Extension
Implementing new audit records and features
To add support for a new protocol or custom abstraction the following steps need to be performed.
Protocol Buffer Definitions
First, a type definition of the new audit record type must be added to the AuditRecord protocol buffers definitions, as well as a Type enumeration following the naming convention with the NC prefix.
First, make sure you have code generator plugin(s) that NETCAP is using to accelerate the protocol buffer en- and decoding. Get the plugins with:
The framework for this can be found here:
Recompile the protocol buffers with:
This will create the type definitions for your new audit record in the types package.
Encoder Implementation
After recompiling the protocol buffers, a file for the new encoder named after the protocol must be created in the encoder package. The new file must contain a variable created with CreateLayerEncoder or CreateCustomEncoder depending on the desired encoder type.
Lets take a brief look at a very simple LayerEncoder, for example for the ARP protocol: