16.1. Lua usage in Suricata
Lua scripting can be used in two components of Suricata:
Output
Detection:
luakeyword andluaxformtransform
Both features are using a list of functions to access the data extracted by Suricata. You can get the list of functions in the Lua functions page.
Note
Currently, there is a difference in the needs key in the init function,
depending on what is the usage: output or detection. The list of available
functions may also differ. The luaxform doesn't use the needs key.
16.1.1. Lua output
Lua scripts can be used to write arbitrary output. See Lua Output for more information.
16.1.2. Lua detection
Lua scripts can be used as a filter condition in signatures. See Lua Scripting for Detection for more information.
16.1.3. Lua transform
The luaxform transform can be used in signatures. See luaxform for more information.