Documentation ¶
Overview ¶
Package juniperlogs provides parsers for Juniper logs
Index ¶
Constants ¶
const TypeAccess = `Juniper.Access`
const TypeAudit = `Juniper.Audit`
const TypeFirewall = `Juniper.Firewall`
const TypeMWS = `Juniper.MWS`
const TypePostgres = `Juniper.Postgres`
const TypeSecurity = `Juniper.Security`
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Access ¶
type Access struct { Timestamp timestamp.RFC3339 `json:"timestamp" validate:"required,omitempty" description:"Log entry timestamp"` Hostname string `json:"hostname,omitempty" description:"The hostname of the appliance"` LogLevel string `json:"log_level,omitempty" description:"The importance level of a log entry. Can be TRACE, DEBUG, INFO, WARN, or ERROR."` Thread string `json:"thread,omitempty" description:"The specific thread that is handling the request or response."` RequestKey string `json:"unique_request_key,omitempty" description:"This is a key used to uniquely identify requests."` PacketType string `json:"type,omitempty" description:"Whether the HTTP packet is a client request, or a server response (REQUEST,RESPONSE)."` PacketStage string `` /* 155-byte string literal not displayed */ ProxyClientIP string `` /* 165-byte string literal not displayed */ URL string `json:"url,omitempty" description:"The full request or response URL."` parsers.PantherLog }
nolint:lll
type AccessParser ¶
type AccessParser struct {
// contains filtered or unexported fields
}
func NewAccessParser ¶
func NewAccessParser() *AccessParser
func (*AccessParser) LogType ¶
func (p *AccessParser) LogType() string
func (*AccessParser) New ¶
func (p *AccessParser) New() parsers.LogParser
func (*AccessParser) Parse ¶
func (p *AccessParser) Parse(log string) ([]*parsers.PantherLog, error)
func (*AccessParser) ParseTimestamp ¶
ParseTimestamp parses juniper log timestamps. Juniper innovated in their log format by omitting the year. This makes parsing the logs more fun especially if we're around New Year's eve. This parser tries to guess the year of the log event by comparing the year at the time of parsing.
type Audit ¶
type Audit struct { Timestamp timestamp.RFC3339 `json:"timestamp" validate:"required,omitempty" description:"Log entry timestamp"` Hostname string `json:"hostname,omitempty" description:"The hostname of the appliance"` LogLevel string `json:"log_level,omitempty" description:"The importance level of a log entry. Can be TRACE, DEBUG, INFO, WARN, or ERROR."` Message string `json:"message,omitempty" description:"The message. Can indicate any of the previously mentioned actions."` APIKey *string `json:"api_key,omitempty" description:"The key used to perform the action described in the message."` LoginIP *string `json:"login_ip,omitempty" description:"The IP address the user performed logged in from"` Username *string `json:"username,omitempty" description:"The user that performed the login"` parsers.PantherLog }
nolint:lll
type AuditParser ¶
type AuditParser struct {
// contains filtered or unexported fields
}
func NewAuditParser ¶
func NewAuditParser() *AuditParser
func (*AuditParser) LogType ¶
func (p *AuditParser) LogType() string
func (*AuditParser) New ¶
func (p *AuditParser) New() parsers.LogParser
func (*AuditParser) Parse ¶
func (p *AuditParser) Parse(log string) ([]*parsers.PantherLog, error)
func (*AuditParser) ParseTimestamp ¶
ParseTimestamp parses juniper log timestamps. Juniper innovated in their log format by omitting the year. This makes parsing the logs more fun especially if we're around New Year's eve. This parser tries to guess the year of the log event by comparing the year at the time of parsing.
type FirewallParser ¶
type FirewallParser struct {
// contains filtered or unexported fields
}
func NewFirewallParser ¶
func NewFirewallParser() *FirewallParser
func (*FirewallParser) LogType ¶
func (*FirewallParser) LogType() string
func (*FirewallParser) New ¶
func (*FirewallParser) New() parsers.LogParser
func (*FirewallParser) Parse ¶
func (p *FirewallParser) Parse(log string) ([]*parsers.PantherLog, error)
func (*FirewallParser) ParseTimestamp ¶
ParseTimestamp parses juniper log timestamps. Juniper innovated in their log format by omitting the year. This makes parsing the logs more fun especially if we're around New Year's eve. This parser tries to guess the year of the log event by comparing the year at the time of parsing.
type IPTables ¶
type IPTables struct { DestinationIP string `json:"DST,omitempty" description:"Destination IP address"` DestinationPort uint16 `json:"DPT,omitempty" description:"Destination port"` SourceIP string `json:"SRC,omitempty" description:"Source IP address"` SourcePort uint16 `json:"SPT,omitempty" description:"Source port"` PacketTTL int64 `json:"TTL,omitempty" description:"IP TTL in milliseconds"` PacketID int64 `json:"ID" description:"Packet id"` MACAddress string `json:"MAC,omitempty" description:"MAC address"` PacketLength uint16 `json:"LEN,omitempty" description:"Packet length"` TypeOfService string `json:"TOS,omitempty" description:"Packet Type of Service field"` Precedence string `json:"PREC,omitempty" description:"Packet precedence bits"` RST bool `json:"RST,omitempty" description:"Packet is RST"` SYN bool `json:"SYN,omitempty" description:"Packet is SYN"` DoNotFragment bool `json:"DF,omitempty" description:"Packet has do not fragment flag"` Input string `json:"IN,omitempty" description:"Input interface"` Output string `json:"OUT,omitempty" description:"Output interface"` Protocol string `json:"PROTO,omitempty" description:"Protocol"` WindowSize int32 `json:"WINDOW,omitempty" description:"Transmit window"` }
nolint:maligned
type MWS ¶
type MWS struct { Timestamp timestamp.RFC3339 `json:"timestamp,omitempty" description:"The date of the log entry, in UTC."` Hostname string `json:"hostname,omitempty" description:"The appliance hostname."` LogLevel *string `json:"log_level,omitempty" description:"The importance level of a log entry. Can be TRACE, DEBUG, INFO, WARN, or ERROR."` ServiceName string `json:"service_name,omitempty" description:"The WebApp Secure service that generated the log entry."` ServiceComponent *string `json:"service_component,omitempty" description:"The specific component that is issuing the log message."` Message string `` /* 199-byte string literal not displayed */ parsers.PantherLog }
nolint:lll
type MWSParser ¶
type MWSParser struct {
// contains filtered or unexported fields
}
func NewMWSParser ¶
func NewMWSParser() *MWSParser
func (*MWSParser) ParseTimestamp ¶
ParseTimestamp parses juniper log timestamps. Juniper innovated in their log format by omitting the year. This makes parsing the logs more fun especially if we're around New Year's eve. This parser tries to guess the year of the log event by comparing the year at the time of parsing.
type Postgres ¶
type Postgres struct { Timestamp timestamp.RFC3339 `json:"timestamp" validate:"required,omitempty" description:"Log entry timestamp"` Hostname string `json:"hostname,omitempty" description:"The hostname of the appliance"` PID int32 `json:"pid,omitempty" description:"The process ID of the postgres instance."` GroupIDMajor int32 `json:"group_id_major,omitempty" description:"Group id major number"` GroupIDMinor int32 `json:"group_id_minor,omitempty" description:"Group id minor number"` SQLErrorCode string `json:"sql_error_code,omitempty" description:"The SQL error code."` SessionID string `` /* 136-byte string literal not displayed */ MessageType string `json:"message_type,omitempty" description:"The type of the message. Can be LOG, WARNING, ERROR, or STATEMENT."` Message string `json:"message,omitempty" description:"The message."` parsers.PantherLog }
nolint: lll
type PostgresParser ¶
type PostgresParser struct {
// contains filtered or unexported fields
}
func NewPostgresParser ¶
func NewPostgresParser() *PostgresParser
func (*PostgresParser) LogType ¶
func (p *PostgresParser) LogType() string
func (*PostgresParser) New ¶
func (p *PostgresParser) New() parsers.LogParser
func (*PostgresParser) Parse ¶
func (p *PostgresParser) Parse(log string) ([]*parsers.PantherLog, error)
func (*PostgresParser) ParseTimestamp ¶
ParseTimestamp parses juniper log timestamps. Juniper innovated in their log format by omitting the year. This makes parsing the logs more fun especially if we're around New Year's eve. This parser tries to guess the year of the log event by comparing the year at the time of parsing.
type Security ¶
type Security struct { Timestamp timestamp.RFC3339 `json:"timestamp" validate:"required,omitempty" description:"Log entry timestamp"` Hostname string `json:"hostname,omitempty" description:"The hostname of the appliance"` LogLevel string `json:"log_level,omitempty" description:"The importance level of a log entry. Can be TRACE, DEBUG, INFO, WARN, or ERROR."` Service string `json:"service,omitempty" description:"The WebApp Secure service that triggered the security log entry."` Category string `json:"category,omitempty" description:"Log entry category"` ProfileID *string `` /* 158-byte string literal not displayed */ ProfileName *string `` /* 158-byte string literal not displayed */ PubKey *string `` /* 131-byte string literal not displayed */ Incident *string `json:"incident,omitempty" description:"The name of the incident that triggered this security alert."` Severity *uint8 `` /* 159-byte string literal not displayed */ SourceIP *string `json:"source_ip,omitempty" description:"The IP the request that generated this alert originated from."` UserAgent *string `json:"user_agent,omitempty" description:"The client's user agent string that generated this alert."` URL *string `json:"url,omitempty" description:"The request URL that generated this alert."` Count *int32 `` /* 218-byte string literal not displayed */ FakeResponse *bool `` /* 153-byte string literal not displayed */ ResponseCode *string `json:"response_code,omitempty" description:"The numerical code for the response issued."` ResponseName *string `json:"response_name,omitempty" description:"The friendly name for the response issued on the profile indicated in the alert."` CreatedDate *timestamp.RFC3339 `json:"created_date,omitempty" description:"The date and time the response was created."` DelayDate *timestamp.RFC3339 `json:"delay_date,omitempty" description:"The date and time the response is set to be delayed until."` ExpirationDate *timestamp.RFC3339 `json:"expiration_date,omitempty" description:"The date and time the response is set to expire."` ResponseConfig *string `json:"response_config,omitempty" description:"The configuration used in this response. Displayed as an XML-like node."` SilentRunning *bool `` /* 162-byte string literal not displayed */ parsers.PantherLog }
nolint:lll
type SecurityParser ¶
type SecurityParser struct {
// contains filtered or unexported fields
}
func NewSecurityParser ¶
func NewSecurityParser() *SecurityParser
func (*SecurityParser) LogType ¶
func (p *SecurityParser) LogType() string
func (*SecurityParser) New ¶
func (p *SecurityParser) New() parsers.LogParser
func (*SecurityParser) Parse ¶
func (p *SecurityParser) Parse(log string) ([]*parsers.PantherLog, error)
func (*SecurityParser) ParseTimestamp ¶
ParseTimestamp parses juniper log timestamps. Juniper innovated in their log format by omitting the year. This makes parsing the logs more fun especially if we're around New Year's eve. This parser tries to guess the year of the log event by comparing the year at the time of parsing.