MCPcopy
hub / github.com/crowdsecurity/crowdsec / parseLine

Method parseLine

pkg/acquisition/modules/syslog/run.go:196–246  ·  view source on GitHub ↗
(syslogLine syslogserver.SyslogMessage)

Source from the content-addressed store, hash-verified

194}
195
196func (s *Source) parseLine(syslogLine syslogserver.SyslogMessage) (string, error) {
197 var line string
198
199 logger := s.logger.WithField("client", syslogLine.Client)
200 logger.Tracef("raw: %s", syslogLine)
201
202 if s.metricsLevel != metrics.AcquisitionMetricsLevelNone {
203 metrics.SyslogDataSourceLinesReceived.With(prometheus.Labels{"source": syslogLine.Client, "datasource_type": ModuleName, "acquis_type": s.config.Labels["type"]}).Inc()
204 }
205
206 if s.config.DisableRFCParser {
207 rest, err := stripPRI(syslogLine.Message)
208 if err != nil {
209 return "", err
210 }
211
212 return strings.TrimSuffix(string(rest), "\n"), nil
213 }
214
215 var err3164, err5424 error
216 p := rfc3164.NewRFC3164Parser(rfc3164.WithCurrentYear())
217
218 err := p.Parse(syslogLine.Message)
219 if err != nil {
220 err3164 = err
221
222 p2 := rfc5424.NewRFC5424Parser()
223
224 err = p2.Parse(syslogLine.Message)
225 if err != nil {
226 return "", &ParseError{
227 Reason: ErrUnrecognized,
228 RawMessage: syslogLine.Message,
229 RFC3164: err3164,
230 RFC5424: err5424,
231 }
232 }
233
234 line = s.buildLogFromSyslog(p2.Timestamp, p2.Hostname, p2.Tag, p2.PID, p2.Message)
235 if s.metricsLevel != metrics.AcquisitionMetricsLevelNone {
236 metrics.SyslogDataSourceLinesParsed.With(prometheus.Labels{"source": syslogLine.Client, "type": "rfc5424", "datasource_type": ModuleName, "acquis_type": s.config.Labels["type"]}).Inc()
237 }
238 } else {
239 line = s.buildLogFromSyslog(p.Timestamp, p.Hostname, p.Tag, p.PID, p.Message)
240 if s.metricsLevel != metrics.AcquisitionMetricsLevelNone {
241 metrics.SyslogDataSourceLinesParsed.With(prometheus.Labels{"source": syslogLine.Client, "type": "rfc3164", "datasource_type": ModuleName, "acquis_type": s.config.Labels["type"]}).Inc()
242 }
243 }
244
245 return strings.TrimSuffix(line, "\n"), nil
246}

Callers 1

msgToEventMethod · 0.95

Calls 9

buildLogFromSyslogMethod · 0.95
NewRFC3164ParserFunction · 0.92
WithCurrentYearFunction · 0.92
NewRFC5424ParserFunction · 0.92
stripPRIFunction · 0.85
TracefMethod · 0.80
IncMethod · 0.80
WithMethod · 0.45
ParseMethod · 0.45

Tested by

no test coverage detected