Matt Sisk
and 1 contributors

NAME

Net::Silk::Site - SiLK site repository configuration

DESCRIPTION

Net::Silk::Site is the interface to the local repository configuration. It can be used to make queries about sensor and class types, as well as find flow files present in the repository.

EXPORTS

The following are available via the :all export tag.

CONSTANTS

HAVE_SITE_CONFIG

True if the repository site configuration file is present and has been successfully loaded.

FUNCTIONS

init_site(rootdir => $path, siteconf => $file)

Initializes site configuration to a different root data directory and/or site config file in order to override the values determined by environment variables or the default. Must be called prior to invoking any query functions. Site initialization will be invoked automatically, if it hasn't yet been invoked, when any query functions are called.

get_data_rootdir()

Returns the currently defined repository data directory.

get_site_config()

Returns the currently defined site configuration file.

default_class()

Returns the default flow class.

default_types()

Returns the default flow types.

sensors()

Return a list of defined sensor names.

classes()

Return a list of defined class names.

types()

Return a list of defined type names.

classtypes()

Return a list of class/flowtype pairs.

sensor_classes($sensor)

Return a list of classes for the given sensor name.

class_sensors($class)

Return a list of sensors pertaining to the given class name.

sensor_id($sensor)

Return the numeric sensor id for the given sensor name.

sensor_from_id($id)

Return the sensor name for the given numeric sensor id.

sensor_description($sensor)

Return the sensor description, if any, for the given sensor name.

classtype_id($class, $type)

Return the numeric id for the given class/flowtype name pair.

classtype_from_id($id)

Return the class and flowtype names, as a list, given the numeric classtype id.

repo_iter(...)

Return a subroutine reference representing an interator over repository files matching the given criteria. The function takes the following keyword arguments:

start

The starting time of interest, given either as a DateTime object or as seconds since the epoch. If only a start time is given and it has a resolution to the day, that entire day is queried. Otherwise, the given hour is queried.

end

The end time of interest, given either as a DateTime object or as seconds since the epoch.

sensors

An array ref containing a list of sensors over which to limit the query.

flowtypes

A hash ref containing class/type pairs over which to limit the query.

missing

A flag indicating whether to include files missing from the repository in query results.

SEE ALSO

Net::Silk, Net::Silk::RWRec, Net::Silk::IPSet, Net::Silk::Bag, Net::Silk::Pmap, Net::Silk::IPWildcard, Net::Silk::Range, Net::Silk::CIDR, Net::Silk::IPAddr, Net::Silk::TCPFlags, Net::Silk::ProtoPort, Net::Silk::File, sensor.conf(5), silk(7)

COPYRIGHT & LICENSE

Copyright (C) 2011-2016 by Carnegie Mellon University

Use of the Net-Silk library and related source code is subject to the terms of the following licenses:

GNU Public License (GPL) Rights pursuant to Version 2, June 1991 Government Purpose License Rights (GPLR) pursuant to DFARS 252.227.7013

NO WARRANTY

See GPL.txt and LICENSE.txt for more details.