Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var RFC3164Desc = `Syslog parser for the RFC3164 format (ie. BSD-syslog messages)
Reference: https://tools.ietf.org/html/rfc3164`
View Source
var RFC5424Desc = `Syslog parser for the RFC5424 format.
Reference: https://tools.ietf.org/html/rfc5424`
Functions ¶
This section is empty.
Types ¶
type RFC3164 ¶
type RFC3164 struct { Priority *uint8 `` /* 166-byte string literal not displayed */ Facility *uint8 `` /* 160-byte string literal not displayed */ Severity *uint8 `json:"severity" validate:"required" description:"Severity indicates how severe the message is. Eg: 0=Emergency to 7=Debug."` Timestamp *timestamp.RFC3339 `json:"timestamp,omitempty" description:"Timestamp of the syslog message in UTC."` Hostname *string `json:"hostname,omitempty" description:"Hostname identifies the machine that originally sent the syslog message."` Appname *string `json:"appname,omitempty" description:"Appname identifies the device or application that originated the syslog message."` ProcID *string `` /* 166-byte string literal not displayed */ MsgID *string `` /* 152-byte string literal not displayed */ Message *string `json:"message,omitempty" description:"Message contains free-form text that provides information about the event."` // NOTE: added to end of struct to allow expansion later parsers.PantherLog }
nolint:lll
type RFC3164Parser ¶
type RFC3164Parser struct {
// contains filtered or unexported fields
}
RFC3164Parser parses Syslog logs in the RFC3164 format
func (*RFC3164Parser) LogType ¶
func (p *RFC3164Parser) LogType() string
LogType returns the log type supported by this parser
func (*RFC3164Parser) New ¶
func (p *RFC3164Parser) New() parsers.LogParser
New returns an initialized LogParser for Syslog RFC3164 logs
func (*RFC3164Parser) Parse ¶
func (p *RFC3164Parser) Parse(log string) ([]*parsers.PantherLog, error)
Parse returns the parsed events or nil if parsing failed
type RFC5424 ¶
type RFC5424 struct { Priority *uint8 `` /* 166-byte string literal not displayed */ Facility *uint8 `` /* 160-byte string literal not displayed */ Severity *uint8 `json:"severity" validate:"required" description:"Severity indicates how severe the message is. Eg: 0=Emergency to 7=Debug."` Version *uint16 `` /* 164-byte string literal not displayed */ Timestamp *timestamp.RFC3339 `json:"timestamp,omitempty" description:"Timestamp of the syslog message in UTC."` Hostname *string `json:"hostname,omitempty" description:"Hostname identifies the machine that originally sent the syslog message."` Appname *string `json:"appname,omitempty" description:"Appname identifies the device or application that originated the syslog message."` ProcID *string `` /* 166-byte string literal not displayed */ MsgID *string `` /* 152-byte string literal not displayed */ StructuredData *map[string]map[string]string `` /* 151-byte string literal not displayed */ Message *string `json:"message,omitempty" description:"Message contains free-form text that provides information about the event."` // NOTE: added to end of struct to allow expansion later parsers.PantherLog }
nolint:lll
type RFC5424Parser ¶
type RFC5424Parser struct {
// contains filtered or unexported fields
}
RFC5424Parser parses Syslog logs in the RFC5424 format
func (*RFC5424Parser) LogType ¶
func (p *RFC5424Parser) LogType() string
LogType returns the log type supported by this parser
func (*RFC5424Parser) New ¶
func (p *RFC5424Parser) New() parsers.LogParser
New returns an initialized LogParser for Syslog RFC5424 logs
func (*RFC5424Parser) Parse ¶
func (p *RFC5424Parser) Parse(log string) ([]*parsers.PantherLog, error)
Parse returns the parsed events or nil if parsing failed
Click to show internal directories.
Click to hide internal directories.