Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

nsyslog-parser

Package Overview
Dependencies
Maintainers
1
Versions
35
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

nsyslog-parser - npm Package Compare versions

Comparing version 0.8.8 to 0.9.0

0

browser.js

@@ -0,0 +0,0 @@ "use strict";

0

cef.js

@@ -0,0 +0,0 @@ const FRX = /[a-zA-Z][a-zA-Z0-9]+=/;

777

dist/nsyslog-parser.js
"use strict";
(function () {
function r(e, n, t) {
function o(i, f) {
if (!n[i]) {
if (!e[i]) {
var c = "function" == typeof require && require;if (!f && c) return c(i, !0);if (u) return u(i, !0);var a = new Error("Cannot find module '" + i + "'");throw a.code = "MODULE_NOT_FOUND", a;
}var p = n[i] = { exports: {} };e[i][0].call(p.exports, function (r) {
var n = e[i][1][r];return o(n || r);
}, p, p.exports, r, e, n, t);
}return n[i].exports;
}for (var u = "function" == typeof require && require, i = 0; i < t.length; i++) {
o(t[i]);
}return o;
}return r;
})()({ 1: [function (require, module, exports) {
"use strict";
function r(e, n, t) {
function o(i, f) {
if (!n[i]) {
if (!e[i]) {
var c = "function" == typeof require && require;
if (!f && c) return c(i, !0);
if (u) return u(i, !0);
var a = new Error("Cannot find module '" + i + "'");
throw a.code = "MODULE_NOT_FOUND", a;
}
(function ($) {
var parser = require("./parser.js");
$.NSyslog = $.NSyslog || {};
$.NSyslog.parse = parser;
})(window);
}, { "./parser.js": 3 }], 2: [function (require, module, exports) {
var FRX = /[a-zA-Z][a-zA-Z0-9]+=/;
var CEP_FIELDS = ["version", "deviceVendor", "deviceProduct", "deviceVersion", "deviceEventClassID", "name", "severity", "extension"];
var p = n[i] = {
exports: {}
};
e[i][0].call(p.exports, function (r) {
var n = e[i][1][r];
return o(n || r);
}, p, p.exports, r, e, n, t);
}
function splitHeaders(text) {
var arr = [],
map = {};
var scape = false;
var fields = 7;
var curr = "";
return n[i].exports;
}
text.split("").forEach(function (ch) {
if (!fields) {
curr += ch;
} else {
if (ch == "|") {
if (scape) {
scape = false;
curr += ch;
} else {
arr.push(curr);
curr = "";
fields--;
}
} else if (ch == "\\") {
curr += ch;
scape = !scape;
} else {
scape = false;
curr += ch;
}
}
});
for (var u = "function" == typeof require && require, i = 0; i < t.length; i++) {
o(t[i]);
}
if (curr.length) arr.push(curr);
return o;
}
CEP_FIELDS.forEach(function (f, i) {
return map[f] = arr[i];
});
return map;
}
return r;
})()({
1: [function (require, module, exports) {
"use strict";
function splitFields(msg) {
var tokens = msg.split(" ");
var map = {};
(function ($) {
var parser = require("./parser.js");
var token = null;
while (tokens.length) {
if (!token) {
token = tokens.shift();
if (token.indexOf('=') >= 0) {
var kv = token.split("=");
token = kv[0];
map[token] = kv[1];
} else {
map[token] = "";
}
} else {
var val = tokens.shift();
if (val.indexOf('=') < 0) {
map[token] += " " + val;
} else {
token = null;
tokens.unshift(val);
}
}
}
$.NSyslog = $.NSyslog || {};
$.NSyslog.parse = parser;
})(window);
}, {
"./parser.js": 3
}],
2: [function (require, module, exports) {
var FRX = /[a-zA-Z][a-zA-Z0-9]+=/;
var CEP_FIELDS = ["version", "deviceVendor", "deviceProduct", "deviceVersion", "deviceEventClassID", "name", "severity", "extension"];
return map;
}
function splitHeaders(text) {
var arr = [],
map = {};
var scape = false;
var fields = 7;
var curr = "";
text.split("").forEach(function (ch) {
if (!fields) {
curr += ch;
} else {
if (ch == "|") {
if (scape) {
scape = false;
curr += ch;
} else {
arr.push(curr);
curr = "";
fields--;
}
} else if (ch == "\\") {
curr += ch;
scape = !scape;
} else {
scape = false;
curr += ch;
}
}
});
if (curr.length) arr.push(curr);
CEP_FIELDS.forEach(function (f, i) {
return map[f] = arr[i];
});
return map;
}
module.exports = {
parse: function parse(text) {
var headers = splitHeaders(text);
var fields = splitFields(headers.extension || "");
return {
headers: headers,
fields: fields
};
}
};
}, {}], 3: [function (require, module, exports) {
var Pri = require("./pri.js"),
CEF = require("./cef.js");
function splitFields(msg) {
var tokens = msg.split(" ");
var map = {};
var token = null;
var RXS = {
"pri": /^<\d+>/,
"prinmr": /^\d+ /,
"prival": /<(\d+)>/,
"month": /^[A-Za-z][a-z]{2} /,
"day": /^\d{1,2} /,
"time": /^\d+:\d+:\d+ /,
"ts": /^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\S+ /,
"invalid": /[^a-zA-Z0-9\.\$\-_#%\/\[\]\(\)]/,
"sdata": /\[(\S+)( [^\=]+\=\"[^\"]+\")+\]/g,
"cef": /^CEF:\d+/
};
while (tokens.length) {
if (!token) {
token = tokens.shift();
var DOPS = {
cef: true,
fields: true,
pid: true
};
if (token.indexOf('=') >= 0) {
var kv = token.split("=");
token = kv[0];
map[token] = kv[1];
} else {
map[token] = "";
}
} else {
var val = tokens.shift();
function peek(arr) {
do {
var item = arr.shift();
if (item === undefined) return item;else item = item.trim();
} while (!item);
if (val.indexOf('=') < 0) {
map[token] += " ".concat(val);
} else {
token = null;
tokens.unshift(val);
}
}
}
return item;
}
return map;
}
function assign(entry, item) {
if (!entry.host) entry.host = item.trim();else if (!entry.appName) entry.appName = item.trim();else if (!entry.pid) entry.pid = item.trim();else if (!entry.messageid) entry.messageid = item.trim();else if (!entry.structuredData) {
entry.structuredData = item.trim();
return false;
} else return true;
}
module.exports = {
parse: function parse(text) {
var headers = splitHeaders(text);
var fields = splitFields(headers.extension || "");
return {
headers: headers,
fields: fields
};
}
};
}, {}],
3: [function (require, module, exports) {
var Pri = require("./pri.js"),
CEF = require("./cef.js");
function parse(line, opts) {
opts = opts || DOPS;
var RXS = {
"pri": /^<\d+>/,
"prinmr": /^\d+ /,
"prival": /<(\d+)>/,
"month": /^[A-Za-z][a-z]{2} /,
"day": /^\d{1,2} /,
"time": /^\d+:\d+:\d+ /,
"ts": /^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\S+ /,
"invalid": /[^a-zA-Z0-9\.\$\-_#%\/\[\]\(\)]/,
"sdata": /\[(\S+)( [^\=]+\=\"[^\"]+\")+\]/g,
"cef": /^CEF:\d+/
};
var DOPS = {
cef: true,
fields: true,
pid: true
};
var pri = line.match(RXS.pri);
var entry = {
originalMessage: line
};
function peek(arr) {
do {
var item = arr.shift();
if (item === undefined) return item;else item = item.trim();
} while (!item);
// First priority
if (pri) {
entry.pri = pri[0];
entry.prival = parseInt(entry.pri.match(RXS.prival)[1]);
var prival = Pri.get(entry.prival);
entry.facilityval = prival.facility;
entry.levelval = prival.level;
entry.facility = Pri.FACILITY[prival.facility].id;
entry.level = Pri.LEVEL[prival.level].id;
} else {
entry.pri = "";
entry.prival = NaN;
}
return item;
}
//Split message
var items = line.substring(entry.pri.length).split(" ");
function assign(entry, item) {
if (!entry.host) entry.host = item.trim();else if (!entry.appName) entry.appName = item.trim();else if (!entry.pid) entry.pid = item.trim();else if (!entry.messageid) entry.messageid = item.trim();else if (!entry.structuredData) {
entry.structuredData = item.trim();
return false;
} else return true;
}
// Date search
var endparse = false;
while (line.length && !endparse) {
var item = peek(items) + " ";
function parse(line, opts) {
opts = opts || DOPS;
var pri = line.match(RXS.pri);
var entry = {
originalMessage: line
}; // First priority
// RFC RFC5424
if (item.match(RXS.prinmr)) {
entry.version = parseInt(item);
entry.type = "RFC5424";
item = peek(items) + " ";
if (item.match(RXS.ts)) {
entry.ts = new Date(Date.parse(item.match(RXS.ts)[0].trim()));
}
}
// BSD
else if (item.match(RXS.month)) {
entry.type = "BSD";
var month = item.trim();
var day = peek(items);
var time = peek(items);
var year = new Date().getYear() + 1900;
entry.ts = new Date(Date.parse(year + " " + month + " " + day + " " + time));
} else {
entry.type = "UNKNOWN";
items.unshift(item.trim());
}
endparse = true;
}
if (pri) {
entry.pri = pri[0];
entry.prival = parseInt(entry.pri.match(RXS.prival)[1]);
var prival = Pri.get(entry.prival);
entry.facilityval = prival.facility;
entry.levelval = prival.level;
entry.facility = Pri.FACILITY[prival.facility].id;
entry.level = Pri.LEVEL[prival.level].id;
} else {
entry.pri = "";
entry.prival = NaN;
} //Split message
// No timestamp
if (!entry.ts) entry.ts = new Date();
// Is a standard syslog message
if (entry.type) {
var invalidate = function invalidate(item) {
items.unshift(item);
entry.message = items.join(" ");
endparse = true;
};
var items = line.substring(entry.pri.length).split(" "); // Date search
endparse = false;
var endparse = false;
while (line.length && !endparse) {
var item = peek(items);
if (!item) {
endparse = true;
} else if (item.endsWith(":")) {
var eitem = item.replace(/:$/, "").trim();
if (eitem.match(RXS.invalid)) {
invalidate(item);
} else {
assign(entry, eitem);
entry.message = items.join(" ");
endparse = true;
}
} else if (!items.length) {
invalidate(item);
} else {
// Invalid item (malformed message)
if (item.match(RXS.invalid)) {
invalidate(item);
} else {
var r = assign(entry, item.replace(/: $/, "").trim());
if (r === true) {
items.unshift(item);
entry.message = items.join(" ");
endparse = true;
} else if (r === false) {
entry.message = items.join(" ");
endparse = true;
}
}
}
}
} else {
entry.message = items.join(" ");
}
while (line.length && !endparse) {
var item = peek(items) + " "; // RFC RFC5424
// Chained hostnames
entry.chain = (entry.host || "").split("/");
entry.host = entry.chain.pop();
if (item.match(RXS.prinmr)) {
entry.version = parseInt(item);
entry.type = "RFC5424";
item = peek(items) + " ";
// Structured data
if (entry.type == "RFC5424") {
var sdata = entry.message.match(RXS.sdata) || [];
var idx = 0;
entry.structuredData = sdata.map(function (item) {
var map = {},
nokeys = [];
var lastKey = null;
idx = entry.message.indexOf(item) + item.length + 1;
item.replace(/(^\[)|(\]$)/g, "").split(" ").forEach(function (t, i) {
// Extra space
if (!t.trim()) return;
// First element (ID of data)
if (i == 0) {
map["$id"] = t;
}
// Key/Pair values
else {
var kv = t.split("=");
// Correct key/value pair
if (kv[0] && kv[1] && kv[1] != '"') {
lastKey = kv.shift();
map[lastKey] = kv.join("=").replace(/\"/g, "");
}
// Last key had values separated by spaces
else if (kv[0] && kv[1] === undefined) {
map[lastKey] += " " + (kv[0] || "").replace(/\"/g, "");
} else if (kv[0] && (!kv[1].length || kv[1] == '"')) {
map[lastKey] += " " + (kv[0] || "").replace(/\"/g, "") + "=";
}
}
});
return map;
});
entry.message = entry.message.substring(idx);
}
if (item.match(RXS.ts)) {
entry.ts = new Date(Date.parse(item.match(RXS.ts)[0].trim()));
}
} // BSD
else if (item.match(RXS.month)) {
entry.type = "BSD";
var month = item.trim();
var day = peek(items);
var time = peek(items);
var year = new Date().getYear() + 1900;
entry.ts = new Date(Date.parse(year + " " + month + " " + day + " " + time));
} else {
entry.type = "UNKNOWN";
items.unshift(item.trim());
}
// CEF Event message
if (opts.cef !== false && RXS.cef.test(entry.message)) {
entry.type = "CEF";
var cef = CEF.parse(entry.message);
entry.cef = cef.headers;
entry.fields = cef.fields;
}
// Default syslog message
else if (opts.fields !== false && entry.type != "UNKNOWN") {
// Message with fields
var fields = [];
entry.message.split(",").forEach(function (kv) {
var prop = kv.split("=");
if (prop.length == 2) fields[prop[0]] = prop[1];
});
entry.fields = fields;
}
endparse = true;
} // No timestamp
// header
entry.header = line.substring(0, line.length - entry.message.length);
// PID
if (opts.pid && entry.appName && entry.appName.endsWith("]")) {
var _idx = entry.appName.indexOf("[");
if (_idx >= 0) {
entry.pid = entry.appName.substring(_idx + 1, entry.appName.length - 1);
entry.appName = entry.appName.substring(0, _idx);
}
}
if (!entry.ts) entry.ts = new Date(); // Is a standard syslog message
return entry;
}
if (entry.type) {
var invalidate = function invalidate(item) {
items.unshift(item);
entry.message = items.join(" ");
endparse = true;
};
module.exports = function (line, opts) {
try {
return parse(line, opts);
} catch (err) {
return { err: err };
}
};
}, { "./cef.js": 2, "./pri.js": 4 }], 4: [function (require, module, exports) {
var FACILITY = [{ id: "kern", label: "kernel messages" }, { id: "user", label: "user-level messages" }, { id: "mail", label: "mail system" }, { id: "daemon", label: "system daemons" }, { id: "auth", label: "security/authorization messages" }, { id: "syslog", label: "messages generated internally by syslogd" }, { id: "lpr", label: "line printer subsystem" }, { id: "news", label: "network news subsystem" }, { id: "uucp", label: "UUCP subsystem" }, { id: "cron", label: "clock daemon" }, { id: "authpriv", label: "security/authorization messages" }, { id: "ftp", label: "FTP daemon" }, { id: "ntp", label: "NTP subsystem" }, { id: "security", label: "log audit" }, { id: "console", label: "log alert" }, { id: "solaris-cron", label: "clock daemon" }, { id: "local0", label: "locally used facility 0" }, { id: "local1", label: "locally used facility 0" }, { id: "local2", label: "locally used facility 0" }, { id: "local3", label: "locally used facility 0" }, { id: "local4", label: "locally used facility 0" }, { id: "local5", label: "locally used facility 0" }, { id: "local6", label: "locally used facility 0" }, { id: "local7", label: "locally used facility 0" }];
endparse = false;
var LEVEL = [{ id: "emerg", label: "system is unusable" }, { id: "alert", label: "action must be taken immediately" }, { id: "crit", label: "critical conditions" }, { id: "error", label: "error conditions" }, { id: "warn", label: "warning conditions" }, { id: "notice", label: "normal but significant condition" }, { id: "info", label: "informational messages" }, { id: "debug", label: "debug-level messages" }];
while (line.length && !endparse) {
var item = peek(items);
var FACILITY_MAP = [];
var LEVEL_MAP = [];
if (!item) {
endparse = true;
} else if (item.endsWith(":")) {
var eitem = item.replace(/:$/, "").trim();
FACILITY.forEach(function (f, i) {
return FACILITY_MAP[f.id] = i;
});
LEVEL.forEach(function (l, i) {
return LEVEL_MAP[l.id] = i;
});
if (eitem.match(RXS.invalid)) {
invalidate(item);
} else {
assign(entry, eitem);
entry.message = items.join(" ");
endparse = true;
}
} else if (!items.length) {
invalidate(item);
} else {
// Invalid item (malformed message)
if (item.match(RXS.invalid)) {
invalidate(item);
} else {
var r = assign(entry, item.replace(/: $/, "").trim());
module.exports.LEVEL = LEVEL;
module.exports.FACILITY = FACILITY;
module.exports.LEVELS = LEVEL_MAP;
module.exports.FACILITIES = FACILITY_MAP;
module.exports.get = function (val1, val2) {
if (typeof val1 == "number" && typeof val2 == "undefined") {
return {
level: val1 & 0x7,
facility: val1 >> 3
};
} else if (typeof val1 == "number" && typeof val2 == "number") {
return val1 * 8 + val2;
} else if (typeof val1 == "string" && typeof val2 == "number") {
return (FACILITY_MAP[val1] || 0) * 8 + val2;
} else if (typeof val1 == "number" && typeof val2 == "string") {
return val1 * 8 + (LEVEL_MAP[val2] || 0);
} else if (typeof val1 == "string" && typeof val2 == "string") {
return (FACILITY_MAP[val1] || 0) * 8 + (LEVEL_MAP[val2] || 0);
} else {
return { level: 0, facility: 0 };
}
};
}, {}] }, {}, [1]);
if (r === true) {
items.unshift(item);
entry.message = items.join(" ");
endparse = true;
} else if (r === false) {
entry.message = items.join(" ");
endparse = true;
}
}
}
}
} else {
entry.message = items.join(" ");
} // Chained hostnames
entry.chain = (entry.host || "").split("/");
entry.host = entry.chain.pop(); // Structured data
if (entry.type == "RFC5424") {
var sdata = entry.message.match(RXS.sdata) || [];
var idx = 0;
entry.structuredData = sdata.map(function (item) {
var map = {},
nokeys = [];
var lastKey = null;
idx = entry.message.indexOf(item) + item.length + 1;
item.replace(/(^\[)|(\]$)/g, "").split(" ").forEach(function (t, i) {
// Extra space
if (!t.trim()) return; // First element (ID of data)
if (i == 0) {
map["$id"] = t;
} // Key/Pair values
else {
var kv = t.split("="); // Correct key/value pair
if (kv[0] && kv[1] && kv[1] != '"') {
lastKey = kv.shift();
map[lastKey] = kv.join("=").replace(/\"/g, "");
} // Last key had values separated by spaces
else if (kv[0] && kv[1] === undefined) {
map[lastKey] += " " + (kv[0] || "").replace(/\"/g, "");
} else if (kv[0] && (!kv[1].length || kv[1] == '"')) {
map[lastKey] += " " + (kv[0] || "").replace(/\"/g, "") + "=";
}
}
});
return map;
});
entry.message = entry.message.substring(idx);
} // CEF Event message
if (opts.cef !== false && RXS.cef.test(entry.message)) {
entry.type = "CEF";
var cef = CEF.parse(entry.message);
entry.cef = cef.headers;
entry.fields = cef.fields;
} // Default syslog message
else if (opts.fields !== false && entry.type != "UNKNOWN") {
// Message with fields
var fields = [];
entry.message.split(",").forEach(function (kv) {
var prop = kv.split("=");
if (prop.length == 2) fields[prop[0]] = prop[1];
});
entry.fields = fields;
} // header
entry.header = line.substring(0, line.length - entry.message.length); // PID
if (opts.pid && entry.appName && entry.appName.endsWith("]")) {
var _idx = entry.appName.indexOf("[");
if (_idx >= 0) {
entry.pid = entry.appName.substring(_idx + 1, entry.appName.length - 1);
entry.appName = entry.appName.substring(0, _idx);
}
}
return entry;
}
module.exports = function (line, opts) {
try {
return parse(line, opts);
} catch (err) {
return {
err: err
};
}
};
}, {
"./cef.js": 2,
"./pri.js": 4
}],
4: [function (require, module, exports) {
var FACILITY = [{
id: "kern",
label: "kernel messages"
}, {
id: "user",
label: "user-level messages"
}, {
id: "mail",
label: "mail system"
}, {
id: "daemon",
label: "system daemons"
}, {
id: "auth",
label: "security/authorization messages"
}, {
id: "syslog",
label: "messages generated internally by syslogd"
}, {
id: "lpr",
label: "line printer subsystem"
}, {
id: "news",
label: "network news subsystem"
}, {
id: "uucp",
label: "UUCP subsystem"
}, {
id: "cron",
label: "clock daemon"
}, {
id: "authpriv",
label: "security/authorization messages"
}, {
id: "ftp",
label: "FTP daemon"
}, {
id: "ntp",
label: "NTP subsystem"
}, {
id: "security",
label: "log audit"
}, {
id: "console",
label: "log alert"
}, {
id: "solaris-cron",
label: "clock daemon"
}, {
id: "local0",
label: "locally used facility 0"
}, {
id: "local1",
label: "locally used facility 0"
}, {
id: "local2",
label: "locally used facility 0"
}, {
id: "local3",
label: "locally used facility 0"
}, {
id: "local4",
label: "locally used facility 0"
}, {
id: "local5",
label: "locally used facility 0"
}, {
id: "local6",
label: "locally used facility 0"
}, {
id: "local7",
label: "locally used facility 0"
}];
var LEVEL = [{
id: "emerg",
label: "system is unusable"
}, {
id: "alert",
label: "action must be taken immediately"
}, {
id: "crit",
label: "critical conditions"
}, {
id: "error",
label: "error conditions"
}, {
id: "warn",
label: "warning conditions"
}, {
id: "notice",
label: "normal but significant condition"
}, {
id: "info",
label: "informational messages"
}, {
id: "debug",
label: "debug-level messages"
}];
var FACILITY_MAP = [];
var LEVEL_MAP = [];
FACILITY.forEach(function (f, i) {
return FACILITY_MAP[f.id] = i;
});
LEVEL.forEach(function (l, i) {
return LEVEL_MAP[l.id] = i;
});
module.exports.LEVEL = LEVEL;
module.exports.FACILITY = FACILITY;
module.exports.LEVELS = LEVEL_MAP;
module.exports.FACILITIES = FACILITY_MAP;
module.exports.get = function (val1, val2) {
if (typeof val1 == "number" && typeof val2 == "undefined") {
return {
level: val1 & 0x7,
facility: val1 >> 3
};
} else if (typeof val1 == "number" && typeof val2 == "number") {
return val1 * 8 + val2;
} else if (typeof val1 == "string" && typeof val2 == "number") {
return (FACILITY_MAP[val1] || 0) * 8 + val2;
} else if (typeof val1 == "number" && typeof val2 == "string") {
return val1 * 8 + (LEVEL_MAP[val2] || 0);
} else if (typeof val1 == "string" && typeof val2 == "string") {
return (FACILITY_MAP[val1] || 0) * 8 + (LEVEL_MAP[val2] || 0);
} else {
return {
level: 0,
facility: 0
};
}
};
}, {}]
}, {}, [1]);
//# sourceMappingURL=nsyslog-parser.js.map

2

dist/nsyslog-parser.min.js
/*! nsyslog-parser 2019-04-11 */
"use strict";!function s(r,n,o){function c(i,e){if(!n[i]){if(!r[i]){var a="function"==typeof require&&require;if(!e&&a)return a(i,!0);if(d)return d(i,!0);var t=new Error("Cannot find module '"+i+"'");throw t.code="MODULE_NOT_FOUND",t}var l=n[i]={exports:{}};r[i][0].call(l.exports,function(e){return c(r[i][1][e]||e)},l,l.exports,s,r,n,o)}return n[i].exports}for(var d="function"==typeof require&&require,e=0;e<o.length;e++)c(o[e]);return c}({1:[function(e,i,a){var t,l;t=window,l=e("./parser.js"),t.NSyslog=t.NSyslog||{},t.NSyslog.parse=l},{"./parser.js":3}],2:[function(e,i,a){var n=["version","deviceVendor","deviceProduct","deviceVersion","deviceEventClassID","name","severity","extension"];i.exports={parse:function(e){var a,t,i,l,s,r=(a=[],i=!(t={}),l=7,s="",e.split("").forEach(function(e){l?"|"==e?i?(i=!1,s+=e):(a.push(s),s="",l--):"\\"==e?(s+=e,i=!i):(i=!1,s+=e):s+=e}),s.length&&a.push(s),n.forEach(function(e,i){return t[e]=a[i]}),t);return{headers:r,fields:function(e){for(var i=e.split(" "),a={},t=null;i.length;)if(t){var l=i.shift();l.indexOf("=")<0?a[t]+=" "+l:(t=null,i.unshift(l))}else if(0<=(t=i.shift()).indexOf("=")){var s=t.split("=");a[t=s[0]]=s[1]}else a[t]="";return a}(r.extension||"")}}}},{}],3:[function(e,i,a){var N=e("./pri.js"),E=e("./cef.js"),x={pri:/^<\d+>/,prinmr:/^\d+ /,prival:/<(\d+)>/,month:/^[A-Za-z][a-z]{2} /,day:/^\d{1,2} /,time:/^\d+:\d+:\d+ /,ts:/^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\S+ /,invalid:/[^a-zA-Z0-9\.\$\-_#%\/\[\]\(\)]/,sdata:/\[(\S+)( [^\=]+\=\"[^\"]+\")+\]/g,cef:/^CEF:\d+/},w={cef:!0,fields:!0,pid:!0};function D(e){do{var i=e.shift();if(void 0===i)return i;i=i.trim()}while(!i);return i}function j(e,i){if(e.host)if(e.appName)if(e.pid){if(e.messageid)return!!e.structuredData||(e.structuredData=i.trim(),!1);e.messageid=i.trim()}else e.pid=i.trim();else e.appName=i.trim();else e.host=i.trim()}i.exports=function(e,i){try{return function(e,i){i=i||w;var a=e.match(x.pri),s={originalMessage:e};if(a){s.pri=a[0],s.prival=parseInt(s.pri.match(x.prival)[1]);var t=N.get(s.prival);s.facilityval=t.facility,s.levelval=t.level,s.facility=N.FACILITY[t.facility].id,s.level=N.LEVEL[t.level].id}else s.pri="",s.prival=NaN;for(var l=e.substring(s.pri.length).split(" "),r=!1;e.length&&!r;){if((u=D(l)+" ").match(x.prinmr))s.version=parseInt(u),s.type="RFC5424",(u=D(l)+" ").match(x.ts)&&(s.ts=new Date(Date.parse(u.match(x.ts)[0].trim())));else if(u.match(x.month)){s.type="BSD";var n=u.trim(),o=D(l),c=D(l),d=(new Date).getYear()+1900;s.ts=new Date(Date.parse(d+" "+n+" "+o+" "+c))}else s.type="UNKNOWN",l.unshift(u.trim());r=!0}if(s.ts||(s.ts=new Date),s.type){var f=function(e){l.unshift(e),s.message=l.join(" "),r=!0};for(r=!1;e.length&&!r;){var u;if(u=D(l))if(u.endsWith(":")){var p=u.replace(/:$/,"").trim();p.match(x.invalid)?f(u):(j(s,p),s.message=l.join(" "),r=!0)}else if(l.length)if(u.match(x.invalid))f(u);else{var m=j(s,u.replace(/: $/,"").trim());!0===m?(l.unshift(u),s.message=l.join(" "),r=!0):!1===m&&(s.message=l.join(" "),r=!0)}else f(u);else r=!0}}else s.message=l.join(" ");if(s.chain=(s.host||"").split("/"),s.host=s.chain.pop(),"RFC5424"==s.type){var g=s.message.match(x.sdata)||[],y=0;s.structuredData=g.map(function(e){var t={},l=null;return y=s.message.indexOf(e)+e.length+1,e.replace(/(^\[)|(\]$)/g,"").split(" ").forEach(function(e,i){if(e.trim())if(0==i)t.$id=e;else{var a=e.split("=");a[0]&&a[1]&&'"'!=a[1]?(l=a.shift(),t[l]=a.join("=").replace(/\"/g,"")):a[0]&&void 0===a[1]?t[l]+=" "+(a[0]||"").replace(/\"/g,""):!a[0]||a[1].length&&'"'!=a[1]||(t[l]+=" "+(a[0]||"").replace(/\"/g,"")+"=")}}),t}),s.message=s.message.substring(y)}if(!1!==i.cef&&x.cef.test(s.message)){s.type="CEF";var h=E.parse(s.message);s.cef=h.headers,s.fields=h.fields}else if(!1!==i.fields&&"UNKNOWN"!=s.type){var v=[];s.message.split(",").forEach(function(e){var i=e.split("=");2==i.length&&(v[i[0]]=i[1])}),s.fields=v}if(s.header=e.substring(0,e.length-s.message.length),i.pid&&s.appName&&s.appName.endsWith("]")){var b=s.appName.indexOf("[");0<=b&&(s.pid=s.appName.substring(b+1,s.appName.length-1),s.appName=s.appName.substring(0,b))}return s}(e,i)}catch(e){return{err:e}}}},{"./cef.js":2,"./pri.js":4}],4:[function(e,i,a){var t=[{id:"kern",label:"kernel messages"},{id:"user",label:"user-level messages"},{id:"mail",label:"mail system"},{id:"daemon",label:"system daemons"},{id:"auth",label:"security/authorization messages"},{id:"syslog",label:"messages generated internally by syslogd"},{id:"lpr",label:"line printer subsystem"},{id:"news",label:"network news subsystem"},{id:"uucp",label:"UUCP subsystem"},{id:"cron",label:"clock daemon"},{id:"authpriv",label:"security/authorization messages"},{id:"ftp",label:"FTP daemon"},{id:"ntp",label:"NTP subsystem"},{id:"security",label:"log audit"},{id:"console",label:"log alert"},{id:"solaris-cron",label:"clock daemon"},{id:"local0",label:"locally used facility 0"},{id:"local1",label:"locally used facility 0"},{id:"local2",label:"locally used facility 0"},{id:"local3",label:"locally used facility 0"},{id:"local4",label:"locally used facility 0"},{id:"local5",label:"locally used facility 0"},{id:"local6",label:"locally used facility 0"},{id:"local7",label:"locally used facility 0"}],l=[{id:"emerg",label:"system is unusable"},{id:"alert",label:"action must be taken immediately"},{id:"crit",label:"critical conditions"},{id:"error",label:"error conditions"},{id:"warn",label:"warning conditions"},{id:"notice",label:"normal but significant condition"},{id:"info",label:"informational messages"},{id:"debug",label:"debug-level messages"}],s=[],r=[];t.forEach(function(e,i){return s[e.id]=i}),l.forEach(function(e,i){return r[e.id]=i}),i.exports.LEVEL=l,i.exports.FACILITY=t,i.exports.LEVELS=r,i.exports.FACILITIES=s,i.exports.get=function(e,i){return"number"==typeof e&&void 0===i?{level:7&e,facility:e>>3}:"number"==typeof e&&"number"==typeof i?8*e+i:"string"==typeof e&&"number"==typeof i?8*(s[e]||0)+i:"number"==typeof e&&"string"==typeof i?8*e+(r[i]||0):"string"==typeof e&&"string"==typeof i?8*(s[e]||0)+(r[i]||0):{level:0,facility:0}}},{}]},{},[1]);
"use strict";!function r(s,n,o){function c(i,e){if(!n[i]){if(!s[i]){var t="function"==typeof require&&require;if(!e&&t)return t(i,!0);if(d)return d(i,!0);var a=new Error("Cannot find module '"+i+"'");throw a.code="MODULE_NOT_FOUND",a}var l=n[i]={exports:{}};s[i][0].call(l.exports,function(e){return c(s[i][1][e]||e)},l,l.exports,r,s,n,o)}return n[i].exports}for(var d="function"==typeof require&&require,e=0;e<o.length;e++)c(o[e]);return c}({1:[function(e,i,t){var a,l;a=window,l=e("./parser.js"),a.NSyslog=a.NSyslog||{},a.NSyslog.parse=l},{"./parser.js":3}],2:[function(e,i,t){var s=["version","deviceVendor","deviceProduct","deviceVersion","deviceEventClassID","name","severity","extension"];i.exports={parse:function(e){var i=function(e){var t=[],a={},i=!1,l=7,r="";return e.split("").forEach(function(e){l?"|"==e?i?(i=!1,r+=e):(t.push(r),r="",l--):"\\"==e?(r+=e,i=!i):(i=!1,r+=e):r+=e}),r.length&&t.push(r),s.forEach(function(e,i){return a[e]=t[i]}),a}(e);return{headers:i,fields:function(e){for(var i=e.split(" "),t={},a=null;i.length;)if(a){var l=i.shift();l.indexOf("=")<0?t[a]+=" ".concat(l):(a=null,i.unshift(l))}else if(0<=(a=i.shift()).indexOf("=")){var r=a.split("=");t[a=r[0]]=r[1]}else t[a]="";return t}(i.extension||"")}}}},{}],3:[function(e,i,t){var N=e("./pri.js"),E=e("./cef.js"),x={pri:/^<\d+>/,prinmr:/^\d+ /,prival:/<(\d+)>/,month:/^[A-Za-z][a-z]{2} /,day:/^\d{1,2} /,time:/^\d+:\d+:\d+ /,ts:/^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\S+ /,invalid:/[^a-zA-Z0-9\.\$\-_#%\/\[\]\(\)]/,sdata:/\[(\S+)( [^\=]+\=\"[^\"]+\")+\]/g,cef:/^CEF:\d+/},w={cef:!0,fields:!0,pid:!0};function D(e){do{var i=e.shift();if(void 0===i)return i;i=i.trim()}while(!i);return i}function j(e,i){if(e.host)if(e.appName)if(e.pid){if(e.messageid)return!!e.structuredData||(e.structuredData=i.trim(),!1);e.messageid=i.trim()}else e.pid=i.trim();else e.appName=i.trim();else e.host=i.trim()}i.exports=function(e,i){try{return function(e,i){i=i||w;var t=e.match(x.pri),r={originalMessage:e};if(t){r.pri=t[0],r.prival=parseInt(r.pri.match(x.prival)[1]);var a=N.get(r.prival);r.facilityval=a.facility,r.levelval=a.level,r.facility=N.FACILITY[a.facility].id,r.level=N.LEVEL[a.level].id}else r.pri="",r.prival=NaN;for(var l=e.substring(r.pri.length).split(" "),s=!1;e.length&&!s;){if((u=D(l)+" ").match(x.prinmr))r.version=parseInt(u),r.type="RFC5424",(u=D(l)+" ").match(x.ts)&&(r.ts=new Date(Date.parse(u.match(x.ts)[0].trim())));else if(u.match(x.month)){r.type="BSD";var n=u.trim(),o=D(l),c=D(l),d=(new Date).getYear()+1900;r.ts=new Date(Date.parse(d+" "+n+" "+o+" "+c))}else r.type="UNKNOWN",l.unshift(u.trim());s=!0}if(r.ts||(r.ts=new Date),r.type){var f=function(e){l.unshift(e),r.message=l.join(" "),s=!0};for(s=!1;e.length&&!s;){var u;if(u=D(l))if(u.endsWith(":")){var p=u.replace(/:$/,"").trim();p.match(x.invalid)?f(u):(j(r,p),r.message=l.join(" "),s=!0)}else if(l.length)if(u.match(x.invalid))f(u);else{var m=j(r,u.replace(/: $/,"").trim());!0===m?(l.unshift(u),r.message=l.join(" "),s=!0):!1===m&&(r.message=l.join(" "),s=!0)}else f(u);else s=!0}}else r.message=l.join(" ");if(r.chain=(r.host||"").split("/"),r.host=r.chain.pop(),"RFC5424"==r.type){var g=r.message.match(x.sdata)||[],y=0;r.structuredData=g.map(function(e){var a={},l=null;return y=r.message.indexOf(e)+e.length+1,e.replace(/(^\[)|(\]$)/g,"").split(" ").forEach(function(e,i){if(e.trim())if(0==i)a.$id=e;else{var t=e.split("=");t[0]&&t[1]&&'"'!=t[1]?(l=t.shift(),a[l]=t.join("=").replace(/\"/g,"")):t[0]&&void 0===t[1]?a[l]+=" "+(t[0]||"").replace(/\"/g,""):!t[0]||t[1].length&&'"'!=t[1]||(a[l]+=" "+(t[0]||"").replace(/\"/g,"")+"=")}}),a}),r.message=r.message.substring(y)}if(!1!==i.cef&&x.cef.test(r.message)){r.type="CEF";var v=E.parse(r.message);r.cef=v.headers,r.fields=v.fields}else if(!1!==i.fields&&"UNKNOWN"!=r.type){var h=[];r.message.split(",").forEach(function(e){var i=e.split("=");2==i.length&&(h[i[0]]=i[1])}),r.fields=h}if(r.header=e.substring(0,e.length-r.message.length),i.pid&&r.appName&&r.appName.endsWith("]")){var b=r.appName.indexOf("[");0<=b&&(r.pid=r.appName.substring(b+1,r.appName.length-1),r.appName=r.appName.substring(0,b))}return r}(e,i)}catch(e){return{err:e}}}},{"./cef.js":2,"./pri.js":4}],4:[function(e,i,t){var a=[{id:"kern",label:"kernel messages"},{id:"user",label:"user-level messages"},{id:"mail",label:"mail system"},{id:"daemon",label:"system daemons"},{id:"auth",label:"security/authorization messages"},{id:"syslog",label:"messages generated internally by syslogd"},{id:"lpr",label:"line printer subsystem"},{id:"news",label:"network news subsystem"},{id:"uucp",label:"UUCP subsystem"},{id:"cron",label:"clock daemon"},{id:"authpriv",label:"security/authorization messages"},{id:"ftp",label:"FTP daemon"},{id:"ntp",label:"NTP subsystem"},{id:"security",label:"log audit"},{id:"console",label:"log alert"},{id:"solaris-cron",label:"clock daemon"},{id:"local0",label:"locally used facility 0"},{id:"local1",label:"locally used facility 0"},{id:"local2",label:"locally used facility 0"},{id:"local3",label:"locally used facility 0"},{id:"local4",label:"locally used facility 0"},{id:"local5",label:"locally used facility 0"},{id:"local6",label:"locally used facility 0"},{id:"local7",label:"locally used facility 0"}],l=[{id:"emerg",label:"system is unusable"},{id:"alert",label:"action must be taken immediately"},{id:"crit",label:"critical conditions"},{id:"error",label:"error conditions"},{id:"warn",label:"warning conditions"},{id:"notice",label:"normal but significant condition"},{id:"info",label:"informational messages"},{id:"debug",label:"debug-level messages"}],r=[],s=[];a.forEach(function(e,i){return r[e.id]=i}),l.forEach(function(e,i){return s[e.id]=i}),i.exports.LEVEL=l,i.exports.FACILITY=a,i.exports.LEVELS=s,i.exports.FACILITIES=r,i.exports.get=function(e,i){return"number"==typeof e&&void 0===i?{level:7&e,facility:e>>3}:"number"==typeof e&&"number"==typeof i?8*e+i:"string"==typeof e&&"number"==typeof i?8*(r[e]||0)+i:"number"==typeof e&&"string"==typeof i?8*e+(s[i]||0):"string"==typeof e&&"string"==typeof i?8*(r[e]||0)+(s[i]||0):{level:0,facility:0}}},{}]},{},[1]);

2

Gruntfile.js

@@ -19,3 +19,3 @@ module.exports = function(grunt) {

sourceMap: true,
presets: ['es2015']
presets: ['@babel/preset-env']
},

@@ -22,0 +22,0 @@ dist: {

17

package.json
{
"name": "nsyslog-parser",
"version": "0.8.8",
"version": "0.9.0",
"description": "Syslog Parser. Accepts RFC 3164 (BSD), RFC 5424 and CEF formats",

@@ -25,12 +25,11 @@ "author": "David Gómez Matarrodona <solzimer@gmail.com>",

"devDependencies": {
"babel-core": "^6.26.3",
"babel-preset-es2015": "^6.24.1",
"grunt": "^1.0.3",
"grunt-babel": "^7.0.0",
"@babel/core": "^7.4.3",
"@babel/preset-env": "^7.4.3",
"grunt": "^1.0.4",
"grunt-babel": "^8.0.0",
"grunt-browserify": "^5.3.0",
"grunt-contrib-clean": "^1.1.0",
"grunt-contrib-uglify": "^3.4.0",
"load-grunt-tasks": "^4.0.0",
"uglify": "^0.1.5"
"grunt-contrib-clean": "^2.0.0",
"grunt-contrib-uglify": "^4.0.1",
"load-grunt-tasks": "^4.0.0"
}
}

0

parser.js

@@ -0,0 +0,0 @@ const

0

pri.js

@@ -0,0 +0,0 @@ const FACILITY = [

0

README.md

@@ -0,0 +0,0 @@ # nsyslog-parser

0

test.js

@@ -0,0 +0,0 @@ const parser = require("./parser.js");

0

test/cef.js

@@ -0,0 +0,0 @@ module.exports = [

0

test/examples.js

@@ -0,0 +0,0 @@ module.exports = [

.git/hooks/README.sample
.gitattributes

Sorry, the diff of this file is not supported yet

dist/nsyslog-parser.js.map

Sorry, the diff of this file is not supported yet

LICENSE

Sorry, the diff of this file is not supported yet

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc