Setup
Do this procedure to add a new scriptable protocol.
To add a new scriptable protocol there are two options:
- Explicit configuration
- Handle as custom user contents
Explicit configuration
- Copy the Lua script in
/data/scriptable_protocols/
- Configure Guardian with this rule
conf.user configure probe scriptable-protocol <protocol_name> <script_name>
in command-line interface (CLI)(<script_name> is the name of the file including the extension) - There is no need to restart the intrusion detection system (IDS) after the scriptable protocol configuration: the system will automatically activate it (alongside any other scriptable protocols already configured)
Custom user contents
- Make sure that the scriptable protocol parameters (most importantly, the
name
) have been set via comments in the script body. - Add the
.content
extension to the script file name. - Copy the Lua script in
/data/contents/scriptable_protocols/
- Notify IDS that the scriptable protocols contents have changed by issuing in the
CLI:
ids contents_reload {"content_type": "scriptable_protocols"}
- There is no need to restart the IDS, the system will automatically activate all scriptable protocols delivered as contents, together with all those that have been explicitly configured.
After these steps the new protocol is loaded in Guardian and will analyze the network traffic.