bitbucket.org/Aishee/synsec@v0.0.0-20210414005726-236fc01a153d/pkg/parser/unix_parser.go (about) 1 package parser 2 3 import ( 4 "fmt" 5 "io/ioutil" 6 7 "bitbucket.org/Aishee/synsec/pkg/csconfig" 8 9 "github.com/logrusorgru/grokky" 10 log "github.com/sirupsen/logrus" 11 ) 12 13 type UnixParserCtx struct { 14 Grok grokky.Host 15 Stages []string 16 Profiling bool 17 DataFolder string 18 } 19 20 type Parsers struct { 21 Ctx *UnixParserCtx 22 Povfwctx *UnixParserCtx 23 StageFiles []Stagefile 24 PovfwStageFiles []Stagefile 25 Nodes []Node 26 Povfwnodes []Node 27 EnricherCtx []EnricherCtx 28 } 29 30 func Init(c map[string]interface{}) (*UnixParserCtx, error) { 31 r := UnixParserCtx{} 32 r.Grok = grokky.NewBase() 33 files, err := ioutil.ReadDir(c["patterns"].(string)) 34 if err != nil { 35 return nil, err 36 } 37 r.DataFolder = c["data"].(string) 38 for _, f := range files { 39 if err := r.Grok.AddFromFile(c["patterns"].(string) + f.Name()); err != nil { 40 log.Errorf("failed to load pattern %s : %v", f.Name(), err) 41 return nil, err 42 } 43 } 44 log.Debugf("Loaded %d pattern files", len(files)) 45 return &r, nil 46 } 47 48 func LoadParsers(cConfig *csconfig.Config, parsers *Parsers) (*Parsers, error) { 49 var err error 50 51 log.Infof("Loading grok library %s", cConfig.Synsec.ConfigDir+string("/patterns/")) 52 /* load base regexps for two grok parsers */ 53 parsers.Ctx, err = Init(map[string]interface{}{"patterns": cConfig.Synsec.ConfigDir + string("/patterns/"), 54 "data": cConfig.Synsec.DataDir}) 55 if err != nil { 56 return parsers, fmt.Errorf("failed to load parser patterns : %v", err) 57 } 58 parsers.Povfwctx, err = Init(map[string]interface{}{"patterns": cConfig.Synsec.ConfigDir + string("/patterns/"), 59 "data": cConfig.Synsec.DataDir}) 60 if err != nil { 61 return parsers, fmt.Errorf("failed to load postovflw parser patterns : %v", err) 62 } 63 64 /* 65 Load enrichers 66 */ 67 log.Infof("Loading enrich plugins") 68 69 parsers.EnricherCtx, err = Loadplugin(cConfig.Synsec.DataDir) 70 if err != nil { 71 return parsers, fmt.Errorf("Failed to load enrich plugin : %v", err) 72 } 73 74 /* 75 Load the actual parsers 76 */ 77 78 log.Infof("Loading parsers %d stages", len(parsers.StageFiles)) 79 80 parsers.Nodes, err = LoadStages(parsers.StageFiles, parsers.Ctx, parsers.EnricherCtx) 81 if err != nil { 82 return parsers, fmt.Errorf("failed to load parser config : %v", err) 83 } 84 85 log.Infof("Loading postoverflow Parsers") 86 parsers.Povfwnodes, err = LoadStages(parsers.PovfwStageFiles, parsers.Povfwctx, parsers.EnricherCtx) 87 88 if err != nil { 89 return parsers, fmt.Errorf("failed to load postoverflow config : %v", err) 90 } 91 92 if cConfig.Prometheus != nil && cConfig.Prometheus.Enabled { 93 parsers.Ctx.Profiling = true 94 parsers.Povfwctx.Profiling = true 95 } 96 97 return parsers, nil 98 }