MCPcopy
hub / github.com/crowdsecurity/crowdsec / parseEvent

Function parseEvent

cmd/crowdsec/parse.go:15–57  ·  view source on GitHub ↗
(
	event pipeline.Event,
	parserCTX parser.UnixParserCtx,
	nodes []parser.Node,
	stageCollector *parser.StageParseCollector,
)

Source from the content-addressed store, hash-verified

13)
14
15func parseEvent(
16 event pipeline.Event,
17 parserCTX parser.UnixParserCtx,
18 nodes []parser.Node,
19 stageCollector *parser.StageParseCollector,
20) *pipeline.Event {
21 if !event.Process {
22 return nil
23 }
24 /*Application security engine is going to generate 2 events:
25 - one that is treated as a log and can go to scenarios
26 - another one that will go directly to LAPI*/
27 if event.Type == pipeline.APPSEC {
28 outEvents <- event
29 return nil
30 }
31 if event.Line.Module == "" {
32 log.Errorf("empty event.Line.Module field, the acquisition module must set it ! : %+v", event.Line)
33 return nil
34 }
35 metrics.GlobalParserHits.With(prometheus.Labels{"source": event.Line.Src, "type": event.Line.Module}).Inc()
36
37 startParsing := time.Now()
38 /* parse the log using magic */
39 parsed, err := parser.Parse(parserCTX, event, nodes, stageCollector)
40 if err != nil {
41 log.Errorf("failed parsing: %v", err)
42 }
43 elapsed := time.Since(startParsing)
44 metrics.GlobalParsingHistogram.With(prometheus.Labels{"source": event.Line.Src, "type": event.Line.Module}).Observe(elapsed.Seconds())
45 if !parsed.Process {
46 metrics.GlobalParserHitsKo.With(prometheus.Labels{"source": event.Line.Src, "type": event.Line.Module, "acquis_type": event.Line.Labels["type"]}).Inc()
47 log.Debugf("Discarding line %+v", parsed)
48 return nil
49 }
50 metrics.GlobalParserHitsOk.With(prometheus.Labels{"source": event.Line.Src, "type": event.Line.Module, "acquis_type": event.Line.Labels["type"]}).Inc()
51 if parsed.Whitelisted {
52 log.Debugf("event whitelisted, discard")
53 return nil
54 }
55
56 return &parsed
57}
58
59func runParse(ctx context.Context, input chan pipeline.Event, output chan pipeline.Event, parserCTX parser.UnixParserCtx, nodes []parser.Node, stageCollector *parser.StageParseCollector) {
60 for {

Callers 1

runParseFunction · 0.85

Calls 3

ParseFunction · 0.92
IncMethod · 0.80
WithMethod · 0.45

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…