github.com/crowdsecurity/crowdsec@v1.6.1/cmd/crowdsec/parse.go (about) 1 package main 2 3 import ( 4 "time" 5 6 "github.com/prometheus/client_golang/prometheus" 7 log "github.com/sirupsen/logrus" 8 9 "github.com/crowdsecurity/crowdsec/pkg/parser" 10 "github.com/crowdsecurity/crowdsec/pkg/types" 11 ) 12 13 func runParse(input chan types.Event, output chan types.Event, parserCTX parser.UnixParserCtx, nodes []parser.Node) error { 14 LOOP: 15 for { 16 select { 17 case <-parsersTomb.Dying(): 18 log.Infof("Killing parser routines") 19 break LOOP 20 case event := <-input: 21 if !event.Process { 22 continue 23 } 24 /*Application security engine is going to generate 2 events: 25 - one that is treated as a log and can go to scenarios 26 - another one that will go directly to LAPI*/ 27 if event.Type == types.APPSEC { 28 outputEventChan <- event 29 continue 30 } 31 if event.Line.Module == "" { 32 log.Errorf("empty event.Line.Module field, the acquisition module must set it ! : %+v", event.Line) 33 continue 34 } 35 globalParserHits.With(prometheus.Labels{"source": event.Line.Src, "type": event.Line.Module}).Inc() 36 37 startParsing := time.Now() 38 /* parse the log using magic */ 39 parsed, err := parser.Parse(parserCTX, event, nodes) 40 if err != nil { 41 log.Errorf("failed parsing : %v\n", err) 42 } 43 elapsed := time.Since(startParsing) 44 globalParsingHistogram.With(prometheus.Labels{"source": event.Line.Src, "type": event.Line.Module}).Observe(elapsed.Seconds()) 45 if !parsed.Process { 46 globalParserHitsKo.With(prometheus.Labels{"source": event.Line.Src, "type": event.Line.Module}).Inc() 47 log.Debugf("Discarding line %+v", parsed) 48 continue 49 } 50 globalParserHitsOk.With(prometheus.Labels{"source": event.Line.Src, "type": event.Line.Module}).Inc() 51 if parsed.Whitelisted { 52 log.Debugf("event whitelisted, discard") 53 continue 54 } 55 output <- parsed 56 } 57 } 58 59 return nil 60 }