Research
PyPI Package Disguised as Instagram Growth Tool Harvests User Credentials
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
By Kush Pandya - Jun 06, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
nsyslog-parser-2
Advanced tools
nsyslog-parser-2
Fork of David Gómez Matarrodona's Syslog Parser. Accepts RFC 3164 (BSD), RFC 5424 and CEF formats
nsyslog-parser
This project was forked from the David Gómez Matarrodona's nsyslog-parser:
Syslog Parser. Accepts RFC 3164 (BSD), RFC 5424 and CEF Common Event Format formats. Although thought as a parser for stantard syslog messages, there are too many systems/devices out there that sends erroneous, propietary or simply malformed messages. nsyslog-parser is flexible enough to try and parse every single message to extract as many information as possible, without throwing any errors.
Features
- RFC 3164 (BSD) and RFC 5424 formats
- Extracts information of non standard, erroneus or malformed messages
- Parses IETF Structured data
- Parses CEF Common Event Format
- Recognizes non-standard host-chain header
Installation
npm install nsyslog-parser
Usage
parser(line,options)
const parser = require("nsyslog-parser");
// Standard BSD message
var bsdLine = "<34>Oct 11 22:14:15 mymachine su: 'su root' failed for lonvick on /dev/pts/8";
// IETF (RFC 5424) message, with structured data and chained hostnames
var ietfLine = "<110>1 2009-05-03T14:00:39.529966+02:00 host.example.org/relay.example.org syslogd 2138 - [exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"][exampleSDID@32474 iut="4" eventSource="Application" eventID="1012"][ssign VER="0111" RSID="1" SG="0" SPRI="0" GBC="2" FMN="1" CNT="7" HB="K6wzcombEvKJ+UTMcn9bPryAeaU= zrkDcIeaDluypaPCY8WWzwHpPok= zgrWOdpx16ADc7UmckyIFY53icE= XfopJ+S8/hODapiBBCgVQaLqBKg= J67gKMFl/OauTC20ibbydwIlJC8= M5GziVgB6KPY3ERU1HXdSi2vtdw= Wxd/lU7uG/ipEYT9xeqnsfohyH0=" SIGN="AKBbX4J7QkrwuwdbV7Taujk2lvOf8gCgC62We1QYfnrNHz7FzAvdySuMyfM="] BOMAn application event log entry";
// Syslog CEF (Common Event Format)
var cefLine = "Jan 18 11:07:53 dsmhost CEF:0|Trend Micro|Deep Security Manager|<DSM version>|600|User Signed In|3|src=10.52.116.160 suser=admin target=admin msg=User signed in from 2001:db8::5";
console.log(parser(bsdLine);
console.log(parser(ietfLine);
console.log(parser(cefLine);
Results
{
originalMessage: '<34>Oct 11 22:14:15 mymachine su: \'su root\' failed for lonvick on /dev/pts/8',
pri: '<34>',
prival: 34,
facilityval: 4,
levelval: 2,
facility: 'auth',
level: 'crit',
type: 'BSD',
ts: '2017-10-11T20:14:15.000Z',
host: 'mymachine',
appName: 'su',
message: '\'su root\' failed for lonvick on /dev/pts/8',
chain: [],
fields: [],
header: '<34>Oct 11 22:14:15 mymachine su: '
}
{
originalMessage: '<110>1 2009-05-03T14:00:39.529966+02:00 host.example.org/relay.example.org syslogd 2138 - [exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"][exampleSDID@32474 iut="4" eventSource="Application" eventID="1012"][ssign VER="0111" RSID="1" SG="0" SPRI="0" GBC="2" FMN="1" CNT="7" HB="K6wzcombEvKJ+UTMcn9bPryAeaU= zrkDcIeaDluypaPCY8WWzwHpPok= zgrWOdpx16ADc7UmckyIFY53icE= XfopJ+S8/hODapiBBCgVQaLqBKg= J67gKMFl/OauTC20ibbydwIlJC8= M5GziVgB6KPY3ERU1HXdSi2vtdw= Wxd/lU7uG/ipEYT9xeqnsfohyH0=" SIGN="AKBbX4J7Qkrwu wdbV7Taujk2lvOf8gCgC62We1QYfnrNHz7FzAvdySuMyfM="] BOMAn application event log entry',
pri: '<110>',
prival: 110,
facilityval: 13,
levelval: 6,
facility: 'security',
level: 'info',
version: 1,
type: 'RFC5424',
ts: '2009-05-03T12:00:39.529Z',
host: 'relay.example.org',
appName: 'syslogd',
pid: '2138',
messageid: '-',
message: 'BOMAn application event log entry',
chain: [ 'host.example.org' ],
structuredData:
[
{
'$id': 'exampleSDID@32473',
iut: '3',
eventSource: 'Application',
eventID: '1011'
},
{
'$id': 'exampleSDID@32474',
iut: '4',
eventSource: 'Application',
eventID: '1012'
},
{
'$id': 'ssign',
VER: '0111',
RSID: '1',
SG: '0',
SPRI: '0',
GBC: '2',
FMN: '1',
CNT: '7',
HB: 'K6wzcombEvKJ+UTMcn9bPryAeaU= zrkDcIeaDluypaPCY8WWzwHpPok= zgrWOdpx16ADc7UmckyIFY53icE= XfopJ+S8/hODapiBBCgVQaLqBKg= J67gKMFl/OauTC20ibbydwIlJC8= M5GziVgB6KPY3ERU1HXdSi2 vtdw= Wxd/lU7uG/ipEYT9xeqnsfohyH0=',
SIGN: 'AKBbX4J7QkrwuwdbV7Taujk2lvOf8gCgC62We1QYfnrNHz7FzAvdySuMyfM='
}
],
fields: [],
header: '<110>1 2009-05-03T14:00:39.529966+02:00 host.example.org/relay.example.org syslogd 2138 - [exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"][exampleSDID@32474 iut="4" eventSource="Application" eventID="1012"][ssign VER="0111" RSID="1" SG="0" SPRI="0" GBC="2" FMN="1" CNT="7" HB="K6wzcombEvKJ+UTMcn9bPryAeaU= zrkDcIeaDluypaPCY8WWzwHpPok= zgrWOdpx16ADc7UmckyIFY53icE= XfopJ+S8/hODapiBBCgVQaLqBKg= J67gKMFl/OauTC20ibbydwIlJC8= M5GziVgB6KPY3ERU1HXdSi2vtdw= Wxd/lU7uG/ipEYT9xeqnsfohyH0=" SIGN="AKBbX4J7QkrwuwdbV7Tauj k2lvOf8gCgC62We1QYfnrNHz7FzAvdySuMyfM="]'
}
{
originalMessage: 'Jan 18 11:07:53 dsmhost CEF:0|Trend Micro|Deep Security Manager|<DSM version>|600|User Signed In|3|src=10.52.116.160 suser=admin target=admin msg=User signed in from 2001:db8::5',
pri: '',
prival: NaN,
type: 'CEF',
ts: '2017-01-18T10:07:53.000Z',
host: 'dsmhost',
message: 'CEF:0|Trend Micro|Deep Security Manager|<DSM version>|600|User Signed In|3|src=10.52.116.160 suser=admin target=admin msg=User signed in from 2001:db8::5',
chain: [],
cef: {
version: 'CEF:0',
deviceVendor: 'Trend Micro',
deviceProduct: 'Deep Security Manager',
deviceVersion: '<DSM version>',
deviceEventClassID: '600',
name: 'User Signed In',
severity: '3',
extension: 'src=10.52.116.160 suser=admin target=admin msg=User signed in from 2001:db8::5'
},
fields: {
src: '10.52.116.160',
suser: 'admin',
target: 'admin',
msg: 'User signed in from 2001:db8::5'
},
header: 'Jan 18 11:07:53 dsmhost '
}
Options
Options is a javascript object with the following parameters:
- cef : Parse CEF strcuture (true by default)
- fields : Parse Syslog structured data (true by default)
- pid : Separate the PID field in case the app header field has the app[pid] format (true by default)
- generateTimestamp: If true and no timestamp can be parsed from the line, sets the current timestamp. Otherwise, leave the field as undefined (true by default)
FAQs
Fork of David Gómez Matarrodona's Syslog Parser. Accepts RFC 3164 (BSD), RFC 5424 and CEF formats
The npm package nsyslog-parser-2 receives a total of 36 weekly downloads. As such, nsyslog-parser-2 popularity was classified as not popular.
We found that nsyslog-parser-2 demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Package last updated on 09 Sep 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Socket Now Supports pylock.toml Files
Socket now supports pylock.toml, enabling secure, reproducible Python builds with advanced scanning and full alignment with PEP 751's new standard.
By Trevor Norris - Jun 05, 2025
Security News
Research
Destructive npm Packages Disguised as Utilities Enable Remote System Wipe
Socket uncovered two npm packages that register hidden HTTP endpoints to delete all files on command.
By Kush Pandya - Jun 05, 2025