Skip to end of metadata
Go to start of metadata

The meta library provides information about the running ruleset. The following are available (notice that these are values, not functions):

  • meta:eci - the event channel identifier on which the current event was raised
  • meta:host - the public DNS name of the machine running the engine, including port number
  • meta:inEvent - the public DNS name of the machine running the engine, including port number
  • meta:inQuery - the public DNS name of the machine running the engine, including port number
  • meta:picoId - the version of the currently running ruleset
  • meta:rid - the ruleset ID of the currently running ruleset
  • meta:ruleName - the name of the rule currently being evaluated
  • meta:rulesetAuthor - the author from the meta section of the current ruleset
  • meta:rulesetDescription - the description from the meta section of the current ruleset
  • meta:rulesetName - the name from the meta section of the current ruleset
  • meta:rulesetURI - the URL from which the currently running ruleset was registered/installed
  • meta:txnId - return the transaction ID for the current evaluation. This is mostly useful for debugging.

The following are not yet ported from the classic engine:

  • meta:callingRID() - returns the RID of the calling ruleset if running in a module, or the current ruleset ID otherwise.
  • meta:callingVersion() - returns the version of the calling ruleset if running in a module, or the current ruleset version otherwise.
  • meta:errorCount() - returns the number of errors for current rule execution. Reset to 0 for each new rule execution.
  • meta:inModule() - returns a Boolean value indicating whether the current code is running in a module.
  • meta:moduleRID() - returns the RID of the module if running in a module, or the current ruleset ID otherwise.
  • meta:moduleVersion() - returns the version of the module if running in a module, or the current ruleset version otherwise.
  • meta:version() - returns the version of the currently running ruleset.

Note, in the case of meta:moduleRID(), meta:moduleVersion(), and meta:inModule(), care has been taken to preserve static behavior. So, for example, if you do the following, you should get the result you expect based on static function semantics:

ruleset my_module {
 
  ...
  global {
    myRid = function() { meta:moduleRID() }
  }
}
 
ruleset use_my_module {
  meta {
    use module my_module
  }
  global {
    x = my_module:myRid();
    // x = my_module, not use_my_module
  }
}



  • No labels