Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
nsyslog-parser
Advanced tools
nsyslog-parser - npm Package Compare versions
Comparing version 0.9.6 to 0.10.0
@@ -46,3 +46,3 @@ "use strict"; | ||
| }, { | ||
| "./parser.js": 3 | ||
| "./parser.js": 4 | ||
| }], | ||
@@ -131,4 +131,100 @@ 2: [function (require, module, exports) { | ||
| 3: [function (require, module, exports) { | ||
| var FRX = /[a-zA-Z][a-zA-Z0-9]+=/; | ||
| var LEEF_FIELDS = [{ | ||
| k: "leefVersion", | ||
| v1: true, | ||
| v2: true | ||
| }, { | ||
| k: "vendor", | ||
| v1: true, | ||
| v2: true | ||
| }, { | ||
| k: "product", | ||
| v1: true, | ||
| v2: true | ||
| }, { | ||
| k: "version", | ||
| v1: true, | ||
| v2: true | ||
| }, { | ||
| k: "eventID", | ||
| v1: true, | ||
| v2: true | ||
| }, { | ||
| k: "delimiter", | ||
| v1: false, | ||
| v2: true | ||
| }, { | ||
| k: "extension", | ||
| v1: true, | ||
| v2: true | ||
| }]; | ||
| var LLEN = LEEF_FIELDS.length; | ||
| function splitHeaders(text) { | ||
| var arr = [], | ||
| map = {}; | ||
| var scape = false; | ||
| var fields = 7; | ||
| var curr = ""; | ||
| text.split("").forEach(function (ch) { | ||
| if (!fields) { | ||
| curr += ch; | ||
| } else { | ||
| if (ch == "|") { | ||
| if (scape) { | ||
| scape = false; | ||
| curr += ch; | ||
| } else { | ||
| arr.push(curr); | ||
| curr = ""; | ||
| fields--; | ||
| } | ||
| } else if (ch == "\\") { | ||
| curr += ch; | ||
| scape = !scape; | ||
| } else { | ||
| scape = false; | ||
| curr += ch; | ||
| } | ||
| } | ||
| }); | ||
| if (curr.length) arr.push(curr); | ||
| var ver = arr[0] == 'LEEF:1.0' ? 'v1' : 'v2'; | ||
| for (var i = 0; i < LLEN; i++) { | ||
| var f = LEEF_FIELDS[i]; | ||
| if (f[ver]) map[f.k] = arr.shift(); | ||
| } | ||
| return map; | ||
| } | ||
| function splitFields(msg, delimiter) { | ||
| delimiter = delimiter || '\t'; | ||
| var tokens = msg.split(delimiter); | ||
| console.log(tokens); | ||
| var map = tokens.reduce(function (map, token) { | ||
| keyval = token.split('='); | ||
| map[keyval[0]] = keyval[1]; | ||
| return map; | ||
| }, {}); | ||
| return map; | ||
| } | ||
| module.exports = { | ||
| parse: function parse(text) { | ||
| var headers = splitHeaders(text); | ||
| var fields = splitFields(headers.extension || "", headers.delimiter); | ||
| return { | ||
| headers: headers, | ||
| fields: fields | ||
| }; | ||
| } | ||
| }; | ||
| }, {}], | ||
| 4: [function (require, module, exports) { | ||
| var Pri = require("./pri.js"), | ||
| CEF = require("./cef.js"); | ||
| CEF = require("./cef.js"), | ||
| LEEF = require('./leef.js'); | ||
@@ -147,6 +243,8 @@ var RXS = { | ||
| "bsdata": /^\s*\[/, | ||
| "cef": /^CEF:\d+/ | ||
| "cef": /^CEF:\d+/, | ||
| "leef": /^LEEF:(1|2)\.0/ | ||
| }; | ||
| var DOPS = { | ||
| cef: true, | ||
| leef: true, | ||
| fields: true, | ||
@@ -337,12 +435,18 @@ pid: true, | ||
| entry.fields = cef.fields; | ||
| } // Default syslog message | ||
| else if (opts.fields !== false && entry.type != "UNKNOWN") { | ||
| // Message with fields | ||
| var fields = []; | ||
| entry.message.split(",").forEach(function (kv) { | ||
| var prop = kv.split("="); | ||
| if (prop.length == 2) fields[prop[0]] = prop[1]; | ||
| }); | ||
| entry.fields = fields; | ||
| } // header | ||
| } // LEEF Event message | ||
| else if (opts.leef !== false && RXS.leef.test(entry.message)) { | ||
| entry.type = "LEEF"; | ||
| var leef = LEEF.parse(entry.message); | ||
| entry.leef = leef.headers; | ||
| entry.fields = leef.fields; | ||
| } // Default syslog message | ||
| else if (opts.fields !== false && entry.type != "UNKNOWN") { | ||
| // Message with fields | ||
| var fields = []; | ||
| entry.message.split(",").forEach(function (kv) { | ||
| var prop = kv.split("="); | ||
| if (prop.length == 2) fields[prop[0]] = prop[1]; | ||
| }); | ||
| entry.fields = fields; | ||
| } // header | ||
@@ -376,5 +480,6 @@ | ||
| "./cef.js": 2, | ||
| "./pri.js": 4 | ||
| "./leef.js": 3, | ||
| "./pri.js": 5 | ||
| }], | ||
| 4: [function (require, module, exports) { | ||
| 5: [function (require, module, exports) { | ||
| var FACILITY = [{ | ||
@@ -381,0 +486,0 @@ id: "kern", |
@@ -1,3 +0,3 @@ | ||
| /*! nsyslog-parser 2019-11-13 */ | ||
| /*! nsyslog-parser 2023-01-03 */ | ||
| "use strict";!function l(r,n,o){function d(i,e){if(!n[i]){if(!r[i]){var a="function"==typeof require&&require;if(!e&&a)return a(i,!0);if(c)return c(i,!0);var t=new Error("Cannot find module '"+i+"'");throw t.code="MODULE_NOT_FOUND",t}var s=n[i]={exports:{}};r[i][0].call(s.exports,function(e){return d(r[i][1][e]||e)},s,s.exports,l,r,n,o)}return n[i].exports}for(var c="function"==typeof require&&require,e=0;e<o.length;e++)d(o[e]);return d}({1:[function(e,i,a){var t,s;t=window,s=e("./parser.js"),t.NSyslog=t.NSyslog||{},t.NSyslog.parse=s},{"./parser.js":3}],2:[function(e,i,a){var r=["version","deviceVendor","deviceProduct","deviceVersion","deviceEventClassID","name","severity","extension"];i.exports={parse:function(e){var i=function(e){var a=[],t={},i=!1,s=7,l="";return e.split("").forEach(function(e){s?"|"==e?i?(i=!1,l+=e):(a.push(l),l="",s--):"\\"==e?(l+=e,i=!i):(i=!1,l+=e):l+=e}),l.length&&a.push(l),r.forEach(function(e,i){return t[e]=a[i]}),t}(e);return{headers:i,fields:function(e){for(var i=e.split(" "),a={},t=null;i.length;)if(t){var s=i.shift();s.indexOf("=")<0?a[t]+=" ".concat(s):(t=null,i.unshift(s))}else if(0<=(t=i.shift()).indexOf("=")){var l=t.split("=");a[t=l[0]]=l[1]}else a[t]="";return a}(i.extension||"")}}}},{}],3:[function(e,i,a){var w=e("./pri.js"),D=e("./cef.js"),j={pri:/^<\d+>/,prinmr:/^\d+ /,prival:/<(\d+)>/,month:/^[A-Za-z][a-z]{2} /,day:/^\d{1,2} /,time:/^\d+:\d+:\d+ /,ts:/^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\S+ /,invalid:/[^a-zA-Z0-9\.\$\-_#%\/\[\]\(\)]/,sdata:/\[(\S+)( [^\=]+\=\"[^\"]*\")+\]/g,asdata:/^\s*[^\[]+\[/,bsdata:/^\s*\[/,cef:/^CEF:\d+/},O={cef:!0,fields:!0,pid:!0,generateTimestamp:!0};function C(e){do{var i=e.shift();if(void 0===i)return i;i=i.trim()}while(!i);return i}function I(e,i){if(e.host)if(e.appName)if(e.pid){if(e.messageid)return!!e.structuredData||(e.structuredData=i.trim(),!1);e.messageid=i.trim()}else e.pid=i.trim();else e.appName=i.trim();else e.host=i.trim()}i.exports=function(e,i){try{return function(e,i){i=i?Object.assign({},O,i):O;var a=e.match(j.pri),l={originalMessage:e};if(a){l.pri=a[0],l.prival=parseInt(l.pri.match(j.prival)[1]);var t=w.get(l.prival);l.facilityval=t.facility,l.levelval=t.level,l.facility=w.FACILITY[t.facility].id,l.level=w.LEVEL[t.level].id}else l.pri="",l.prival=NaN;for(var s=e.substring(l.pri.length).split(" "),r=!1;e.length&&!r;){if((u=C(s)+" ").match(j.prinmr))l.version=parseInt(u),l.type="RFC5424",(u=C(s)+" ").match(j.ts)&&(l.ts=new Date(Date.parse(u.match(j.ts)[0].trim())));else if(u.match(j.month)){l.type="BSD";var n=u.trim(),o=C(s),d=C(s),c=(new Date).getYear()+1900;l.ts=new Date(Date.parse(c+" "+n+" "+o+" "+d))}else l.type="UNKNOWN",s.unshift(u.trim());r=!0}if(!l.ts&&i.generateTimestamp&&(l.ts=new Date),l.type){var f=function(e){s.unshift(e),l.message=s.join(" "),r=!0};for(r=!1;e.length&&!r;){var u;if(u=C(s))if(u.endsWith(":")){var p=u.replace(/:$/,"").trim();p.match(j.invalid)?f(u):(I(l,p),l.message=s.join(" "),r=!0)}else if(s.length)if(u.match(j.invalid))f(u);else{var m=I(l,u.replace(/: $/,"").trim());!0===m?(s.unshift(u),l.message=s.join(" "),r=!0):!1===m&&(l.message=s.join(" "),r=!0)}else f(u);else r=!0}}else l.message=s.join(" ");if(l.chain=(l.host||"").split("/"),l.host=l.chain.pop(),"RFC5424"==l.type){var g=j.bsdata.test(l.message),h=j.asdata.test(l.message),y=l.message.match(j.sdata)||[],v=0;if(l.structuredData=y.map(function(e){var t={},s=null;return v=l.message.indexOf(e)+e.length+1,e.replace(/(^\[)|(\]$)/g,"").split(" ").forEach(function(e,i){if(e.trim())if(0==i)t.$id=e;else{var a=e.split("=");a[0]&&a[1]&&'"'!=a[1]?(s=a.shift(),t[s]=a.join("=").replace(/\"/g,"")):a[0]&&void 0===a[1]?t[s]+=" "+(a[0]||"").replace(/\"/g,""):!a[0]||a[1].length&&'"'!=a[1]||(t[s]+=" "+(a[0]||"").replace(/\"/g,"")+"=")}}),t}),l.structuredData.length){var b=l.message.indexOf("[");g?(0<=b&&(l.header=e.substring(0,e.length-l.message.length)),l.message=l.message.substring(v)):h&&0<=b&&(l.header=e.substring(0,e.length-l.message.length),l.message=l.message.substring(0,b))}}if(!1!==i.cef&&j.cef.test(l.message)){l.type="CEF";var N=D.parse(l.message);l.cef=N.headers,l.fields=N.fields}else if(!1!==i.fields&&"UNKNOWN"!=l.type){var x=[];l.message.split(",").forEach(function(e){var i=e.split("=");2==i.length&&(x[i[0]]=i[1])}),l.fields=x}if(l.header=l.header||e.substring(0,e.length-l.message.length),l.message=l.message.trim(),i.pid&&l.appName&&l.appName.endsWith("]")){var E=l.appName.indexOf("[");0<=E&&(l.pid=l.appName.substring(E+1,l.appName.length-1),l.appName=l.appName.substring(0,E))}return l}(e,i)}catch(e){return{err:e}}}},{"./cef.js":2,"./pri.js":4}],4:[function(e,i,a){var t=[{id:"kern",label:"kernel messages"},{id:"user",label:"user-level messages"},{id:"mail",label:"mail system"},{id:"daemon",label:"system daemons"},{id:"auth",label:"security/authorization messages"},{id:"syslog",label:"messages generated internally by syslogd"},{id:"lpr",label:"line printer subsystem"},{id:"news",label:"network news subsystem"},{id:"uucp",label:"UUCP subsystem"},{id:"cron",label:"clock daemon"},{id:"authpriv",label:"security/authorization messages"},{id:"ftp",label:"FTP daemon"},{id:"ntp",label:"NTP subsystem"},{id:"security",label:"log audit"},{id:"console",label:"log alert"},{id:"solaris-cron",label:"clock daemon"},{id:"local0",label:"locally used facility 0"},{id:"local1",label:"locally used facility 0"},{id:"local2",label:"locally used facility 0"},{id:"local3",label:"locally used facility 0"},{id:"local4",label:"locally used facility 0"},{id:"local5",label:"locally used facility 0"},{id:"local6",label:"locally used facility 0"},{id:"local7",label:"locally used facility 0"}],s=[{id:"emerg",label:"system is unusable"},{id:"alert",label:"action must be taken immediately"},{id:"crit",label:"critical conditions"},{id:"error",label:"error conditions"},{id:"warn",label:"warning conditions"},{id:"notice",label:"normal but significant condition"},{id:"info",label:"informational messages"},{id:"debug",label:"debug-level messages"}],l=[],r=[];t.forEach(function(e,i){return l[e.id]=i}),s.forEach(function(e,i){return r[e.id]=i}),i.exports.LEVEL=s,i.exports.FACILITY=t,i.exports.LEVELS=r,i.exports.FACILITIES=l,i.exports.get=function(e,i){return"number"==typeof e&&void 0===i?{level:7&e,facility:e>>3}:"number"==typeof e&&"number"==typeof i?8*e+i:"string"==typeof e&&"number"==typeof i?8*(l[e]||0)+i:"number"==typeof e&&"string"==typeof i?8*e+(r[i]||0):"string"==typeof e&&"string"==typeof i?8*(l[e]||0)+(r[i]||0):{level:0,facility:0}}},{}]},{},[1]); | ||
| "use strict";!function l(r,n,o){function f(i,e){if(!n[i]){if(!r[i]){var t="function"==typeof require&&require;if(!e&&t)return t(i,!0);if(d)return d(i,!0);var a=new Error("Cannot find module '"+i+"'");throw a.code="MODULE_NOT_FOUND",a}var s=n[i]={exports:{}};r[i][0].call(s.exports,function(e){return f(r[i][1][e]||e)},s,s.exports,l,r,n,o)}return n[i].exports}for(var d="function"==typeof require&&require,e=0;e<o.length;e++)f(o[e]);return f}({1:[function(e,i,t){var a,s;a=window,s=e("./parser.js"),a.NSyslog=a.NSyslog||{},a.NSyslog.parse=s},{"./parser.js":4}],2:[function(e,i,t){var r=["version","deviceVendor","deviceProduct","deviceVersion","deviceEventClassID","name","severity","extension"];i.exports={parse:function(e){var i=function(e){var t=[],a={},i=!1,s=7,l="";return e.split("").forEach(function(e){s?"|"==e?i?(i=!1,l+=e):(t.push(l),l="",s--):"\\"==e?(l+=e,i=!i):(i=!1,l+=e):l+=e}),l.length&&t.push(l),r.forEach(function(e,i){return a[e]=t[i]}),a}(e);return{headers:i,fields:function(e){for(var i=e.split(" "),t={},a=null;i.length;)if(a){var s=i.shift();s.indexOf("=")<0?t[a]+=" ".concat(s):(a=null,i.unshift(s))}else if(0<=(a=i.shift()).indexOf("=")){var l=a.split("=");t[a=l[0]]=l[1]}else t[a]="";return t}(i.extension||"")}}}},{}],3:[function(e,i,t){var f=[{k:"leefVersion",v1:!0,v2:!0},{k:"vendor",v1:!0,v2:!0},{k:"product",v1:!0,v2:!0},{k:"version",v1:!0,v2:!0},{k:"eventID",v1:!0,v2:!0},{k:"delimiter",v1:!1,v2:!0},{k:"extension",v1:!0,v2:!0}],d=f.length;i.exports={parse:function(e){var i=function(e){var i=[],t={},a=!1,s=7,l="";e.split("").forEach(function(e){s?"|"==e?a?(a=!1,l+=e):(i.push(l),l="",s--):"\\"==e?(l+=e,a=!a):(a=!1,l+=e):l+=e}),l.length&&i.push(l);for(var r="LEEF:1.0"==i[0]?"v1":"v2",n=0;n<d;n++){var o=f[n];o[r]&&(t[o.k]=i.shift())}return t}(e);return{headers:i,fields:function(e,i){i=i||"\t";var t=e.split(i);return console.log(t),t.reduce(function(e,i){return keyval=i.split("="),e[keyval[0]]=keyval[1],e},{})}(i.extension||"",i.delimiter)}}}},{}],4:[function(e,i,t){var j=e("./pri.js"),D=e("./cef.js"),w=e("./leef.js"),L={pri:/^<\d+>/,prinmr:/^\d+ /,prival:/<(\d+)>/,month:/^[A-Za-z][a-z]{2} /,day:/^\d{1,2} /,time:/^\d+:\d+:\d+ /,ts:/^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\S+ /,invalid:/[^a-zA-Z0-9\.\$\-_#%\/\[\]\(\)]/,sdata:/\[(\S+)( [^\=]+\=\"[^\"]*\")+\]/g,asdata:/^\s*[^\[]+\[/,bsdata:/^\s*\[/,cef:/^CEF:\d+/,leef:/^LEEF:(1|2)\.0/},F={cef:!0,leef:!0,fields:!0,pid:!0,generateTimestamp:!0};function I(e){do{var i=e.shift();if(void 0===i)return i;i=i.trim()}while(!i);return i}function O(e,i){if(e.host)if(e.appName)if(e.pid){if(e.messageid)return!!e.structuredData||(e.structuredData=i.trim(),!1);e.messageid=i.trim()}else e.pid=i.trim();else e.appName=i.trim();else e.host=i.trim()}i.exports=function(e,i){try{return function(e,i){i=i?Object.assign({},F,i):F;var t=e.match(L.pri),l={originalMessage:e};if(t){l.pri=t[0],l.prival=parseInt(l.pri.match(L.prival)[1]);var a=j.get(l.prival);l.facilityval=a.facility,l.levelval=a.level,l.facility=j.FACILITY[a.facility].id,l.level=j.LEVEL[a.level].id}else l.pri="",l.prival=NaN;for(var s=e.substring(l.pri.length).split(" "),r=!1;e.length&&!r;){if((u=I(s)+" ").match(L.prinmr))l.version=parseInt(u),l.type="RFC5424",(u=I(s)+" ").match(L.ts)&&(l.ts=new Date(Date.parse(u.match(L.ts)[0].trim())));else if(u.match(L.month)){l.type="BSD";var n=u.trim(),o=I(s),f=I(s),d=(new Date).getYear()+1900;l.ts=new Date(Date.parse(d+" "+n+" "+o+" "+f))}else l.type="UNKNOWN",s.unshift(u.trim());r=!0}if(!l.ts&&i.generateTimestamp&&(l.ts=new Date),l.type){var c=function(e){s.unshift(e),l.message=s.join(" "),r=!0};for(r=!1;e.length&&!r;){var u;if(u=I(s))if(u.endsWith(":")){var p=u.replace(/:$/,"").trim();p.match(L.invalid)?c(u):(O(l,p),l.message=s.join(" "),r=!0)}else if(s.length)if(u.match(L.invalid))c(u);else{var m=O(l,u.replace(/: $/,"").trim());!0===m?(s.unshift(u),l.message=s.join(" "),r=!0):!1===m&&(l.message=s.join(" "),r=!0)}else c(u);else r=!0}}else l.message=s.join(" ");if(l.chain=(l.host||"").split("/"),l.host=l.chain.pop(),"RFC5424"==l.type){var g=L.bsdata.test(l.message),v=L.asdata.test(l.message),h=l.message.match(L.sdata)||[],y=0;if(l.structuredData=h.map(function(e){var a={},s=null;return y=l.message.indexOf(e)+e.length+1,e.replace(/(^\[)|(\]$)/g,"").split(" ").forEach(function(e,i){if(e.trim())if(0==i)a.$id=e;else{var t=e.split("=");t[0]&&t[1]&&'"'!=t[1]?(s=t.shift(),a[s]=t.join("=").replace(/\"/g,"")):t[0]&&void 0===t[1]?a[s]+=" "+(t[0]||"").replace(/\"/g,""):!t[0]||t[1].length&&'"'!=t[1]||(a[s]+=" "+(t[0]||"").replace(/\"/g,"")+"=")}}),a}),l.structuredData.length){var b=l.message.indexOf("[");g?(0<=b&&(l.header=e.substring(0,e.length-l.message.length)),l.message=l.message.substring(y)):v&&0<=b&&(l.header=e.substring(0,e.length-l.message.length),l.message=l.message.substring(0,b))}}if(!1!==i.cef&&L.cef.test(l.message)){l.type="CEF";var E=D.parse(l.message);l.cef=E.headers,l.fields=E.fields}else if(!1!==i.leef&&L.leef.test(l.message)){l.type="LEEF";var N=w.parse(l.message);l.leef=N.headers,l.fields=N.fields}else if(!1!==i.fields&&"UNKNOWN"!=l.type){var x=[];l.message.split(",").forEach(function(e){var i=e.split("=");2==i.length&&(x[i[0]]=i[1])}),l.fields=x}if(l.header=l.header||e.substring(0,e.length-l.message.length),l.message=l.message.trim(),i.pid&&l.appName&&l.appName.endsWith("]")){var k=l.appName.indexOf("[");0<=k&&(l.pid=l.appName.substring(k+1,l.appName.length-1),l.appName=l.appName.substring(0,k))}return l}(e,i)}catch(e){return{err:e}}}},{"./cef.js":2,"./leef.js":3,"./pri.js":5}],5:[function(e,i,t){var a=[{id:"kern",label:"kernel messages"},{id:"user",label:"user-level messages"},{id:"mail",label:"mail system"},{id:"daemon",label:"system daemons"},{id:"auth",label:"security/authorization messages"},{id:"syslog",label:"messages generated internally by syslogd"},{id:"lpr",label:"line printer subsystem"},{id:"news",label:"network news subsystem"},{id:"uucp",label:"UUCP subsystem"},{id:"cron",label:"clock daemon"},{id:"authpriv",label:"security/authorization messages"},{id:"ftp",label:"FTP daemon"},{id:"ntp",label:"NTP subsystem"},{id:"security",label:"log audit"},{id:"console",label:"log alert"},{id:"solaris-cron",label:"clock daemon"},{id:"local0",label:"locally used facility 0"},{id:"local1",label:"locally used facility 0"},{id:"local2",label:"locally used facility 0"},{id:"local3",label:"locally used facility 0"},{id:"local4",label:"locally used facility 0"},{id:"local5",label:"locally used facility 0"},{id:"local6",label:"locally used facility 0"},{id:"local7",label:"locally used facility 0"}],s=[{id:"emerg",label:"system is unusable"},{id:"alert",label:"action must be taken immediately"},{id:"crit",label:"critical conditions"},{id:"error",label:"error conditions"},{id:"warn",label:"warning conditions"},{id:"notice",label:"normal but significant condition"},{id:"info",label:"informational messages"},{id:"debug",label:"debug-level messages"}],l=[],r=[];a.forEach(function(e,i){return l[e.id]=i}),s.forEach(function(e,i){return r[e.id]=i}),i.exports.LEVEL=s,i.exports.FACILITY=a,i.exports.LEVELS=r,i.exports.FACILITIES=l,i.exports.get=function(e,i){return"number"==typeof e&&void 0===i?{level:7&e,facility:e>>3}:"number"==typeof e&&"number"==typeof i?8*e+i:"string"==typeof e&&"number"==typeof i?8*(l[e]||0)+i:"number"==typeof e&&"string"==typeof i?8*e+(r[i]||0):"string"==typeof e&&"string"==typeof i?8*(l[e]||0)+(r[i]||0):{level:0,facility:0}}},{}]},{},[1]); |
| { | ||
| "name": "nsyslog-parser", | ||
| "version": "0.9.6", | ||
| "version": "0.10.0", | ||
| "description": "Syslog Parser. Accepts RFC 3164 (BSD), RFC 5424 and CEF formats", | ||
@@ -5,0 +5,0 @@ "author": "David Gómez Matarrodona <solzimer@gmail.com>", |
| const | ||
| Pri = require("./pri.js"), | ||
| CEF = require("./cef.js"); | ||
| CEF = require("./cef.js"), | ||
| LEEF = require('./leef.js'); | ||
@@ -17,3 +18,4 @@ const RXS = { | ||
| "bsdata" : /^\s*\[/, | ||
| "cef" : /^CEF:\d+/ | ||
| "cef" : /^CEF:\d+/, | ||
| "leef" : /^LEEF:(1|2)\.0/ | ||
| } | ||
@@ -23,2 +25,3 @@ | ||
| cef : true, | ||
| leef : true, | ||
| fields : true, | ||
@@ -234,2 +237,9 @@ pid : true, | ||
| } | ||
| // LEEF Event message | ||
| else if(opts.leef!==false && RXS.leef.test(entry.message)) { | ||
| entry.type = "LEEF"; | ||
| let leef = LEEF.parse(entry.message); | ||
| entry.leef = leef.headers; | ||
| entry.fields = leef.fields; | ||
| } | ||
| // Default syslog message | ||
@@ -236,0 +246,0 @@ else if(opts.fields!==false && entry.type!="UNKNOWN"){ |
Sorry, the diff of this file is not supported yet
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by9.47%
141791
- Number of package files
- increased by13.33%
17
- Lines of code
- increased by9.7%
2193
No dependency changes