GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → solzimer → nsyslog-parser

solzimer / nsyslog-parser

Licence: MIT license
Syslog Parser. Accepts RFC 3164 (BSD) and RFC 5424 formats

Programming Languages

javascript
184084 projects - #8 most used programming language

Labels

parsersyslogcefrfc-5424rfc-3164arcsight

Projects that are alternatives of or similar to nsyslog-parser

rfc5424-logging-handler
An RFC5424-Compliant Syslog Handler for the Python Logging Framework
Stars: ✭ 42 (+200%)
Mutual labels:  syslog, rfc-5424
MBPython
MBPython is an open source project founded by lochen to provide Python bindings for the miniblink. python miniblink
Stars: ✭ 45 (+221.43%)
Mutual labels:  cef
Go Logger
一个简单而强大的 golang 日志工具包,支持同步和异步输出到 命令行,文件, api 接口,文件支持按文件大小,文件行数,日期切分;A simple and powerful golang logging toolkit that supports synchronous and asynchronous output to the console, file, API interfaces, file support by file size, file line number, date sharding.
Stars: ✭ 152 (+985.71%)
Mutual labels:  syslog
LogESP
Open Source SIEM (Security Information and Event Management system).
Stars: ✭ 162 (+1057.14%)
Mutual labels:  syslog
Sagan
** README ** This repo has MOVED to https://github.com/quadrantsec/sagan
Stars: ✭ 236 (+1585.71%)
Mutual labels:  syslog
WPWatcher
Wordpress Watcher is a wrapper for WPScan that manages scans on multiple sites and reports by email and/or syslog. Schedule scans and get notified when vulnerabilities, outdated plugins and other risks are found.
Stars: ✭ 34 (+142.86%)
Mutual labels:  syslog
Documentation
Stars: ✭ 133 (+850%)
Mutual labels:  syslog
WebKitX
Chromium Embedded Framework (CEF1) ActiveX Wrapper
Stars: ✭ 52 (+271.43%)
Mutual labels:  cef
vent
Vent is a light-weight platform built to automate network collection and analysis pipelines using a flexible set of popular open source tools and technologies. Vent is python-based, extensible, leverages docker containers, and provides both an API and CLI.
Stars: ✭ 73 (+421.43%)
Mutual labels:  syslog
hayabusa
Hayabusa: Simple and Fast Full-Text Search Engine for Massive System Log Data
Stars: ✭ 43 (+207.14%)
Mutual labels:  syslog
Syslog
An Arduino library for logging to Syslog server in IETF format (RFC 5424) and BSD format (RFC 3164)
Stars: ✭ 105 (+650%)
Mutual labels:  syslog
NCUI
基于Duilib + CEF + NodeJs的类似 electron 的UI框架
Stars: ✭ 23 (+64.29%)
Mutual labels:  cef
NLog.Targets.Syslog
A Syslog server target for NLog
Stars: ✭ 63 (+350%)
Mutual labels:  syslog
Tlog
Terminal I/O logger
Stars: ✭ 170 (+1114.29%)
Mutual labels:  syslog
Posh-SYSLOG
Send SYSLOG messages from PowerShell
Stars: ✭ 85 (+507.14%)
Mutual labels:  syslog
Quicklogger
Library for logging on files, console, memory, email, rest, eventlog, syslog, slack, telegram, redis, logstash, elasticsearch, influxdb, graylog, Sentry, Twilio, ide debug messages and throw events for Delphi/Firemonkey/freepascal/.NET (Windows/Linux/OSX/IOS/Android).
Stars: ✭ 137 (+878.57%)
Mutual labels:  syslog
cefgo
Go bindings for the Chromium Embedded Framework (CEF)
Stars: ✭ 20 (+42.86%)
Mutual labels:  cef
mlapptools
MATLAB class containing methods for programmatic uifigure modification
Stars: ✭ 23 (+64.29%)
Mutual labels:  cef
OldCEF4Delphi
OldCEF4Delphi is an open source project to embed Chromium-based browsers in applications made with Delphi.
Stars: ✭ 55 (+292.86%)
Mutual labels:  cef
splunk-connect-for-syslog
Splunk Connect for Syslog
Stars: ✭ 111 (+692.86%)
Mutual labels:  syslog
View All Similar Projects ➔

nsyslog-parser

Syslog Parser. Accepts RFC 3164 (BSD), RFC 5424 and CEF Common Event Format formats. Although thought as a parser for stantard syslog messages, there are too many systems/devices out there that sends erroneous, propietary or simply malformed messages. nsyslog-parser is flexible enough to try and parse every single message to extract as many information as possible, without throwing any errors.

Features

Installation

npm install nsyslog-parser

Usage

parser(line,options)

const parser = require("nsyslog-parser");

// Standard BSD message
var bsdLine = "<34>Oct 11 22:14:15 mymachine su: 'su root' failed for lonvick on /dev/pts/8";

// IETF (RFC 5424) message, with structured data and chained hostnames
var ietfLine = "<110>1 2009-05-03T14:00:39.529966+02:00 host.example.org/relay.example.org syslogd 2138 - [exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"][exampleSDID@32474 iut="4" eventSource="Application" eventID="1012"][ssign VER="0111" RSID="1" SG="0" SPRI="0" GBC="2" FMN="1" CNT="7" HB="K6wzcombEvKJ+UTMcn9bPryAeaU= zrkDcIeaDluypaPCY8WWzwHpPok= zgrWOdpx16ADc7UmckyIFY53icE= XfopJ+S8/hODapiBBCgVQaLqBKg= J67gKMFl/OauTC20ibbydwIlJC8= M5GziVgB6KPY3ERU1HXdSi2vtdw= Wxd/lU7uG/ipEYT9xeqnsfohyH0=" SIGN="AKBbX4J7QkrwuwdbV7Taujk2lvOf8gCgC62We1QYfnrNHz7FzAvdySuMyfM="] BOMAn application event log entry";

// Syslog CEF (Common Event Format)
var cefLine = "Jan 18 11:07:53 dsmhost CEF:0|Trend Micro|Deep Security Manager|<DSM version>|600|User Signed In|3|src=10.52.116.160 suser=admin target=admin msg=User signed in from 2001:db8::5";
console.log(parser(bsdLine);
console.log(parser(ietfLine);
console.log(parser(cefLine);

Results

{
	originalMessage: '<34>Oct 11 22:14:15 mymachine su: \'su root\' failed for lonvick on /dev/pts/8',
	pri: '<34>',
	prival: 34,
	facilityval: 4,
	levelval: 2,
	facility: 'auth',
	level: 'crit',
	type: 'BSD',
	ts: '2017-10-11T20:14:15.000Z',
	host: 'mymachine',
	appName: 'su',
	message: '\'su root\' failed for lonvick on /dev/pts/8',
	chain: [],
	fields: [],
	header: '<34>Oct 11 22:14:15 mymachine su: '
}
{
	originalMessage: '<110>1 2009-05-03T14:00:39.529966+02:00 host.example.org/relay.example.org syslogd 2138 - [exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"][exampleSDID@32474 iut="4" eventSource="Application" eventID="1012"][ssign VER="0111" RSID="1" SG="0" SPRI="0" GBC="2" FMN="1" CNT="7" HB="K6wzcombEvKJ+UTMcn9bPryAeaU= zrkDcIeaDluypaPCY8WWzwHpPok= zgrWOdpx16ADc7UmckyIFY53icE= XfopJ+S8/hODapiBBCgVQaLqBKg= J67gKMFl/OauTC20ibbydwIlJC8= M5GziVgB6KPY3ERU1HXdSi2vtdw= Wxd/lU7uG/ipEYT9xeqnsfohyH0=" SIGN="AKBbX4J7Qkrwu wdbV7Taujk2lvOf8gCgC62We1QYfnrNHz7FzAvdySuMyfM="] BOMAn application event log entry',
	pri: '<110>',
	prival: 110,
	facilityval: 13,
	levelval: 6,
	facility: 'security',
	level: 'info',
	version: 1,
	type: 'RFC5424',
	ts: '2009-05-03T12:00:39.529Z',
	host: 'relay.example.org',
	appName: 'syslogd',
	pid: '2138',
	messageid: '-',
	message: 'BOMAn application event log entry',
	chain: [ 'host.example.org' ],
	structuredData:
	[
		{
			'$id': 'exampleSDID@32473',
			iut: '3',
			eventSource: 'Application',
			eventID: '1011'
		},
		{
			'$id': 'exampleSDID@32474',
			iut: '4',
			eventSource: 'Application',
			eventID: '1012'
		},
		{
			'$id': 'ssign',
			VER: '0111',
			RSID: '1',
			SG: '0',
			SPRI: '0',
			GBC: '2',
			FMN: '1',
			CNT: '7',
			HB: 'K6wzcombEvKJ+UTMcn9bPryAeaU= zrkDcIeaDluypaPCY8WWzwHpPok= zgrWOdpx16ADc7UmckyIFY53icE= XfopJ+S8/hODapiBBCgVQaLqBKg= J67gKMFl/OauTC20ibbydwIlJC8= M5GziVgB6KPY3ERU1HXdSi2 vtdw= Wxd/lU7uG/ipEYT9xeqnsfohyH0=',
			SIGN: 'AKBbX4J7QkrwuwdbV7Taujk2lvOf8gCgC62We1QYfnrNHz7FzAvdySuMyfM='
		}
	],
  fields: [],
  header: '<110>1 2009-05-03T14:00:39.529966+02:00 host.example.org/relay.example.org syslogd 2138 - [exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"][exampleSDID@32474 iut="4" eventSource="Application" eventID="1012"][ssign VER="0111" RSID="1" SG="0" SPRI="0" GBC="2" FMN="1" CNT="7" HB="K6wzcombEvKJ+UTMcn9bPryAeaU= zrkDcIeaDluypaPCY8WWzwHpPok= zgrWOdpx16ADc7UmckyIFY53icE= XfopJ+S8/hODapiBBCgVQaLqBKg= J67gKMFl/OauTC20ibbydwIlJC8= M5GziVgB6KPY3ERU1HXdSi2vtdw= Wxd/lU7uG/ipEYT9xeqnsfohyH0=" SIGN="AKBbX4J7QkrwuwdbV7Tauj k2lvOf8gCgC62We1QYfnrNHz7FzAvdySuMyfM="]'
}

{
	originalMessage: 'Jan 18 11:07:53 dsmhost CEF:0|Trend Micro|Deep Security Manager|<DSM version>|600|User Signed In|3|src=10.52.116.160 suser=admin target=admin msg=User signed in from 2001:db8::5',
	pri: '',
	prival: NaN,
	type: 'CEF',
	ts: '2017-01-18T10:07:53.000Z',
	host: 'dsmhost',
	message: 'CEF:0|Trend Micro|Deep Security Manager|<DSM version>|600|User Signed In|3|src=10.52.116.160 suser=admin target=admin msg=User signed in from 2001:db8::5',
	chain: [],
	cef: {
		version: 'CEF:0',
		deviceVendor: 'Trend Micro',
		deviceProduct: 'Deep Security Manager',
		deviceVersion: '<DSM version>',
		deviceEventClassID: '600',
		name: 'User Signed In',
		severity: '3',
		extension: 'src=10.52.116.160 suser=admin target=admin msg=User signed in from 2001:db8::5'
	},
  fields: {
		src: '10.52.116.160',
		suser: 'admin',
		target: 'admin',
		msg: 'User signed in from 2001:db8::5'
	},
	header: 'Jan 18 11:07:53 dsmhost '
}

Options

Options is a javascript object with the following parameters:

  • cef : Parse CEF strcuture (true by default)
  • fields : Parse Syslog structured data (true by default)
  • pid : Separate the PID field in case the app header field has the app[pid] format (true by default)
  • generateTimestamp: If true and no timestamp can be parsed from the line, sets the current timestamp. Otherwise, leave the field as undefined (true by default)
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].