Research
Recent Trends in Malicious Packages Targeting Discord
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
glossy
Advanced tools
Readme
glossy aims to be a very generic yet powerful library for both producing and also parsing raw syslog messages. The library aims to be capable of adhearing to RFC 3164, RFC 5424 and RFC 5848 and by itself does no network interactions, it's up to you to use this library as a syslog producer, a consumer, relay or something else entirely. In addition, glossy has no dependencies and can be bootstrapped to operate in browser or other non-node.js environments.
var syslogParser = require('glossy').Parse; // or wherever your glossy libs are
parsedMessage = syslogParser.parse(message);
parsedMessage will return an object containing as many parsed values as possible, as well as the original message. The date value will be a Date object. Structured data will return as an object. Alternatively, you can give it a callback as your second argument:
syslogParser.parse(message, function(parsedMessage){
console.log(parsedMessage);
});
Unless you stipulate for BSD/RFC 3164 style messages, it will default to generating all messages as newer, RFC 5424 format. This might break consumers or relays not expecting it.
var syslogProducer = require('glossy').Produce; // or wherever glossy lives
var msg = syslogProducer.produce({
facility: 'local4', // these can either be a valid integer,
severity: 'error', // or a relevant string
host: 'localhost',
appName: 'sudo',
pid: '123',
date: new Date(Date()),
message: 'Nice, Neat, New, Oh Wow'
});
Again, you can specify a callback for the second argument.
var msg = syslogProducer.produce({
facility: 'ntp',
severity: 'info',
host: 'localhost',
date: new Date(Date()),
message: 'Lunch Time!'
}, function(syslogMsg){
console.log(syslogMsg);
});
In addition, you can also predefined most of the values when you create the object, to save having to repeat yourself:
var syslogProducer = new require('glossy').Produce({
type: 'BSD',
facility: 'ftp',
pid: 42,
host: '::1'
});
For RFC5424 messages, you can also include structured data. Keys should comply with the definition in Section 7, RFC5424 regarding names - keep them unique and your own custom keys should have at least an @ sign.
var msg = syslogProducer.produce({
facility: 'local4',
severity: 'error',
host: 'localhost',
appName: 'starman',
pid: '123',
date: new Date(Date()),
message: 'ACHTUNG!',
structuredData: {
'plack@host': {
status: 'broken',
hasTried: 'not really'
}
}
});
Finally, we expose all the severities as functions themselves:
var infoMsg = glossy.info({
message: 'Info Message',
});
Function names facilitating this are named debug, info, notice, warn, crit, alert and emergency.
Handle incoming syslog messages coming in on UDP port 514:
var syslogParser = require('glossy').Parse; // or wherever your glossy libs are
var dgram = require("dgram");
var server = dgram.createSocket("udp4");
server.on("message", function(rawMessage) {
syslogParser.parse(rawMessage.toString('utf8', 0), function(parsedMessage){
console.log(parsedMessage.host + ' - ' + parsedMessage.message);
});
});
server.on("listening", function() {
var address = server.address();
console.log("Server now listening at " +
address.address + ":" + address.port);
});
server.bind(514); // Remember ports < 1024 need suid
Squeeks - privacymyass@gmail.com
This is free software licensed under the MIT License - see the LICENSE file that should be included with this package.
FAQs
Syslog parser and producer
We found that glossy demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
Security News
Socket CEO Feross Aboukhadijeh joins a16z partners to discuss how modern, sophisticated supply chain attacks require AI-driven defenses and explore the challenges and solutions in leveraging AI for threat detection early in the development life cycle.
Security News
NIST's new AI Risk Management Framework aims to enhance the security and reliability of generative AI systems and address the unique challenges of malicious AI exploits.