|
Packit |
1422b7 |
/*
|
|
Packit |
1422b7 |
* liblognorm - a fast samples-based log normalization library
|
|
Packit |
1422b7 |
* Copyright 2010-2015 by Rainer Gerhards and Adiscon GmbH.
|
|
Packit |
1422b7 |
*
|
|
Packit |
1422b7 |
* Modified by Pavel Levshin (pavel@levshin.spb.ru) in 2013
|
|
Packit |
1422b7 |
*
|
|
Packit |
1422b7 |
* This file is part of liblognorm.
|
|
Packit |
1422b7 |
*
|
|
Packit |
1422b7 |
* This library is free software; you can redistribute it and/or
|
|
Packit |
1422b7 |
* modify it under the terms of the GNU Lesser General Public
|
|
Packit |
1422b7 |
* License as published by the Free Software Foundation; either
|
|
Packit |
1422b7 |
* version 2.1 of the License, or (at your option) any later version.
|
|
Packit |
1422b7 |
*
|
|
Packit |
1422b7 |
* This library is distributed in the hope that it will be useful,
|
|
Packit |
1422b7 |
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit |
1422b7 |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Packit |
1422b7 |
* Lesser General Public License for more details.
|
|
Packit |
1422b7 |
*
|
|
Packit |
1422b7 |
* You should have received a copy of the GNU Lesser General Public
|
|
Packit |
1422b7 |
* License along with this library; if not, write to the Free Software
|
|
Packit |
1422b7 |
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
|
Packit |
1422b7 |
*
|
|
Packit |
1422b7 |
* A copy of the LGPL v2.1 can be found in the file "COPYING" in this distribution.
|
|
Packit |
1422b7 |
*/
|
|
Packit |
1422b7 |
#ifndef LIBLOGNORM_V1_PARSER_H_INCLUDED
|
|
Packit |
1422b7 |
#define LIBLOGNORM_V1_PARSER_H_INCLUDED
|
|
Packit |
1422b7 |
#include "v1_ptree.h"
|
|
Packit |
1422b7 |
|
|
Packit |
1422b7 |
|
|
Packit |
1422b7 |
/**
|
|
Packit |
1422b7 |
* Parser interface
|
|
Packit |
1422b7 |
* @param[in] str the to-be-parsed string
|
|
Packit |
1422b7 |
* @param[in] strLen length of the to-be-parsed string
|
|
Packit |
1422b7 |
* @param[in] offs an offset into the string
|
|
Packit |
1422b7 |
* @param[in] node fieldlist with additional data; for simple
|
|
Packit |
1422b7 |
* parsers, this sets variable "ed", which just is
|
|
Packit |
1422b7 |
* string data.
|
|
Packit |
1422b7 |
* @param[out] parsed bytes
|
|
Packit |
1422b7 |
* @param[out] json object containing parsed data (can be unused)
|
|
Packit |
1422b7 |
* @return 0 on success, something else otherwise
|
|
Packit |
1422b7 |
*/
|
|
Packit |
1422b7 |
|
|
Packit |
1422b7 |
/**
|
|
Packit |
1422b7 |
* Parser for RFC5424 date.
|
|
Packit |
1422b7 |
*/
|
|
Packit |
1422b7 |
int ln_parseRFC5424Date(const char *str, size_t strlen, size_t *offs, const ln_fieldList_t *node, size_t *parsed,
|
|
Packit |
1422b7 |
struct json_object **value);
|
|
Packit |
1422b7 |
|
|
Packit |
1422b7 |
/**
|
|
Packit |
1422b7 |
* Parser for RFC3164 date.
|
|
Packit |
1422b7 |
*/
|
|
Packit |
1422b7 |
int ln_parseRFC3164Date(const char *str, size_t strlen, size_t *offs, const ln_fieldList_t *node, size_t *parsed,
|
|
Packit |
1422b7 |
struct json_object **value);
|
|
Packit |
1422b7 |
|
|
Packit |
1422b7 |
/**
|
|
Packit |
1422b7 |
* Parser for numbers.
|
|
Packit |
1422b7 |
*/
|
|
Packit |
1422b7 |
int ln_parseNumber(const char *str, size_t strlen, size_t *offs, const ln_fieldList_t *node, size_t *parsed,
|
|
Packit |
1422b7 |
struct json_object **value);
|
|
Packit |
1422b7 |
|
|
Packit |
1422b7 |
/**
|
|
Packit |
1422b7 |
* Parser for real-number in floating-pt representation
|
|
Packit |
1422b7 |
*/
|
|
Packit |
1422b7 |
int ln_parseFloat(const char *str, size_t strlen, size_t *offs, const ln_fieldList_t *node, size_t *parsed,
|
|
Packit |
1422b7 |
struct json_object **value);
|
|
Packit |
1422b7 |
|
|
Packit |
1422b7 |
/**
|
|
Packit |
1422b7 |
* Parser for hex numbers.
|
|
Packit |
1422b7 |
*/
|
|
Packit |
1422b7 |
int ln_parseHexNumber(const char *str, size_t strlen, size_t *offs, const ln_fieldList_t *node, size_t *parsed,
|
|
Packit |
1422b7 |
struct json_object **value);
|
|
Packit |
1422b7 |
|
|
Packit |
1422b7 |
|
|
Packit |
1422b7 |
/**
|
|
Packit |
1422b7 |
* Parser for kernel timestamps.
|
|
Packit |
1422b7 |
*/
|
|
Packit |
1422b7 |
int ln_parseKernelTimestamp(const char *str, size_t strlen, size_t *offs, const ln_fieldList_t *node, size_t *parsed,
|
|
Packit |
1422b7 |
struct json_object **value);
|
|
Packit |
1422b7 |
|
|
Packit |
1422b7 |
/**
|
|
Packit |
1422b7 |
* Parser for whitespace
|
|
Packit |
1422b7 |
*/
|
|
Packit |
1422b7 |
int ln_parseWhitespace(const char *str, size_t strlen, size_t *offs, const ln_fieldList_t *node, size_t *parsed,
|
|
Packit |
1422b7 |
struct json_object **value);
|
|
Packit |
1422b7 |
|
|
Packit |
1422b7 |
|
|
Packit |
1422b7 |
/**
|
|
Packit |
1422b7 |
* Parser for Words (SP-terminated strings).
|
|
Packit |
1422b7 |
*/
|
|
Packit |
1422b7 |
int ln_parseWord(const char *str, size_t strlen, size_t *offs, const ln_fieldList_t *node, size_t *parsed,
|
|
Packit |
1422b7 |
struct json_object **value);
|
|
Packit |
1422b7 |
|
|
Packit |
1422b7 |
|
|
Packit |
1422b7 |
/**
|
|
Packit |
1422b7 |
* Parse everything up to a specific string.
|
|
Packit |
1422b7 |
*/
|
|
Packit |
1422b7 |
int ln_parseStringTo(const char *str, size_t strlen, size_t *offs, const ln_fieldList_t *node, size_t *parsed,
|
|
Packit |
1422b7 |
struct json_object **value);
|
|
Packit |
1422b7 |
|
|
Packit |
1422b7 |
/**
|
|
Packit |
1422b7 |
* Parser for Alphabetic words (no numbers, punct, ctrl, space).
|
|
Packit |
1422b7 |
*/
|
|
Packit |
1422b7 |
int ln_parseAlpha(const char *str, size_t strlen, size_t *offs, const ln_fieldList_t *node, size_t *parsed,
|
|
Packit |
1422b7 |
struct json_object **value);
|
|
Packit |
1422b7 |
|
|
Packit |
1422b7 |
|
|
Packit |
1422b7 |
/**
|
|
Packit |
1422b7 |
* Parse everything up to a specific character.
|
|
Packit |
1422b7 |
*/
|
|
Packit |
1422b7 |
int ln_parseCharTo(const char *str, size_t strlen, size_t *offs, const ln_fieldList_t *node, size_t *parsed,
|
|
Packit |
1422b7 |
struct json_object **value);
|
|
Packit |
1422b7 |
|
|
Packit |
1422b7 |
/**
|
|
Packit |
1422b7 |
* Parse everything up to a specific character (relaxed constraints, suitable for CSV)
|
|
Packit |
1422b7 |
*/
|
|
Packit |
1422b7 |
int ln_parseCharSeparated(const char *str, size_t strlen, size_t *offs, const ln_fieldList_t *node, size_t *parsed,
|
|
Packit |
1422b7 |
struct json_object **value);
|
|
Packit |
1422b7 |
|
|
Packit |
1422b7 |
|
|
Packit |
1422b7 |
/**
|
|
Packit |
1422b7 |
* Get everything till the rest of string.
|
|
Packit |
1422b7 |
*/
|
|
Packit |
1422b7 |
int ln_parseRest(const char *str, size_t strlen, size_t *offs, const ln_fieldList_t *node, size_t *parsed,
|
|
Packit |
1422b7 |
struct json_object **value);
|
|
Packit |
1422b7 |
|
|
Packit |
1422b7 |
/**
|
|
Packit |
1422b7 |
* Parse an optionally quoted string.
|
|
Packit |
1422b7 |
*/
|
|
Packit |
1422b7 |
int ln_parseOpQuotedString(const char *str, size_t strlen, size_t *offs, const ln_fieldList_t *node,
|
|
Packit |
1422b7 |
size_t *parsed, struct json_object **value);
|
|
Packit |
1422b7 |
|
|
Packit |
1422b7 |
/**
|
|
Packit |
1422b7 |
* Parse a quoted string.
|
|
Packit |
1422b7 |
*/
|
|
Packit |
1422b7 |
int ln_parseQuotedString(const char *str, size_t strlen, size_t *offs, const ln_fieldList_t *node, size_t *parsed,
|
|
Packit |
1422b7 |
struct json_object **value);
|
|
Packit |
1422b7 |
|
|
Packit |
1422b7 |
/**
|
|
Packit |
1422b7 |
* Parse an ISO date.
|
|
Packit |
1422b7 |
*/
|
|
Packit |
1422b7 |
int ln_parseISODate(const char *str, size_t strlen, size_t *offs, const ln_fieldList_t *node, size_t *parsed,
|
|
Packit |
1422b7 |
struct json_object **value);
|
|
Packit |
1422b7 |
|
|
Packit |
1422b7 |
|
|
Packit |
1422b7 |
/**
|
|
Packit |
1422b7 |
* Parse a timestamp in 12hr format.
|
|
Packit |
1422b7 |
*/
|
|
Packit |
1422b7 |
int ln_parseTime12hr(const char *str, size_t strlen, size_t *offs, const ln_fieldList_t *node, size_t *parsed,
|
|
Packit |
1422b7 |
struct json_object **value);
|
|
Packit |
1422b7 |
|
|
Packit |
1422b7 |
/**
|
|
Packit |
1422b7 |
* Parse a timestamp in 24hr format.
|
|
Packit |
1422b7 |
*/
|
|
Packit |
1422b7 |
int ln_parseTime24hr(const char *str, size_t strlen, size_t *offs, const ln_fieldList_t *node, size_t *parsed,
|
|
Packit |
1422b7 |
struct json_object **value);
|
|
Packit |
1422b7 |
|
|
Packit |
1422b7 |
/**
|
|
Packit |
1422b7 |
* Parse a duration.
|
|
Packit |
1422b7 |
*/
|
|
Packit |
1422b7 |
int ln_parseDuration(const char *str, size_t strlen, size_t *offs, const ln_fieldList_t *node, size_t *parsed,
|
|
Packit |
1422b7 |
struct json_object **value);
|
|
Packit |
1422b7 |
|
|
Packit |
1422b7 |
/**
|
|
Packit |
1422b7 |
* Parser for IPv4 addresses.
|
|
Packit |
1422b7 |
*/
|
|
Packit |
1422b7 |
int ln_parseIPv4(const char *str, size_t strlen, size_t *offs, const ln_fieldList_t *node, size_t *parsed,
|
|
Packit |
1422b7 |
struct json_object **value);
|
|
Packit |
1422b7 |
|
|
Packit |
1422b7 |
/**
|
|
Packit |
1422b7 |
* Parser for IPv6 addresses.
|
|
Packit |
1422b7 |
*/
|
|
Packit |
1422b7 |
int ln_parseIPv6(const char *str, size_t strlen, size_t *offs, const ln_fieldList_t *node, size_t *parsed,
|
|
Packit |
1422b7 |
struct json_object **value);
|
|
Packit |
1422b7 |
|
|
Packit |
1422b7 |
/**
|
|
Packit |
1422b7 |
* Parse JSON.
|
|
Packit |
1422b7 |
*/
|
|
Packit |
1422b7 |
int ln_parseJSON(const char *str, size_t strlen, size_t *offs, const ln_fieldList_t *node, size_t *parsed,
|
|
Packit |
1422b7 |
struct json_object **value);
|
|
Packit |
1422b7 |
|
|
Packit |
1422b7 |
/**
|
|
Packit |
1422b7 |
* Parse cee syslog.
|
|
Packit |
1422b7 |
*/
|
|
Packit |
1422b7 |
int ln_parseCEESyslog(const char *str, size_t strlen, size_t *offs, const ln_fieldList_t *node, size_t *parsed,
|
|
Packit |
1422b7 |
struct json_object **value);
|
|
Packit |
1422b7 |
|
|
Packit |
1422b7 |
/**
|
|
Packit |
1422b7 |
* Parse iptables log, the new way
|
|
Packit |
1422b7 |
*/
|
|
Packit |
1422b7 |
int ln_parsev2IPTables(const char *str, size_t strlen, size_t *offs, const ln_fieldList_t *node, size_t *parsed,
|
|
Packit |
1422b7 |
struct json_object **value);
|
|
Packit |
1422b7 |
|
|
Packit |
1422b7 |
/**
|
|
Packit |
1422b7 |
* Parser Cisco interface specifiers
|
|
Packit |
1422b7 |
*/
|
|
Packit |
1422b7 |
int ln_parseCiscoInterfaceSpec(const char *str, size_t strlen, size_t *offs, const ln_fieldList_t *node,
|
|
Packit |
1422b7 |
size_t *parsed, struct json_object **value);
|
|
Packit |
1422b7 |
|
|
Packit |
1422b7 |
/**
|
|
Packit |
1422b7 |
* Parser 48 bit MAC layer addresses.
|
|
Packit |
1422b7 |
*/
|
|
Packit |
1422b7 |
int ln_parseMAC48(const char *str, size_t strlen, size_t *offs, const ln_fieldList_t *node, size_t *parsed,
|
|
Packit |
1422b7 |
struct json_object **value);
|
|
Packit |
1422b7 |
|
|
Packit |
1422b7 |
/**
|
|
Packit |
1422b7 |
* Parser for CEF version 0.
|
|
Packit |
1422b7 |
*/
|
|
Packit |
1422b7 |
int ln_parseCEF(const char *str, size_t strlen, size_t *offs, const ln_fieldList_t *node, size_t *parsed,
|
|
Packit |
1422b7 |
struct json_object **value);
|
|
Packit |
1422b7 |
|
|
Packit |
1422b7 |
/**
|
|
Packit |
1422b7 |
* Parser for Checkpoint LEA.
|
|
Packit |
1422b7 |
*/
|
|
Packit |
1422b7 |
int ln_parseCheckpointLEA(const char *str, size_t strlen, size_t *offs, const ln_fieldList_t *node, size_t *parsed,
|
|
Packit |
1422b7 |
struct json_object **value);
|
|
Packit |
1422b7 |
|
|
Packit |
1422b7 |
/**
|
|
Packit |
1422b7 |
* Parser for name/value pairs.
|
|
Packit |
1422b7 |
*/
|
|
Packit |
1422b7 |
int ln_parseNameValue(const char *str, size_t strlen, size_t *offs, const ln_fieldList_t *node, size_t *parsed,
|
|
Packit |
1422b7 |
struct json_object **value);
|
|
Packit |
1422b7 |
|
|
Packit |
1422b7 |
/**
|
|
Packit |
1422b7 |
* Get all tokens separated by tokenizer-string as array.
|
|
Packit |
1422b7 |
*/
|
|
Packit |
1422b7 |
int ln_parseTokenized(const char *str, size_t strlen, size_t *offs, const ln_fieldList_t *node, size_t *parsed,
|
|
Packit |
1422b7 |
struct json_object **value);
|
|
Packit |
1422b7 |
|
|
Packit |
1422b7 |
void* tokenized_parser_data_constructor(ln_fieldList_t *node, ln_ctx ctx);
|
|
Packit |
1422b7 |
void tokenized_parser_data_destructor(void** dataPtr);
|
|
Packit |
1422b7 |
|
|
Packit |
1422b7 |
#ifdef FEATURE_REGEXP
|
|
Packit |
1422b7 |
/**
|
|
Packit |
1422b7 |
* Get field matching regex
|
|
Packit |
1422b7 |
*/
|
|
Packit |
1422b7 |
int ln_parseRegex(const char *str, size_t strlen, size_t *offs, const ln_fieldList_t *node, size_t *parsed,
|
|
Packit |
1422b7 |
struct json_object **value);
|
|
Packit |
1422b7 |
|
|
Packit |
1422b7 |
void* regex_parser_data_constructor(ln_fieldList_t *node, ln_ctx ctx);
|
|
Packit |
1422b7 |
void regex_parser_data_destructor(void** dataPtr);
|
|
Packit |
1422b7 |
#endif
|
|
Packit |
1422b7 |
|
|
Packit |
1422b7 |
/**
|
|
Packit |
1422b7 |
* Match using the 'current' or 'separate rulebase' all over again from current match position
|
|
Packit |
1422b7 |
*/
|
|
Packit |
1422b7 |
int ln_parseRecursive(const char *str, size_t strlen, size_t *offs, const ln_fieldList_t *node, size_t *parsed,
|
|
Packit |
1422b7 |
struct json_object **value);
|
|
Packit |
1422b7 |
|
|
Packit |
1422b7 |
void* recursive_parser_data_constructor(ln_fieldList_t *node, ln_ctx ctx);
|
|
Packit |
1422b7 |
void* descent_parser_data_constructor(ln_fieldList_t *node, ln_ctx ctx);
|
|
Packit |
1422b7 |
void recursive_parser_data_destructor(void** dataPtr);
|
|
Packit |
1422b7 |
|
|
Packit |
1422b7 |
/**
|
|
Packit |
1422b7 |
* Get interpreted field
|
|
Packit |
1422b7 |
*/
|
|
Packit |
1422b7 |
int ln_parseInterpret(const char *str, size_t strlen, size_t *offs, const ln_fieldList_t *node,
|
|
Packit |
1422b7 |
size_t *parsed, struct json_object **value);
|
|
Packit |
1422b7 |
|
|
Packit |
1422b7 |
void* interpret_parser_data_constructor(ln_fieldList_t *node, ln_ctx ctx);
|
|
Packit |
1422b7 |
void interpret_parser_data_destructor(void** dataPtr);
|
|
Packit |
1422b7 |
|
|
Packit |
1422b7 |
/**
|
|
Packit |
1422b7 |
* Parse a suffixed field
|
|
Packit |
1422b7 |
*/
|
|
Packit |
1422b7 |
int ln_parseSuffixed(const char *str, size_t strlen, size_t *offs, const ln_fieldList_t *node, size_t *parsed,
|
|
Packit |
1422b7 |
struct json_object **value);
|
|
Packit |
1422b7 |
|
|
Packit |
1422b7 |
void* suffixed_parser_data_constructor(ln_fieldList_t *node, ln_ctx ctx);
|
|
Packit |
1422b7 |
void* named_suffixed_parser_data_constructor(ln_fieldList_t *node, ln_ctx ctx);
|
|
Packit |
1422b7 |
void suffixed_parser_data_destructor(void** dataPtr);
|
|
Packit |
1422b7 |
|
|
Packit |
1422b7 |
#endif /* #ifndef LIBLOGNORM_V1_PARSER_H_INCLUDED */
|