juniperlogs

package
v1.10.0-RC1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 9, 2020 License: AGPL-3.0 Imports: 10 Imported by: 0

Documentation

Overview

Package juniperlogs provides parsers for Juniper logs

Index

Constants

View Source
const TypeAccess = `Juniper.Access`
View Source
const TypeAudit = `Juniper.Audit`
View Source
const TypeFirewall = `Juniper.Firewall`
View Source
const TypeMWS = `Juniper.MWS`
View Source
const TypePostgres = `Juniper.Postgres`
View Source
const TypeSecurity = `Juniper.Security`

Variables

This section is empty.

Functions

This section is empty.

Types

type Access

type Access struct {
	Timestamp     timestamp.RFC3339 `json:"timestamp" validate:"required,omitempty" description:"Log entry timestamp"`
	Hostname      string            `json:"hostname,omitempty" description:"The hostname of the appliance"`
	LogLevel      string            `json:"log_level,omitempty" description:"The importance level of a log entry. Can be TRACE, DEBUG, INFO, WARN, or ERROR."`
	Thread        string            `json:"thread,omitempty" description:"The specific thread that is handling the request or response."`
	RequestKey    string            `json:"unique_request_key,omitempty" description:"This is a key used to uniquely identify requests."`
	PacketType    string            `json:"type,omitempty" description:"Whether the HTTP packet is a client request, or a server response (REQUEST,RESPONSE)."`
	PacketStage   string            `` /* 155-byte string literal not displayed */
	ProxyClientIP string            `` /* 165-byte string literal not displayed */
	URL           string            `json:"url,omitempty" description:"The full request or response URL."`

	parsers.PantherLog
}

nolint:lll

type AccessParser

type AccessParser struct {
	// contains filtered or unexported fields
}

func NewAccessParser

func NewAccessParser() *AccessParser

func (*AccessParser) LogType

func (p *AccessParser) LogType() string

func (*AccessParser) New

func (p *AccessParser) New() parsers.LogParser

func (*AccessParser) Parse

func (p *AccessParser) Parse(log string) ([]*parsers.PantherLog, error)

func (*AccessParser) ParseTimestamp

func (p *AccessParser) ParseTimestamp(s string) (time.Time, error)

ParseTimestamp parses juniper log timestamps. Juniper innovated in their log format by omitting the year. This makes parsing the logs more fun especially if we're around New Year's eve. This parser tries to guess the year of the log event by comparing the year at the time of parsing.

type Audit

type Audit struct {
	Timestamp timestamp.RFC3339 `json:"timestamp" validate:"required,omitempty" description:"Log entry timestamp"`
	Hostname  string            `json:"hostname,omitempty" description:"The hostname of the appliance"`
	LogLevel  string            `json:"log_level,omitempty" description:"The importance level of a log entry. Can be TRACE, DEBUG, INFO, WARN, or ERROR."`
	Message   string            `json:"message,omitempty" description:"The message. Can indicate any of the previously mentioned actions."`
	APIKey    *string           `json:"api_key,omitempty" description:"The key used to perform the action described in the message."`
	LoginIP   *string           `json:"login_ip,omitempty" description:"The IP address the user performed logged in from"`
	Username  *string           `json:"username,omitempty" description:"The user that performed the login"`

	parsers.PantherLog
}

nolint:lll

type AuditParser

type AuditParser struct {
	// contains filtered or unexported fields
}

func NewAuditParser

func NewAuditParser() *AuditParser

func (*AuditParser) LogType

func (p *AuditParser) LogType() string

func (*AuditParser) New

func (p *AuditParser) New() parsers.LogParser

func (*AuditParser) Parse

func (p *AuditParser) Parse(log string) ([]*parsers.PantherLog, error)

func (*AuditParser) ParseTimestamp

func (p *AuditParser) ParseTimestamp(s string) (time.Time, error)

ParseTimestamp parses juniper log timestamps. Juniper innovated in their log format by omitting the year. This makes parsing the logs more fun especially if we're around New Year's eve. This parser tries to guess the year of the log event by comparing the year at the time of parsing.

type Firewall

type Firewall struct {
	Timestamp timestamp.RFC3339 `json:"timestamp" validate:"required" description:"Log timestamp"`
	Hostname  string            `json:"hostname" description:"Hostname"`
	Event     string            `json:"event" description:"Event name"`
	IPTables

	parsers.PantherLog
}

type FirewallParser

type FirewallParser struct {
	// contains filtered or unexported fields
}

func NewFirewallParser

func NewFirewallParser() *FirewallParser

func (*FirewallParser) LogType

func (*FirewallParser) LogType() string

func (*FirewallParser) New

func (*FirewallParser) Parse

func (p *FirewallParser) Parse(log string) ([]*parsers.PantherLog, error)

func (*FirewallParser) ParseTimestamp

func (p *FirewallParser) ParseTimestamp(s string) (time.Time, error)

ParseTimestamp parses juniper log timestamps. Juniper innovated in their log format by omitting the year. This makes parsing the logs more fun especially if we're around New Year's eve. This parser tries to guess the year of the log event by comparing the year at the time of parsing.

type IPTables

type IPTables struct {
	DestinationIP   string `json:"DST,omitempty" description:"Destination IP address"`
	DestinationPort uint16 `json:"DPT,omitempty" description:"Destination port"`
	SourceIP        string `json:"SRC,omitempty" description:"Source IP address"`
	SourcePort      uint16 `json:"SPT,omitempty" description:"Source port"`
	PacketTTL       int64  `json:"TTL,omitempty" description:"IP TTL in milliseconds"`
	PacketID        int64  `json:"ID" description:"Packet id"`
	MACAddress      string `json:"MAC,omitempty" description:"MAC address"`
	PacketLength    uint16 `json:"LEN,omitempty" description:"Packet length"`
	TypeOfService   string `json:"TOS,omitempty" description:"Packet Type of Service field"`
	Precedence      string `json:"PREC,omitempty" description:"Packet precedence bits"`
	RST             bool   `json:"RST,omitempty" description:"Packet is RST"`
	SYN             bool   `json:"SYN,omitempty" description:"Packet is SYN"`
	DoNotFragment   bool   `json:"DF,omitempty" description:"Packet has do not fragment flag"`
	Input           string `json:"IN,omitempty" description:"Input interface"`
	Output          string `json:"OUT,omitempty" description:"Output interface"`
	Protocol        string `json:"PROTO,omitempty" description:"Protocol"`
	WindowSize      int32  `json:"WINDOW,omitempty" description:"Transmit window"`
}

nolint:maligned

type MWS

type MWS struct {
	Timestamp        timestamp.RFC3339 `json:"timestamp,omitempty" description:"The date of the log entry, in UTC."`
	Hostname         string            `json:"hostname,omitempty" description:"The appliance hostname."`
	LogLevel         *string           `json:"log_level,omitempty" description:"The importance level of a log entry. Can be TRACE, DEBUG, INFO, WARN, or ERROR."`
	ServiceName      string            `json:"service_name,omitempty" description:"The WebApp Secure service that generated the log entry."`
	ServiceComponent *string           `json:"service_component,omitempty" description:"The specific component that is issuing the log message."`
	Message          string            `` /* 199-byte string literal not displayed */

	parsers.PantherLog
}

nolint:lll

type MWSParser

type MWSParser struct {
	// contains filtered or unexported fields
}

func NewMWSParser

func NewMWSParser() *MWSParser

func (*MWSParser) LogType

func (p *MWSParser) LogType() string

func (*MWSParser) New

func (p *MWSParser) New() parsers.LogParser

func (*MWSParser) Parse

func (p *MWSParser) Parse(log string) ([]*parsers.PantherLog, error)

func (*MWSParser) ParseTimestamp

func (p *MWSParser) ParseTimestamp(s string) (time.Time, error)

ParseTimestamp parses juniper log timestamps. Juniper innovated in their log format by omitting the year. This makes parsing the logs more fun especially if we're around New Year's eve. This parser tries to guess the year of the log event by comparing the year at the time of parsing.

type Postgres

type Postgres struct {
	Timestamp    timestamp.RFC3339 `json:"timestamp" validate:"required,omitempty" description:"Log entry timestamp"`
	Hostname     string            `json:"hostname,omitempty" description:"The hostname of the appliance"`
	PID          int32             `json:"pid,omitempty" description:"The process ID of the postgres instance."`
	GroupIDMajor int32             `json:"group_id_major,omitempty" description:"Group id major number"`
	GroupIDMinor int32             `json:"group_id_minor,omitempty" description:"Group id minor number"`
	SQLErrorCode string            `json:"sql_error_code,omitempty" description:"The SQL error code."`
	SessionID    string            `` /* 136-byte string literal not displayed */
	MessageType  string            `json:"message_type,omitempty" description:"The type of the message. Can be LOG, WARNING, ERROR, or STATEMENT."`
	Message      string            `json:"message,omitempty" description:"The message."`

	parsers.PantherLog
}

nolint: lll

type PostgresParser

type PostgresParser struct {
	// contains filtered or unexported fields
}

func NewPostgresParser

func NewPostgresParser() *PostgresParser

func (*PostgresParser) LogType

func (p *PostgresParser) LogType() string

func (*PostgresParser) New

func (p *PostgresParser) New() parsers.LogParser

func (*PostgresParser) Parse

func (p *PostgresParser) Parse(log string) ([]*parsers.PantherLog, error)

func (*PostgresParser) ParseTimestamp

func (p *PostgresParser) ParseTimestamp(s string) (time.Time, error)

ParseTimestamp parses juniper log timestamps. Juniper innovated in their log format by omitting the year. This makes parsing the logs more fun especially if we're around New Year's eve. This parser tries to guess the year of the log event by comparing the year at the time of parsing.

type Security

type Security struct {
	Timestamp      timestamp.RFC3339  `json:"timestamp" validate:"required,omitempty" description:"Log entry timestamp"`
	Hostname       string             `json:"hostname,omitempty" description:"The hostname of the appliance"`
	LogLevel       string             `json:"log_level,omitempty" description:"The importance level of a log entry. Can be TRACE, DEBUG, INFO, WARN, or ERROR."`
	Service        string             `json:"service,omitempty" description:"The WebApp Secure service that triggered the security log entry."`
	Category       string             `json:"category,omitempty" description:"Log entry category"`
	ProfileID      *string            `` /* 158-byte string literal not displayed */
	ProfileName    *string            `` /* 158-byte string literal not displayed */
	PubKey         *string            `` /* 131-byte string literal not displayed */
	Incident       *string            `json:"incident,omitempty" description:"The name of the incident that triggered this security alert."`
	Severity       *uint8             `` /* 159-byte string literal not displayed */
	SourceIP       *string            `json:"source_ip,omitempty" description:"The IP the request that generated this alert originated from."`
	UserAgent      *string            `json:"user_agent,omitempty" description:"The client's user agent string that generated this alert."`
	URL            *string            `json:"url,omitempty" description:"The request URL that generated this alert."`
	Count          *int32             `` /* 218-byte string literal not displayed */
	FakeResponse   *bool              `` /* 153-byte string literal not displayed */
	ResponseCode   *string            `json:"response_code,omitempty" description:"The numerical code for the response issued."`
	ResponseName   *string            `json:"response_name,omitempty" description:"The friendly name for the response issued on the profile indicated in the alert."`
	CreatedDate    *timestamp.RFC3339 `json:"created_date,omitempty" description:"The date and time the response was created."`
	DelayDate      *timestamp.RFC3339 `json:"delay_date,omitempty" description:"The date and time the response is set to be delayed until."`
	ExpirationDate *timestamp.RFC3339 `json:"expiration_date,omitempty" description:"The date and time the response is set to expire."`
	ResponseConfig *string            `json:"response_config,omitempty" description:"The configuration used in this response. Displayed as an XML-like node."`
	SilentRunning  *bool              `` /* 162-byte string literal not displayed */

	parsers.PantherLog
}

nolint:lll

type SecurityParser

type SecurityParser struct {
	// contains filtered or unexported fields
}

func NewSecurityParser

func NewSecurityParser() *SecurityParser

func (*SecurityParser) LogType

func (p *SecurityParser) LogType() string

func (*SecurityParser) New

func (p *SecurityParser) New() parsers.LogParser

func (*SecurityParser) Parse

func (p *SecurityParser) Parse(log string) ([]*parsers.PantherLog, error)

func (*SecurityParser) ParseTimestamp

func (p *SecurityParser) ParseTimestamp(s string) (time.Time, error)

ParseTimestamp parses juniper log timestamps. Juniper innovated in their log format by omitting the year. This makes parsing the logs more fun especially if we're around New Year's eve. This parser tries to guess the year of the log event by comparing the year at the time of parsing.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL