Socket
Socket
Sign inDemoInstall

nsyslog-parser

Package Overview
Dependencies
0
Maintainers
1
Versions
35
Alerts
File Explorer

Advanced tools

npm Scripts

Install Socket

Detect and block malicious and high-risk dependencies

Install

    nsyslog-parser

Syslog Parser. Accepts RFC 3164 (BSD), RFC 5424 and CEF formats

Version published
Weekly downloads
369
increased by32.73%
Maintainers
1
Install size
138 kB
Created
Weekly downloads
 

Readme

Source

nsyslog-parser

Syslog Parser. Accepts RFC 3164 (BSD), RFC 5424 and CEF Common Event Format formats. Although thought as a parser for stantard syslog messages, there are too many systems/devices out there that sends erroneous, propietary or simply malformed messages. nsyslog-parser is flexible enough to try and parse every single message to extract as many information as possible, without throwing any errors.

Features

Installation

npm install nsyslog-parser

Usage

parser(line,options)

const parser = require("nsyslog-parser");

// Standard BSD message
var bsdLine = "<34>Oct 11 22:14:15 mymachine su: 'su root' failed for lonvick on /dev/pts/8";

// IETF (RFC 5424) message, with structured data and chained hostnames
var ietfLine = "<110>1 2009-05-03T14:00:39.529966+02:00 host.example.org/relay.example.org syslogd 2138 - [exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"][exampleSDID@32474 iut="4" eventSource="Application" eventID="1012"][ssign VER="0111" RSID="1" SG="0" SPRI="0" GBC="2" FMN="1" CNT="7" HB="K6wzcombEvKJ+UTMcn9bPryAeaU= zrkDcIeaDluypaPCY8WWzwHpPok= zgrWOdpx16ADc7UmckyIFY53icE= XfopJ+S8/hODapiBBCgVQaLqBKg= J67gKMFl/OauTC20ibbydwIlJC8= M5GziVgB6KPY3ERU1HXdSi2vtdw= Wxd/lU7uG/ipEYT9xeqnsfohyH0=" SIGN="AKBbX4J7QkrwuwdbV7Taujk2lvOf8gCgC62We1QYfnrNHz7FzAvdySuMyfM="] BOMAn application event log entry";

// Syslog CEF (Common Event Format)
var cefLine = "Jan 18 11:07:53 dsmhost CEF:0|Trend Micro|Deep Security Manager|<DSM version>|600|User Signed In|3|src=10.52.116.160 suser=admin target=admin msg=User signed in from 2001:db8::5";
console.log(parser(bsdLine);
console.log(parser(ietfLine);
console.log(parser(cefLine);

Results

{
	originalMessage: '<34>Oct 11 22:14:15 mymachine su: \'su root\' failed for lonvick on /dev/pts/8',
	pri: '<34>',
	prival: 34,
	facilityval: 4,
	levelval: 2,
	facility: 'auth',
	level: 'crit',
	type: 'BSD',
	ts: '2017-10-11T20:14:15.000Z',
	host: 'mymachine',
	appName: 'su',
	message: '\'su root\' failed for lonvick on /dev/pts/8',
	chain: [],
	fields: [],
	header: '<34>Oct 11 22:14:15 mymachine su: '
}
{
	originalMessage: '<110>1 2009-05-03T14:00:39.529966+02:00 host.example.org/relay.example.org syslogd 2138 - [exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"][exampleSDID@32474 iut="4" eventSource="Application" eventID="1012"][ssign VER="0111" RSID="1" SG="0" SPRI="0" GBC="2" FMN="1" CNT="7" HB="K6wzcombEvKJ+UTMcn9bPryAeaU= zrkDcIeaDluypaPCY8WWzwHpPok= zgrWOdpx16ADc7UmckyIFY53icE= XfopJ+S8/hODapiBBCgVQaLqBKg= J67gKMFl/OauTC20ibbydwIlJC8= M5GziVgB6KPY3ERU1HXdSi2vtdw= Wxd/lU7uG/ipEYT9xeqnsfohyH0=" SIGN="AKBbX4J7Qkrwu wdbV7Taujk2lvOf8gCgC62We1QYfnrNHz7FzAvdySuMyfM="] BOMAn application event log entry',
	pri: '<110>',
	prival: 110,
	facilityval: 13,
	levelval: 6,
	facility: 'security',
	level: 'info',
	version: 1,
	type: 'RFC5424',
	ts: '2009-05-03T12:00:39.529Z',
	host: 'relay.example.org',
	appName: 'syslogd',
	pid: '2138',
	messageid: '-',
	message: 'BOMAn application event log entry',
	chain: [ 'host.example.org' ],
	structuredData:
	[
		{
			'$id': 'exampleSDID@32473',
			iut: '3',
			eventSource: 'Application',
			eventID: '1011'
		},
		{
			'$id': 'exampleSDID@32474',
			iut: '4',
			eventSource: 'Application',
			eventID: '1012'
		},
		{
			'$id': 'ssign',
			VER: '0111',
			RSID: '1',
			SG: '0',
			SPRI: '0',
			GBC: '2',
			FMN: '1',
			CNT: '7',
			HB: 'K6wzcombEvKJ+UTMcn9bPryAeaU= zrkDcIeaDluypaPCY8WWzwHpPok= zgrWOdpx16ADc7UmckyIFY53icE= XfopJ+S8/hODapiBBCgVQaLqBKg= J67gKMFl/OauTC20ibbydwIlJC8= M5GziVgB6KPY3ERU1HXdSi2 vtdw= Wxd/lU7uG/ipEYT9xeqnsfohyH0=',
			SIGN: 'AKBbX4J7QkrwuwdbV7Taujk2lvOf8gCgC62We1QYfnrNHz7FzAvdySuMyfM='
		}
	],
  fields: [],
  header: '<110>1 2009-05-03T14:00:39.529966+02:00 host.example.org/relay.example.org syslogd 2138 - [exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"][exampleSDID@32474 iut="4" eventSource="Application" eventID="1012"][ssign VER="0111" RSID="1" SG="0" SPRI="0" GBC="2" FMN="1" CNT="7" HB="K6wzcombEvKJ+UTMcn9bPryAeaU= zrkDcIeaDluypaPCY8WWzwHpPok= zgrWOdpx16ADc7UmckyIFY53icE= XfopJ+S8/hODapiBBCgVQaLqBKg= J67gKMFl/OauTC20ibbydwIlJC8= M5GziVgB6KPY3ERU1HXdSi2vtdw= Wxd/lU7uG/ipEYT9xeqnsfohyH0=" SIGN="AKBbX4J7QkrwuwdbV7Tauj k2lvOf8gCgC62We1QYfnrNHz7FzAvdySuMyfM="]'
}

{
	originalMessage: 'Jan 18 11:07:53 dsmhost CEF:0|Trend Micro|Deep Security Manager|<DSM version>|600|User Signed In|3|src=10.52.116.160 suser=admin target=admin msg=User signed in from 2001:db8::5',
	pri: '',
	prival: NaN,
	type: 'CEF',
	ts: '2017-01-18T10:07:53.000Z',
	host: 'dsmhost',
	message: 'CEF:0|Trend Micro|Deep Security Manager|<DSM version>|600|User Signed In|3|src=10.52.116.160 suser=admin target=admin msg=User signed in from 2001:db8::5',
	chain: [],
	cef: {
		version: 'CEF:0',
		deviceVendor: 'Trend Micro',
		deviceProduct: 'Deep Security Manager',
		deviceVersion: '<DSM version>',
		deviceEventClassID: '600',
		name: 'User Signed In',
		severity: '3',
		extension: 'src=10.52.116.160 suser=admin target=admin msg=User signed in from 2001:db8::5'
	},
  fields: {
		src: '10.52.116.160',
		suser: 'admin',
		target: 'admin',
		msg: 'User signed in from 2001:db8::5'
	},
	header: 'Jan 18 11:07:53 dsmhost '
}

Options

Options is a javascript object with the following parameters:

  • cef : Parse CEF strcuture (true by default)
  • fields : Parse Syslog structured data (true by default)
  • pid : Separate the PID field in case the app header field has the app[pid] format (true by default)
  • generateTimestamp: If true and no timestamp can be parsed from the line, sets the current timestamp. Otherwise, leave the field as undefined (true by default)

Keywords

FAQs

Last updated on 03 Jan 2023

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

NIST Drafts New Security Framework to Tackle Emerging Risks of Generative AI

Security News

NIST Drafts New Security Framework to Tackle Emerging Risks of Generative AI

NIST's new AI Risk Management Framework aims to enhance the security and reliability of generative AI systems and address the unique challenges of malicious AI exploits.

By Sarah Gooding  -  May 03, 2024
Introducing SSO

Product

Introducing SSO

Streamline your login process and enhance security by enabling Single Sign-On (SSO) on the Socket platform, now available for all customers on the Enterprise plan, supporting 20+ identity providers.

By Alex Morais  -  Apr 29, 2024
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

About

Packages

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc