29">Alphabetically sorted keywords reference</a></li><li><a href="#redirect%20%28Alphabetically%20sorted%20actions%20reference%29">Alphabetically sorted actions reference</a></li></ul></span>"). This works for TCP request and response rules acting on the
sample fetch fails, unless a default value is provided, in which case it will
25584
25619
return it as a string. Empty strings are permitted. See <a href="#2.8">section 2.8</a> about
25585
25620
variables for details.
25586
-
</pre></div>
25621
+
</pre><a class="anchor" name="waiting_entity"></a><a class="anchor" name="7-waiting_entity"></a><a class="anchor" name="7.3.2-waiting_entity"></a><a class="anchor" name="waiting_entity (Using ACLs and fetching samples)"></a><a class="anchor" name="waiting_entity (Fetching samples from internal states)"></a><div class="keyword"><b><a class="anchor" name="waiting_entity"></a><a href="#7.3.2-waiting_entity">waiting_entity</a></b> : string</div><pre class="text">This returns the identity of the entity that was waiting to continue its
25622
+
processing when an error or a timeout was encountered. It may be the a rule
25623
+
or a filter for instance. However, this list is not exhaustive and the format
25624
+
of all possible entities is not forcefully documented.
25625
+
25626
+
When the entity is a rule, its location is returned. It is the configuration
25627
+
file containing the rule followed by the line where the rule is defined in
25628
+
this file, separated by a colon.
25629
+
25630
+
For a filter, its identifier is returned as defined by the developers. If
25631
+
this identifier is not defined, an hexadecimal value is returned
25632
+
corresponding to an unique internal identifier.
25633
+
25634
+
The main purpose of this function is to be able to report in logs the entity
25635
+
blocking the stream analysis when an error or a timeout was encountered,
25636
+
interrupting this processing, in order to help debugging issues. The
25637
+
information returned on entities may changed in time and must not be used for
25638
+
something else than debugging.
25639
+
</pre><div class="separator">
25640
+
<span class="label label-success">Example:</span>
25641
+
<pre class="prettyprint">
25642
+
<code><span class="comment"># Log the waiting entity, if any, and only if an error is reported</span>
0 commit comments