bitbucket.org/Aishee/synsec@v0.0.0-20210414005726-236fc01a153d/cmd/synsec/parse.go

bitbucket.org/Aishee/synsec@v0.0.0-20210414005726-236fc01a153d/cmd/synsec/parse.go (about)

     1  package main
     2  
     3  import (
     4  	"errors"
     5  
     6  	"github.com/prometheus/client_golang/prometheus"
     7  	log "github.com/sirupsen/logrus"
     8  
     9  	"bitbucket.org/Aishee/synsec/pkg/parser"
    10  	"bitbucket.org/Aishee/synsec/pkg/types"
    11  )
    12  
    13  func runParse(input chan types.Event, output chan types.Event, parserCTX parser.UnixParserCtx, nodes []parser.Node) error {
    14  
    15  LOOP:
    16  	for {
    17  		select {
    18  		case <-parsersTomb.Dying():
    19  			log.Infof("Killing parser routines")
    20  			break LOOP
    21  		case event := <-input:
    22  			if !event.Process {
    23  				continue
    24  			}
    25  			globalParserHits.With(prometheus.Labels{"source": event.Line.Src}).Inc()
    26  
    27  			/* parse the log using magic */
    28  			parsed, error := parser.Parse(parserCTX, event, nodes)
    29  			if error != nil {
    30  				log.Errorf("failed parsing : %v\n", error)
    31  				return errors.New("parsing failed :/")
    32  			}
    33  			if !parsed.Process {
    34  				globalParserHitsKo.With(prometheus.Labels{"source": event.Line.Src}).Inc()
    35  				log.Debugf("Discarding line %+v", parsed)
    36  				continue
    37  			}
    38  			globalParserHitsOk.With(prometheus.Labels{"source": event.Line.Src}).Inc()
    39  			if parsed.Whitelisted {
    40  				log.Debugf("event whitelisted, discard")
    41  				continue
    42  			}
    43  			output <- parsed
    44  		}
    45  	}
    46  	return nil
    47  }