nsyslog-parser - npm Package Compare versions

Comparing version 0.8.5 to 0.8.6

dist/nsyslog-parser.js

		@@ -118,3 +118,3 @@ "use strict";
		"prival": /<(\d+)>/,
		"month": /^[A-Z][a-z]{2} /,
		"month": /^[A-Za-z][a-z]{2} /,
		"day": /^\d{1,2} /,
		@@ -128,2 +128,7 @@ "time": /^\d+:\d+:\d+ /,

		var DOPS = {
		cef: true,
		fields: true
		};

		function peek(arr) {
		@@ -145,3 +150,5 @@ do {

		function parse(line) {
		function parse(line, opts) {
		opts = opts \|\| DOPS;

		var pri = line.match(RXS.pri);
		@@ -289,3 +296,3 @@ var entry = {
		// CEF Event message
		if (RXS.cef.test(entry.message)) {
		if (opts.cef !== false && RXS.cef.test(entry.message)) {
		entry.type = "CEF";
		@@ -297,3 +304,3 @@ var cef = CEF.parse(entry.message);
		// Default syslog message
		else {
		else if (opts.fields !== false && entry.type != "UNKNOWN") {
		// Message with fields
		@@ -314,5 +321,5 @@ var fields = [];

		module.exports = function (line) {
		module.exports = function (line, opts) {
		try {
		return parse(line);
		return parse(line, opts);
		} catch (err) {
		@@ -319,0 +326,0 @@ return { err: err };

dist/nsyslog-parser.min.js

		@@ -1,3 +0,3 @@
		/! nsyslog-parser 2018-08-27 /
		/! nsyslog-parser 2018-09-14 /

		"use strict";!function r(s,n,o){function c(i,e){if(!n[i]){if(!s[i]){var t="function"==typeof require&&require;if(!e&&t)return t(i,!0);if(d)return d(i,!0);var l=new Error("Cannot find module '"+i+"'");throw l.code="MODULE_NOT_FOUND",l}var a=n[i]={exports:{}};s[i][0].call(a.exports,function(e){return c(s[i][1][e]\|\|e)},a,a.exports,r,s,n,o)}return n[i].exports}for(var d="function"==typeof require&&require,e=0;e<o.length;e++)c(o[e]);return c}({1:[function(e,i,t){var l,a;l=window,a=e("./parser.js"),l.NSyslog=l.NSyslog\|\|{},l.NSyslog.parse=a},{"./parser.js":3}],2:[function(e,i,t){var n=/[a-zA-Z][a-zA-Z0-9]+=/,o=["version","deviceVendor","deviceProduct","deviceVersion","deviceEventClassID","name","severity","extension"];i.exports={parse:function(e){var t,l,i,a,r,s=(t=[],i=!(l={}),a=7,r="",e.split("").forEach(function(e){a?"\|"==e?i?(i=!1,r+=e):(t.push(r),r="",a--):"\\"==e?(r+=e,i=!i):(i=!1,r+=e):r+=e}),r.length&&t.push(r),o.forEach(function(e,i){return l[e]=t[i]}),l);return{headers:s,fields:function(e){var i=[],t={},l=null;do{if(l=n.exec(e)){var a=l[0],r=l.index;i.length&&(i[i.length-1]+=e.substring(0,r)),i.push(a),e=e.substring(r+a.length)}else e.length&&i.length&&(i[i.length-1]+=e,e="")}while(l&&e.length);return i.map(function(e){return e.trim()}).map(function(e){return{k:(e=e.split("=")).shift(),v:e.join("=")}}).forEach(function(e){t[e.k]=e.v}),t}(s.extension\|\|"")}}}},{}],3:[function(e,i,t){var v=e("./pri.js"),b=e("./cef.js"),E={pri:/^<\d+>/,prinmr:/^\d+ /,prival:/<(\d+)>/,month:/^[A-Z][a-z]{2} /,day:/^\d{1,2} /,time:/^\d+:\d+:\d+ /,ts:/^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\S+ /,invalid:/[^a-zA-Z0-9\.\$\-_#%\/\[\]]/,sdata:/\[(\S+)( [^\=]+\=\"[^\"]+\")+\]/g,cef:/^CEF:\d+/};function x(e){do{var i=e.shift();if(void 0===i)return i;i=i.trim()}while(!i);return i}function w(e,i){if(e.host)if(e.appName)if(e.pid){if(e.messageid)return!!e.structuredData\|\|(e.structuredData=i.trim(),!1);e.messageid=i.trim()}else e.pid=i.trim();else e.appName=i.trim();else e.host=i.trim()}i.exports=function(e){try{return function(e){var i=e.match(E.pri),t={originalMessage:e};if(i){t.pri=i[0],t.prival=parseInt(t.pri.match(E.prival)[1]);var l=v.get(t.prival);t.facilityval=l.facility,t.levelval=l.level,t.facility=v.FACILITY[l.facility].id,t.level=v.LEVEL[l.level].id}else t.pri="",t.prival=NaN;for(var a=e.substring(t.pri.length).split(" "),r=!1;e.length&&!r;){if((u=x(a)+" ").match(E.prinmr))t.version=parseInt(u),t.type="RFC5424",(u=x(a)+" ").match(E.ts)&&(t.ts=new Date(Date.parse(u.match(E.ts)[0].trim())));else if(u.match(E.month)){t.type="BSD";var s=u.trim(),n=x(a),o=x(a),c=(new Date).getYear()+1900;t.ts=new Date(Date.parse(c+" "+s+" "+n+" "+o))}else t.type="UNKNOWN",a.unshift(u.trim());r=!0}if(t.ts\|\|(t.ts=new Date),t.type){var d=function(e){a.unshift(e),t.message=a.join(" "),r=!0};for(r=!1;e.length&&!r;){var u;if(u=x(a))if(u.endsWith(":")){var f=u.replace(/:$/,"").trim();f.match(E.invalid)?d(u):(w(t,f),t.message=a.join(" "),r=!0)}else if(a.length)if(u.match(E.invalid))d(u);else{var p=w(t,u.replace(/: $/,"").trim());!0===p?(a.unshift(u),t.message=a.join(" "),r=!0):!1===p&&(t.message=a.join(" "),r=!0)}else d(u);else r=!0}}else t.message=a.join(" ");if(t.chain=(t.host\|\|"").split("/"),t.host=t.chain.pop(),"RFC5424"==t.type){var m=t.message.match(E.sdata)\|\|[],g=0;t.structuredData=m.map(function(e){var l={},a=null;return g=t.message.indexOf(e)+e.length+1,e.replace(/(^\[)\|(\]$)/g,"").split(" ").forEach(function(e,i){if(e.trim())if(0==i)l.$id=e;else{var t=e.split("=");t[0]&&t[1]&&'"'!=t[1]?(a=t.shift(),l[a]=t.join("=").replace(/\"/g,"")):t[0]&&void 0===t[1]?l[a]+=" "+(t[0]\|\|"").replace(/\"/g,""):!t[0]\|\|t[1].length&&'"'!=t[1]\|\|(l[a]+=" "+(t[0]\|\|"").replace(/\"/g,"")+"=")}}),l}),t.message=t.message.substring(g)}if(E.cef.test(t.message)){t.type="CEF";var h=b.parse(t.message);t.cef=h.headers,t.fields=h.fields}else{var y=[];t.message.split(",").forEach(function(e){var i=e.split("=");2==i.length&&(y[i[0]]=i[1])}),t.fields=y}return t.header=e.substring(0,e.length-t.message.length),t}(e)}catch(e){return{err:e}}}},{"./cef.js":2,"./pri.js":4}],4:[function(e,i,t){var l=[{id:"kern",label:"kernel messages"},{id:"user",label:"user-level messages"},{id:"mail",label:"mail system"},{id:"daemon",label:"system daemons"},{id:"auth",label:"security/authorization messages"},{id:"syslog",label:"messages generated internally by syslogd"},{id:"lpr",label:"line printer subsystem"},{id:"news",label:"network news subsystem"},{id:"uucp",label:"UUCP subsystem"},{id:"cron",label:"clock daemon"},{id:"authpriv",label:"security/authorization messages"},{id:"ftp",label:"FTP daemon"},{id:"ntp",label:"NTP subsystem"},{id:"security",label:"log audit"},{id:"console",label:"log alert"},{id:"solaris-cron",label:"clock daemon"},{id:"local0",label:"locally used facility 0"},{id:"local1",label:"locally used facility 0"},{id:"local2",label:"locally used facility 0"},{id:"local3",label:"locally used facility 0"},{id:"local4",label:"locally used facility 0"},{id:"local5",label:"locally used facility 0"},{id:"local6",label:"locally used facility 0"},{id:"local7",label:"locally used facility 0"}],a=[{id:"emerg",label:"system is unusable"},{id:"alert",label:"action must be taken immediately"},{id:"crit",label:"critical conditions"},{id:"error",label:"error conditions"},{id:"warn",label:"warning conditions"},{id:"notice",label:"normal but significant condition"},{id:"info",label:"informational messages"},{id:"debug",label:"debug-level messages"}],r=[],s=[];l.forEach(function(e,i){return r[e.id]=i}),a.forEach(function(e,i){return s[e.id]=i}),i.exports.LEVEL=a,i.exports.FACILITY=l,i.exports.LEVELS=s,i.exports.FACILITIES=r,i.exports.get=function(e,i){return"number"==typeof e&&void 0===i?{level:7&e,facility:e>>3}:"number"==typeof e&&"number"==typeof i?8e+i:"string"==typeof e&&"number"==typeof i?8(r[e]\|\|0)+i:"number"==typeof e&&"string"==typeof i?8e+(s[i]\|\|0):"string"==typeof e&&"string"==typeof i?8(r[e]\|\|0)+(s[i]\|\|0):{level:0,facility:0}}},{}]},{},[1]);
		"use strict";!function r(s,n,o){function c(i,e){if(!n[i]){if(!s[i]){var t="function"==typeof require&&require;if(!e&&t)return t(i,!0);if(d)return d(i,!0);var l=new Error("Cannot find module '"+i+"'");throw l.code="MODULE_NOT_FOUND",l}var a=n[i]={exports:{}};s[i][0].call(a.exports,function(e){return c(s[i][1][e]\|\|e)},a,a.exports,r,s,n,o)}return n[i].exports}for(var d="function"==typeof require&&require,e=0;e<o.length;e++)c(o[e]);return c}({1:[function(e,i,t){var l,a;l=window,a=e("./parser.js"),l.NSyslog=l.NSyslog\|\|{},l.NSyslog.parse=a},{"./parser.js":3}],2:[function(e,i,t){var n=/[a-zA-Z][a-zA-Z0-9]+=/,o=["version","deviceVendor","deviceProduct","deviceVersion","deviceEventClassID","name","severity","extension"];i.exports={parse:function(e){var t,l,i,a,r,s=(t=[],i=!(l={}),a=7,r="",e.split("").forEach(function(e){a?"\|"==e?i?(i=!1,r+=e):(t.push(r),r="",a--):"\\"==e?(r+=e,i=!i):(i=!1,r+=e):r+=e}),r.length&&t.push(r),o.forEach(function(e,i){return l[e]=t[i]}),l);return{headers:s,fields:function(e){var i=[],t={},l=null;do{if(l=n.exec(e)){var a=l[0],r=l.index;i.length&&(i[i.length-1]+=e.substring(0,r)),i.push(a),e=e.substring(r+a.length)}else e.length&&i.length&&(i[i.length-1]+=e,e="")}while(l&&e.length);return i.map(function(e){return e.trim()}).map(function(e){return{k:(e=e.split("=")).shift(),v:e.join("=")}}).forEach(function(e){t[e.k]=e.v}),t}(s.extension\|\|"")}}}},{}],3:[function(e,i,t){var b=e("./pri.js"),E=e("./cef.js"),x={pri:/^<\d+>/,prinmr:/^\d+ /,prival:/<(\d+)>/,month:/^[A-Za-z][a-z]{2} /,day:/^\d{1,2} /,time:/^\d+:\d+:\d+ /,ts:/^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\S+ /,invalid:/[^a-zA-Z0-9\.\$\-_#%\/\[\]]/,sdata:/\[(\S+)( [^\=]+\=\"[^\"]+\")+\]/g,cef:/^CEF:\d+/},N={cef:!0,fields:!0};function w(e){do{var i=e.shift();if(void 0===i)return i;i=i.trim()}while(!i);return i}function j(e,i){if(e.host)if(e.appName)if(e.pid){if(e.messageid)return!!e.structuredData\|\|(e.structuredData=i.trim(),!1);e.messageid=i.trim()}else e.pid=i.trim();else e.appName=i.trim();else e.host=i.trim()}i.exports=function(e,i){try{return function(e,i){i=i\|\|N;var t=e.match(x.pri),r={originalMessage:e};if(t){r.pri=t[0],r.prival=parseInt(r.pri.match(x.prival)[1]);var l=b.get(r.prival);r.facilityval=l.facility,r.levelval=l.level,r.facility=b.FACILITY[l.facility].id,r.level=b.LEVEL[l.level].id}else r.pri="",r.prival=NaN;for(var a=e.substring(r.pri.length).split(" "),s=!1;e.length&&!s;){if((u=w(a)+" ").match(x.prinmr))r.version=parseInt(u),r.type="RFC5424",(u=w(a)+" ").match(x.ts)&&(r.ts=new Date(Date.parse(u.match(x.ts)[0].trim())));else if(u.match(x.month)){r.type="BSD";var n=u.trim(),o=w(a),c=w(a),d=(new Date).getYear()+1900;r.ts=new Date(Date.parse(d+" "+n+" "+o+" "+c))}else r.type="UNKNOWN",a.unshift(u.trim());s=!0}if(r.ts\|\|(r.ts=new Date),r.type){var f=function(e){a.unshift(e),r.message=a.join(" "),s=!0};for(s=!1;e.length&&!s;){var u;if(u=w(a))if(u.endsWith(":")){var p=u.replace(/:$/,"").trim();p.match(x.invalid)?f(u):(j(r,p),r.message=a.join(" "),s=!0)}else if(a.length)if(u.match(x.invalid))f(u);else{var m=j(r,u.replace(/: $/,"").trim());!0===m?(a.unshift(u),r.message=a.join(" "),s=!0):!1===m&&(r.message=a.join(" "),s=!0)}else f(u);else s=!0}}else r.message=a.join(" ");if(r.chain=(r.host\|\|"").split("/"),r.host=r.chain.pop(),"RFC5424"==r.type){var g=r.message.match(x.sdata)\|\|[],h=0;r.structuredData=g.map(function(e){var l={},a=null;return h=r.message.indexOf(e)+e.length+1,e.replace(/(^\[)\|(\]$)/g,"").split(" ").forEach(function(e,i){if(e.trim())if(0==i)l.$id=e;else{var t=e.split("=");t[0]&&t[1]&&'"'!=t[1]?(a=t.shift(),l[a]=t.join("=").replace(/\"/g,"")):t[0]&&void 0===t[1]?l[a]+=" "+(t[0]\|\|"").replace(/\"/g,""):!t[0]\|\|t[1].length&&'"'!=t[1]\|\|(l[a]+=" "+(t[0]\|\|"").replace(/\"/g,"")+"=")}}),l}),r.message=r.message.substring(h)}if(!1!==i.cef&&x.cef.test(r.message)){r.type="CEF";var y=E.parse(r.message);r.cef=y.headers,r.fields=y.fields}else if(!1!==i.fields&&"UNKNOWN"!=r.type){var v=[];r.message.split(",").forEach(function(e){var i=e.split("=");2==i.length&&(v[i[0]]=i[1])}),r.fields=v}return r.header=e.substring(0,e.length-r.message.length),r}(e,i)}catch(e){return{err:e}}}},{"./cef.js":2,"./pri.js":4}],4:[function(e,i,t){var l=[{id:"kern",label:"kernel messages"},{id:"user",label:"user-level messages"},{id:"mail",label:"mail system"},{id:"daemon",label:"system daemons"},{id:"auth",label:"security/authorization messages"},{id:"syslog",label:"messages generated internally by syslogd"},{id:"lpr",label:"line printer subsystem"},{id:"news",label:"network news subsystem"},{id:"uucp",label:"UUCP subsystem"},{id:"cron",label:"clock daemon"},{id:"authpriv",label:"security/authorization messages"},{id:"ftp",label:"FTP daemon"},{id:"ntp",label:"NTP subsystem"},{id:"security",label:"log audit"},{id:"console",label:"log alert"},{id:"solaris-cron",label:"clock daemon"},{id:"local0",label:"locally used facility 0"},{id:"local1",label:"locally used facility 0"},{id:"local2",label:"locally used facility 0"},{id:"local3",label:"locally used facility 0"},{id:"local4",label:"locally used facility 0"},{id:"local5",label:"locally used facility 0"},{id:"local6",label:"locally used facility 0"},{id:"local7",label:"locally used facility 0"}],a=[{id:"emerg",label:"system is unusable"},{id:"alert",label:"action must be taken immediately"},{id:"crit",label:"critical conditions"},{id:"error",label:"error conditions"},{id:"warn",label:"warning conditions"},{id:"notice",label:"normal but significant condition"},{id:"info",label:"informational messages"},{id:"debug",label:"debug-level messages"}],r=[],s=[];l.forEach(function(e,i){return r[e.id]=i}),a.forEach(function(e,i){return s[e.id]=i}),i.exports.LEVEL=a,i.exports.FACILITY=l,i.exports.LEVELS=s,i.exports.FACILITIES=r,i.exports.get=function(e,i){return"number"==typeof e&&void 0===i?{level:7&e,facility:e>>3}:"number"==typeof e&&"number"==typeof i?8e+i:"string"==typeof e&&"number"==typeof i?8(r[e]\|\|0)+i:"number"==typeof e&&"string"==typeof i?8e+(s[i]\|\|0):"string"==typeof e&&"string"==typeof i?8(r[e]\|\|0)+(s[i]\|\|0):{level:0,facility:0}}},{}]},{},[1]);

package.json

		{
		"name": "nsyslog-parser",
		"version": "0.8.5",
		"version": "0.8.6",
		"description": "Syslog Parser. Accepts RFC 3164 (BSD), RFC 5424 and CEF formats",
		@@ -5,0 +5,0 @@ "author": "David Gómez Matarrodona <solzimer@gmail.com>",

parser.js

		@@ -18,2 +18,7 @@ const

		const DOPS = {
		cef : true,
		fields : true
		}

		function peek(arr) {
		@@ -41,3 +46,5 @@ do {

		function parse(line) {
		function parse(line,opts) {
		opts = opts \|\| DOPS;

		var pri = line.match(RXS.pri);
		@@ -194,3 +201,3 @@ var entry = {
		// CEF Event message
		if(RXS.cef.test(entry.message)) {
		if(opts.cef!==false && RXS.cef.test(entry.message)) {
		entry.type = "CEF";
		@@ -202,3 +209,3 @@ let cef = CEF.parse(entry.message);
		// Default syslog message
		else {
		else if(opts.fields!==false && entry.type!="UNKNOWN"){
		// Message with fields
		@@ -220,2 +227,2 @@ var fields = [];

		module.exports = function(line) {try {return parse(line)}catch(err){return {err:err}}};
		module.exports = function(line,opts) {try {return parse(line,opts)}catch(err){return {err:err}}};

README.md

		# nsyslog-parser
		[![](https://data.jsdelivr.com/v1/package/npm/nsyslog-parser/badge?style=rounded)](https://www.jsdelivr.com/package/npm/nsyslog-parser)

		Syslog Parser. Accepts [RFC 3164 (BSD)](https://tools.ietf.org/search/rfc3164), [RFC 5424](https://tools.ietf.org/html/rfc5424) and [CEF Common Event Format](https://community.saas.hpe.com/t5/ArcSight-Connectors/ArcSight-Common-Event-Format-CEF-Guide/ta-p/1589306) formats.
		@@ -3,0 +5,0 @@ Although thought as a parser for stantard syslog messages, there are too many systems/devices out there that sends erroneous, propietary or simply malformed messages. nsyslog-parser is flexible enough to try and parse every single message to extract as many information as possible, without throwing any errors.

test.js

		@@ -10,5 +10,6 @@ const parser = require("./parser.js");
		var i=0,j=0;
		var opts = {cef:false,fields:false};

		function next() {
		parser(MSGS[(i++)%MSGS.length]);
		parser(MSGS[(i++)%MSGS.length],opts);
		j++;
		@@ -15,0 +16,0 @@ setImmediate(next);

test/examples.js

		@@ -27,3 +27,24 @@ module.exports = [
		'<30>Aug 4 16:53:13 pinger[1334]: 64 bytes from 87.250.250.242: seq=69 ttl=37 time=33.918 ms\n',
		'<190>AMP (airwave)[6944]: Your license does not allow you to create or authorize additional APs/Devices\tSystem\tSystem\t\t\t'
		'<190>AMP (airwave)[6944]: Your license does not allow you to create or authorize additional APs/Devices\tSystem\tSystem\t\t\t',
		'<189>date=2018-09-13 time=10:12:18 devname=FW-310B-01 devid=FG300B3911601588 logid=0000000013 type=traffic subtype=forward level=notice vd=root srcip=10.67.24.31 srcport=49853 srcintf="WIFI_AESA" dstip=173.194.76.188 dstport=5228 dstintf="FW-310B_HP-8206" sessionid=4732460 proto=6 action=timeout policyid=37 dstcountry="United States" srccountry="Reserved" trandisp=noop service="tcp/5228" duration=39 sentbyte=156 rcvdbyte=0 sentpkt=3 rcvdpkt=0 appcat="unscanned" crscore=5 craction=262144 crlevel=low',

		'<189>date=2018-09-13 time=10:12:18 devname=FW-310B-01 devid=FG300B3911601588 logid=0000000013 type=traffic subtype=forward level=notice vd=root srcip=192.168.134.9 srcport=58335 srcintf="WIFI_INVITADOS" dstip=104.36.251.158 dstport=443 dstintf="port8" sessionid=4733602 proto=6 action=close policyid=40 dstcountry="United States" srccountry="Reserved" trandisp=snat transip=192.168.98.6 transport=58335 service="HTTPS" duration=1 sentbyte=132 rcvdbyte=92 sentpkt=3 rcvdpkt=2 appcat="unscanned"',
		'<189>date=2018-09-13 time=10:12:18 devname=FW-310B-01 devid=FG300B3911601588 logid=0001000014 type=traffic subtype=local level=notice vd=root srcip=10.67.24.31 srcport=137 srcintf="WIFI_AESA" dstip=10.67.24.255 dstport=137 dstintf=unknown-0 sessionid=4733634 proto=17 action=deny policyid=0 dstcountry="Reserved" srccountry="Reserved" trandisp=noop service="SMB1" app="netbios forward" duration=0 sentbyte=0 rcvdbyte=0 sentpkt=0 appcat="unscanned"',
		'<189>date=2018-09-13 time=10:12:18 devname=FW-310B-01 devid=FG300B3911601588 logid=0000000013 type=traffic subtype=forward level=notice vd=root srcip=10.13.179.169 srcport=55386 srcintf="FW-310B_HP-8206" dstip=10.67.24.16 dstport=7680 dstintf="WIFI_AESA" sessionid=4733609 proto=6 action=close policyid=42 dstcountry="Reserved" srccountry="Reserved" trandisp=noop service="tcp/7680" duration=1 sentbyte=52 rcvdbyte=40 sentpkt=1 rcvdpkt=1 appcat="unscanned"',
		'<189>date=2018-09-13 time=10:12:19 devname=FW-310B-01 devid=FG300B3911601588 logid=0000000013 type=traffic subtype=forward level=notice vd=root srcip=10.67.24.32 srcport=62407 srcintf="WIFI_AESA" dstip=10.67.11.102 dstport=53 dstintf="FW-310B_HP-8206" sessionid=4733388 proto=17 action=accept policyid=37 dstcountry="Reserved" srccountry="Reserved" trandisp=noop service="DNS" duration=10 sentbyte=115 rcvdbyte=190 sentpkt=1 rcvdpkt=1 appcat="unscanned"',
		'<189>date=2018-09-13 time=10:12:19 devname=FW-310B-01 devid=FG300B3911601588 logid=0000000011 type=traffic subtype=forward level=warning vd=root srcip=10.67.24.32 srcport=62407 srcintf="WIFI_AESA" dstip=10.67.11.102 dstport=53 dstintf="FW-310B_HP-8206" sessionid=4733388 proto=17 action=dns policyid=37 appcat="unscanned" crscore=5 craction=262144 crlevel=low',
		'<189>date=2018-09-13 time=10:12:19 devname=FW-310B-01 devid=FG300B3911601588 logid=0000000013 type=traffic subtype=forward level=notice vd=root srcip=10.67.24.5 srcport=52970 srcintf="WIFI_AESA" dstip=10.13.179.156 dstport=7680 dstintf="FW-310B_HP-8206" sessionid=4733612 proto=6 action=close policyid=37 dstcountry="Reserved" srccountry="Reserved" trandisp=noop service="tcp/7680" duration=1 sentbyte=132 rcvdbyte=92 sentpkt=3 rcvdpkt=2 appcat="unscanned"',
		'<189>date=2018-09-13 time=10:12:19 devname=FW-310B-01 devid=FG300B3911601588 logid=0000000011 type=traffic subtype=forward level=warning vd=root srcip=10.67.24.32 srcport=52839 srcintf="WIFI_AESA" dstip=10.67.11.102 dstport=53 dstintf="FW-310B_HP-8206" sessionid=4733389 proto=17 action=dns policyid=37 appcat="unscanned" crscore=5 craction=262144 crlevel=low',
		'<189>date=2018-09-13 time=10:12:19 devname=FW-310B-01 devid=FG300B3911601588 logid=0000000013 type=traffic subtype=forward level=notice vd=root srcip=10.67.24.32 srcport=52839 srcintf="WIFI_AESA" dstip=10.67.11.102 dstport=53 dstintf="FW-310B_HP-8206" sessionid=4733389 proto=17 action=accept policyid=37 dstcountry="Reserved" srccountry="Reserved" trandisp=noop service="DNS" duration=10 sentbyte=90 rcvdbyte=165 sentpkt=1 rcvdpkt=1 appcat="unscanned"',

		'<143>Sep 12 2018 15:32:19 10.67.3.37 CEF:0\|Aruba Networks\|ClearPass\|6.7.5.108264\|2000\|Logged in users\|1\|cat=Session Logs dvc=10.67.3.37 duser=senasa.jcgp destinationServiceName=Wireless_MAC_USUARIOS dpriv=[Employee], [MAC Caching], [User Authenticated] dmac=b49d0b950026 dst=192.168.135.50 src=192.168.131.1 rt=Sep 12 2018 15:32:11',
		'<143>Sep 12 2018 15:32:19 10.67.3.37 CEF:0\|Aruba Networks\|ClearPass\|6.7.5.108264\|2000\|Logged in users\|1\|cat=Session Logs dvc=10.67.3.37 duser=senasa.jcgp destinationServiceName=Wireless_MAC_USUARIOS dpriv=[Employee], [MAC Caching], [User Authenticated] dmac=b49d0b950026 dst=192.168.135.50 src=192.168.131.1 rt=Sep 12 2018 15:32:11',
		'<143>Sep 12 2018 15:32:19 10.67.3.37 CEF:0\|Aruba Networks\|ClearPass\|6.7.5.108264\|2000\|Logged in users\|1\|cat=Session Logs dvc=10.67.3.37 duser=isdefe.coy destinationServiceName=Wireless_MAC_USUARIOS dpriv=[Employee], [MAC Caching], [User Authenticated] dmac=b0e23596f602 dst=192.168.135.33 src=192.168.131.1 rt=Sep 12 2018 15:31:14',
		'<143>Sep 12 2018 15:32:19 10.67.3.37 CEF:0\|Aruba Networks\|ClearPass\|6.7.5.108264\|2000\|Logged in users\|1\|cat=Session Logs dvc=10.67.3.37 duser=AVIACION\isdefe.mag destinationServiceName=AESA_Wireless_802.1x_Servicio_Corporativo dpriv=Corporate_Machine, [Machine Authenticated], [Other], [User Authenticated] dmac=f48c50ce757f dst=10.67.24.39 src=192.168.131.1 rt=Sep 12 2018 15:31:37',
		'<143>Sep 12 2018 15:32:19 10.67.3.37 CEF:0\|Aruba Networks\|ClearPass\|6.7.5.108264\|2000\|Logged in users\|1\|cat=Session Logs dvc=10.67.3.37 duser=AVIACION\senasa.mjtp destinationServiceName=AESA_Wireless_802.1x_Servicio_Corporativo dpriv=Corporate_Machine, [Machine Authenticated], [Other], [User Authenticated] dmac=b88a60913683 dst=192.168.133.23 src=192.168.131.1 rt=Sep 12 2018 15:31:44',
		'<143>Sep 12 2018 15:32:19 10.67.3.37 CEF:0\|Aruba Networks\|ClearPass\|6.7.5.108264\|2000\|Logged in users\|1\|cat=Session Logs dvc=10.67.3.37 duser=AVIACION\senasa.mjtp destinationServiceName=AESA_Wireless_802.1x_Servicio_Corporativo dpriv=Corporate_Machine, [Machine Authenticated], [Other], [User Authenticated] dmac=b88a60913683 dst=192.168.133.23 src=192.168.131.1 rt=Sep 12 2018 15:31:54',
		'<143>Sep 12 2018 15:32:19 10.67.3.37 CEF:0\|Aruba Networks\|ClearPass\|6.7.5.108264\|2000\|Logged in users\|1\|cat=Session Logs dvc=10.67.3.37 duser=AVIACION\stroncoso destinationServiceName=AESA_Wireless_802.1x_Servicio_Corporativo dpriv=Corporate_Machine, [Machine Authenticated], [User Authenticated] dmac=bc8385e2d4b7 dst=10.67.24.3 src=192.168.131.1 rt=Sep 12 2018 15:30:25',
		'<143>Sep 12 2018 15:32:19 10.67.3.37 CEF:0\|Aruba Networks\|ClearPass\|6.7.5.108264\|2000\|Logged in users\|1\|cat=Session Logs dvc=10.67.3.37 duser=AVIACION\senasa.mmin destinationServiceName=AESA_Wireless_802.1x_Servicio_Corporativo dpriv=Corporate_Machine, [Machine Authenticated], [Other], [User Authenticated] dmac=1002b54c3088 dst=192.168.133.14 src=192.168.131.1 rt=Sep 12 2018 15:31:50',
		'<143>Sep 12 2018 15:32:19 10.67.3.37 CEF:0\|Aruba Networks\|ClearPass\|6.7.5.108264\|2000\|Logged in users\|1\|cat=Session Logs dvc=10.67.3.37 duser=AVIACION\isdefe.mag destinationServiceName=AESA_Wireless_802.1x_Servicio_Corporativo dpriv=Corporate_Machine, [Machine Authenticated], [Other], [User Authenticated] dmac=f48c50ce757f dst=10.67.24.39 src=192.168.131.1 rt=Sep 12 2018 15:31:37',

		];

dist/nsyslog-parser.js.map

Sorry, the diff of this file is not supported yet

		@@ -1,3 +0,3 @@
		/! nsyslog-parser 2018-08-27 /
		/! nsyslog-parser 2018-09-14 /

		"use strict";!function r(s,n,o){function c(i,e){if(!n[i]){if(!s[i]){var t="function"==typeof require&&require;if(!e&&t)return t(i,!0);if(d)return d(i,!0);var l=new Error("Cannot find module '"+i+"'");throw l.code="MODULE_NOT_FOUND",l}var a=n[i]={exports:{}};s[i][0].call(a.exports,function(e){return c(s[i][1][e]\|\|e)},a,a.exports,r,s,n,o)}return n[i].exports}for(var d="function"==typeof require&&require,e=0;e<o.length;e++)c(o[e]);return c}({1:[function(e,i,t){var l,a;l=window,a=e("./parser.js"),l.NSyslog=l.NSyslog\|\|{},l.NSyslog.parse=a},{"./parser.js":3}],2:[function(e,i,t){var n=/[a-zA-Z][a-zA-Z0-9]+=/,o=["version","deviceVendor","deviceProduct","deviceVersion","deviceEventClassID","name","severity","extension"];i.exports={parse:function(e){var t,l,i,a,r,s=(t=[],i=!(l={}),a=7,r="",e.split("").forEach(function(e){a?"\|"==e?i?(i=!1,r+=e):(t.push(r),r="",a--):"\\"==e?(r+=e,i=!i):(i=!1,r+=e):r+=e}),r.length&&t.push(r),o.forEach(function(e,i){return l[e]=t[i]}),l);return{headers:s,fields:function(e){var i=[],t={},l=null;do{if(l=n.exec(e)){var a=l[0],r=l.index;i.length&&(i[i.length-1]+=e.substring(0,r)),i.push(a),e=e.substring(r+a.length)}else e.length&&i.length&&(i[i.length-1]+=e,e="")}while(l&&e.length);return i.map(function(e){return e.trim()}).map(function(e){return{k:(e=e.split("=")).shift(),v:e.join("=")}}).forEach(function(e){t[e.k]=e.v}),t}(s.extension\|\|"")}}}},{}],3:[function(e,i,t){var v=e("./pri.js"),b=e("./cef.js"),E={pri:/^<\d+>/,prinmr:/^\d+ /,prival:/<(\d+)>/,month:/^[A-Z][a-z]{2} /,day:/^\d{1,2} /,time:/^\d+:\d+:\d+ /,ts:/^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\S+ /,invalid:/[^a-zA-Z0-9\.\$\-_#%\/\[\]\(\)]/,sdata:/\[(\S+)( [^\=]+\=\"[^\"]+\")+\]/g,cef:/^CEF:\d+/};function x(e){do{var i=e.shift();if(void 0===i)return i;i=i.trim()}while(!i);return i}function w(e,i){if(e.host)if(e.appName)if(e.pid){if(e.messageid)return!!e.structuredData\|\|(e.structuredData=i.trim(),!1);e.messageid=i.trim()}else e.pid=i.trim();else e.appName=i.trim();else e.host=i.trim()}i.exports=function(e){try{return function(e){var i=e.match(E.pri),t={originalMessage:e};if(i){t.pri=i[0],t.prival=parseInt(t.pri.match(E.prival)[1]);var l=v.get(t.prival);t.facilityval=l.facility,t.levelval=l.level,t.facility=v.FACILITY[l.facility].id,t.level=v.LEVEL[l.level].id}else t.pri="",t.prival=NaN;for(var a=e.substring(t.pri.length).split(" "),r=!1;e.length&&!r;){if((u=x(a)+" ").match(E.prinmr))t.version=parseInt(u),t.type="RFC5424",(u=x(a)+" ").match(E.ts)&&(t.ts=new Date(Date.parse(u.match(E.ts)[0].trim())));else if(u.match(E.month)){t.type="BSD";var s=u.trim(),n=x(a),o=x(a),c=(new Date).getYear()+1900;t.ts=new Date(Date.parse(c+" "+s+" "+n+" "+o))}else t.type="UNKNOWN",a.unshift(u.trim());r=!0}if(t.ts\|\|(t.ts=new Date),t.type){var d=function(e){a.unshift(e),t.message=a.join(" "),r=!0};for(r=!1;e.length&&!r;){var u;if(u=x(a))if(u.endsWith(":")){var f=u.replace(/:$/,"").trim();f.match(E.invalid)?d(u):(w(t,f),t.message=a.join(" "),r=!0)}else if(a.length)if(u.match(E.invalid))d(u);else{var p=w(t,u.replace(/: $/,"").trim());!0===p?(a.unshift(u),t.message=a.join(" "),r=!0):!1===p&&(t.message=a.join(" "),r=!0)}else d(u);else r=!0}}else t.message=a.join(" ");if(t.chain=(t.host\|\|"").split("/"),t.host=t.chain.pop(),"RFC5424"==t.type){var m=t.message.match(E.sdata)\|\|[],g=0;t.structuredData=m.map(function(e){var l={},a=null;return g=t.message.indexOf(e)+e.length+1,e.replace(/(^\[)\|(\]$)/g,"").split(" ").forEach(function(e,i){if(e.trim())if(0==i)l.$id=e;else{var t=e.split("=");t[0]&&t[1]&&'"'!=t[1]?(a=t.shift(),l[a]=t.join("=").replace(/\"/g,"")):t[0]&&void 0===t[1]?l[a]+=" "+(t[0]\|\|"").replace(/\"/g,""):!t[0]\|\|t[1].length&&'"'!=t[1]\|\|(l[a]+=" "+(t[0]\|\|"").replace(/\"/g,"")+"=")}}),l}),t.message=t.message.substring(g)}if(E.cef.test(t.message)){t.type="CEF";var h=b.parse(t.message);t.cef=h.headers,t.fields=h.fields}else{var y=[];t.message.split(",").forEach(function(e){var i=e.split("=");2==i.length&&(y[i[0]]=i[1])}),t.fields=y}return t.header=e.substring(0,e.length-t.message.length),t}(e)}catch(e){return{err:e}}}},{"./cef.js":2,"./pri.js":4}],4:[function(e,i,t){var l=[{id:"kern",label:"kernel messages"},{id:"user",label:"user-level messages"},{id:"mail",label:"mail system"},{id:"daemon",label:"system daemons"},{id:"auth",label:"security/authorization messages"},{id:"syslog",label:"messages generated internally by syslogd"},{id:"lpr",label:"line printer subsystem"},{id:"news",label:"network news subsystem"},{id:"uucp",label:"UUCP subsystem"},{id:"cron",label:"clock daemon"},{id:"authpriv",label:"security/authorization messages"},{id:"ftp",label:"FTP daemon"},{id:"ntp",label:"NTP subsystem"},{id:"security",label:"log audit"},{id:"console",label:"log alert"},{id:"solaris-cron",label:"clock daemon"},{id:"local0",label:"locally used facility 0"},{id:"local1",label:"locally used facility 0"},{id:"local2",label:"locally used facility 0"},{id:"local3",label:"locally used facility 0"},{id:"local4",label:"locally used facility 0"},{id:"local5",label:"locally used facility 0"},{id:"local6",label:"locally used facility 0"},{id:"local7",label:"locally used facility 0"}],a=[{id:"emerg",label:"system is unusable"},{id:"alert",label:"action must be taken immediately"},{id:"crit",label:"critical conditions"},{id:"error",label:"error conditions"},{id:"warn",label:"warning conditions"},{id:"notice",label:"normal but significant condition"},{id:"info",label:"informational messages"},{id:"debug",label:"debug-level messages"}],r=[],s=[];l.forEach(function(e,i){return r[e.id]=i}),a.forEach(function(e,i){return s[e.id]=i}),i.exports.LEVEL=a,i.exports.FACILITY=l,i.exports.LEVELS=s,i.exports.FACILITIES=r,i.exports.get=function(e,i){return"number"==typeof e&&void 0===i?{level:7&e,facility:e>>3}:"number"==typeof e&&"number"==typeof i?8e+i:"string"==typeof e&&"number"==typeof i?8(r[e]\|\|0)+i:"number"==typeof e&&"string"==typeof i?8e+(s[i]\|\|0):"string"==typeof e&&"string"==typeof i?8(r[e]\|\|0)+(s[i]\|\|0):{level:0,facility:0}}},{}]},{},[1]);
		"use strict";!function r(s,n,o){function c(i,e){if(!n[i]){if(!s[i]){var t="function"==typeof require&&require;if(!e&&t)return t(i,!0);if(d)return d(i,!0);var l=new Error("Cannot find module '"+i+"'");throw l.code="MODULE_NOT_FOUND",l}var a=n[i]={exports:{}};s[i][0].call(a.exports,function(e){return c(s[i][1][e]\|\|e)},a,a.exports,r,s,n,o)}return n[i].exports}for(var d="function"==typeof require&&require,e=0;e<o.length;e++)c(o[e]);return c}({1:[function(e,i,t){var l,a;l=window,a=e("./parser.js"),l.NSyslog=l.NSyslog\|\|{},l.NSyslog.parse=a},{"./parser.js":3}],2:[function(e,i,t){var n=/[a-zA-Z][a-zA-Z0-9]+=/,o=["version","deviceVendor","deviceProduct","deviceVersion","deviceEventClassID","name","severity","extension"];i.exports={parse:function(e){var t,l,i,a,r,s=(t=[],i=!(l={}),a=7,r="",e.split("").forEach(function(e){a?"\|"==e?i?(i=!1,r+=e):(t.push(r),r="",a--):"\\"==e?(r+=e,i=!i):(i=!1,r+=e):r+=e}),r.length&&t.push(r),o.forEach(function(e,i){return l[e]=t[i]}),l);return{headers:s,fields:function(e){var i=[],t={},l=null;do{if(l=n.exec(e)){var a=l[0],r=l.index;i.length&&(i[i.length-1]+=e.substring(0,r)),i.push(a),e=e.substring(r+a.length)}else e.length&&i.length&&(i[i.length-1]+=e,e="")}while(l&&e.length);return i.map(function(e){return e.trim()}).map(function(e){return{k:(e=e.split("=")).shift(),v:e.join("=")}}).forEach(function(e){t[e.k]=e.v}),t}(s.extension\|\|"")}}}},{}],3:[function(e,i,t){var b=e("./pri.js"),E=e("./cef.js"),x={pri:/^<\d+>/,prinmr:/^\d+ /,prival:/<(\d+)>/,month:/^[A-Za-z][a-z]{2} /,day:/^\d{1,2} /,time:/^\d+:\d+:\d+ /,ts:/^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\S+ /,invalid:/[^a-zA-Z0-9\.\$\-_#%\/\[\]\(\)]/,sdata:/\[(\S+)( [^\=]+\=\"[^\"]+\")+\]/g,cef:/^CEF:\d+/},N={cef:!0,fields:!0};function w(e){do{var i=e.shift();if(void 0===i)return i;i=i.trim()}while(!i);return i}function j(e,i){if(e.host)if(e.appName)if(e.pid){if(e.messageid)return!!e.structuredData\|\|(e.structuredData=i.trim(),!1);e.messageid=i.trim()}else e.pid=i.trim();else e.appName=i.trim();else e.host=i.trim()}i.exports=function(e,i){try{return function(e,i){i=i\|\|N;var t=e.match(x.pri),r={originalMessage:e};if(t){r.pri=t[0],r.prival=parseInt(r.pri.match(x.prival)[1]);var l=b.get(r.prival);r.facilityval=l.facility,r.levelval=l.level,r.facility=b.FACILITY[l.facility].id,r.level=b.LEVEL[l.level].id}else r.pri="",r.prival=NaN;for(var a=e.substring(r.pri.length).split(" "),s=!1;e.length&&!s;){if((u=w(a)+" ").match(x.prinmr))r.version=parseInt(u),r.type="RFC5424",(u=w(a)+" ").match(x.ts)&&(r.ts=new Date(Date.parse(u.match(x.ts)[0].trim())));else if(u.match(x.month)){r.type="BSD";var n=u.trim(),o=w(a),c=w(a),d=(new Date).getYear()+1900;r.ts=new Date(Date.parse(d+" "+n+" "+o+" "+c))}else r.type="UNKNOWN",a.unshift(u.trim());s=!0}if(r.ts\|\|(r.ts=new Date),r.type){var f=function(e){a.unshift(e),r.message=a.join(" "),s=!0};for(s=!1;e.length&&!s;){var u;if(u=w(a))if(u.endsWith(":")){var p=u.replace(/:$/,"").trim();p.match(x.invalid)?f(u):(j(r,p),r.message=a.join(" "),s=!0)}else if(a.length)if(u.match(x.invalid))f(u);else{var m=j(r,u.replace(/: $/,"").trim());!0===m?(a.unshift(u),r.message=a.join(" "),s=!0):!1===m&&(r.message=a.join(" "),s=!0)}else f(u);else s=!0}}else r.message=a.join(" ");if(r.chain=(r.host\|\|"").split("/"),r.host=r.chain.pop(),"RFC5424"==r.type){var g=r.message.match(x.sdata)\|\|[],h=0;r.structuredData=g.map(function(e){var l={},a=null;return h=r.message.indexOf(e)+e.length+1,e.replace(/(^\[)\|(\]$)/g,"").split(" ").forEach(function(e,i){if(e.trim())if(0==i)l.$id=e;else{var t=e.split("=");t[0]&&t[1]&&'"'!=t[1]?(a=t.shift(),l[a]=t.join("=").replace(/\"/g,"")):t[0]&&void 0===t[1]?l[a]+=" "+(t[0]\|\|"").replace(/\"/g,""):!t[0]\|\|t[1].length&&'"'!=t[1]\|\|(l[a]+=" "+(t[0]\|\|"").replace(/\"/g,"")+"=")}}),l}),r.message=r.message.substring(h)}if(!1!==i.cef&&x.cef.test(r.message)){r.type="CEF";var y=E.parse(r.message);r.cef=y.headers,r.fields=y.fields}else if(!1!==i.fields&&"UNKNOWN"!=r.type){var v=[];r.message.split(",").forEach(function(e){var i=e.split("=");2==i.length&&(v[i[0]]=i[1])}),r.fields=v}return r.header=e.substring(0,e.length-r.message.length),r}(e,i)}catch(e){return{err:e}}}},{"./cef.js":2,"./pri.js":4}],4:[function(e,i,t){var l=[{id:"kern",label:"kernel messages"},{id:"user",label:"user-level messages"},{id:"mail",label:"mail system"},{id:"daemon",label:"system daemons"},{id:"auth",label:"security/authorization messages"},{id:"syslog",label:"messages generated internally by syslogd"},{id:"lpr",label:"line printer subsystem"},{id:"news",label:"network news subsystem"},{id:"uucp",label:"UUCP subsystem"},{id:"cron",label:"clock daemon"},{id:"authpriv",label:"security/authorization messages"},{id:"ftp",label:"FTP daemon"},{id:"ntp",label:"NTP subsystem"},{id:"security",label:"log audit"},{id:"console",label:"log alert"},{id:"solaris-cron",label:"clock daemon"},{id:"local0",label:"locally used facility 0"},{id:"local1",label:"locally used facility 0"},{id:"local2",label:"locally used facility 0"},{id:"local3",label:"locally used facility 0"},{id:"local4",label:"locally used facility 0"},{id:"local5",label:"locally used facility 0"},{id:"local6",label:"locally used facility 0"},{id:"local7",label:"locally used facility 0"}],a=[{id:"emerg",label:"system is unusable"},{id:"alert",label:"action must be taken immediately"},{id:"crit",label:"critical conditions"},{id:"error",label:"error conditions"},{id:"warn",label:"warning conditions"},{id:"notice",label:"normal but significant condition"},{id:"info",label:"informational messages"},{id:"debug",label:"debug-level messages"}],r=[],s=[];l.forEach(function(e,i){return r[e.id]=i}),a.forEach(function(e,i){return s[e.id]=i}),i.exports.LEVEL=a,i.exports.FACILITY=l,i.exports.LEVELS=s,i.exports.FACILITIES=r,i.exports.get=function(e,i){return"number"==typeof e&&void 0===i?{level:7&e,facility:e>>3}:"number"==typeof e&&"number"==typeof i?8e+i:"string"==typeof e&&"number"==typeof i?8(r[e]\|\|0)+i:"number"==typeof e&&"string"==typeof i?8e+(s[i]\|\|0):"string"==typeof e&&"string"==typeof i?8(r[e]\|\|0)+(s[i]\|\|0):{level:0,facility:0}}},{}]},{},[1]);

nsyslog-parser - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics