parsuri

package module
v0.1.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 4, 2025 License: BSD-3-Clause Imports: 12 Imported by: 0

README

parsuri

GoDoc codecov

parsuri is a Go library to parse suricata eve.json files with proper marshaling.

Example
package main

import (
	"github.com/yunginnanet/parsuri"
	"log"
)

func main() {
	loader := parsuri.NewLoader()

	// Load the eve.json file asynchronously
	if err := loader.LoadOneFile("eve.json"); err != nil {
		log.Fatal(err)
	}

	// Range over the events and print dns answers to stdout
	for loader.More() {
		if err := loader.Err(); err != nil {
			log.Fatal(err)
		}
		event := loader.Event()
		if event.DNS != nil && !event.DNS.Empty() && event.DNS.Type == "answer" {
			log.Println(event.DNS)
		}
	}

	if err := loader.Err(); err != nil {
		log.Fatal(err)
	}
}
Credit

This is a rewrite of surevego.

License

  • BSD-3 Copyright (c) 2017 Robert Haist

  • BSD-3 Copyright (c) 2025 yunginnanet

Documentation

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Loader 

type Loader struct {
	// contains filtered or unexported fields
}

Loader is a struct that loads events from a file or stream asynchronously into a queue.

func NewLoader 

func NewLoader() *Loader

func (*Loader) Close added in v0.1.0 

func (l *Loader) Close() error

Close closes the loader and prevents further processing. This will cause Loader.More to return false.

func (*Loader) Err 

func (l *Loader) Err() error

Err clears the error slice and returns a single error.

func (*Loader) Event 

func (l *Loader) Event() events.EveEvent

Event removes and returns the next events.EveEvent from the queue.

func (*Loader) LoadFile 

func (l *Loader) LoadFile(path string) error

LoadFile loads a file, parses it, and closes it asynchronously. does NOT call Loader.Close when finished, Loader.More will return true until the Loader is explicitly closed.

Example 
loader := NewLoader()

var errs = make(chan error, 3)
var wg sync.WaitGroup
wg.Add(3)

go func() {
	time.Sleep(100 * time.Millisecond)
	// use LoadFile instead of LoadOneFile
	errs <- loader.LoadFile("pathto/eve1.json")
	wg.Done()
}()

go func() {
	time.Sleep(300 * time.Millisecond)
	// use LoadFile instead of LoadOneFile
	errs <- loader.LoadFile("pathto/eve2.json")
	wg.Done()
}()

go func() {
	time.Sleep(600 * time.Millisecond)
	// use LoadFile instead of LoadOneFile
	errs <- loader.LoadFile("pathto/eve3.json")
	wg.Done()
}()

go func() {
	wg.Wait()
	close(errs)
	_ = loader.Close()
}()

var err error
for e := range errs {
	err = errors.Join(err, e)
}

if err != nil {
	log.Println("incomplete load with errors: ", err.Error())
}

for loader.More() {
	if err = loader.Err(); err != nil {
		log.Println("error processing data:", err.Error())
		break
	}
	log.Println(loader.Event())
}

func (*Loader) LoadOneFile added in v0.1.0 

func (l *Loader) LoadOneFile(path string) error

LoadOneFile loads a file, parses it, and closes it asynchronously. It also calls Loader.Close when finished, causing Loader.More to return false.

Example 
loader := NewLoader()

// Load the eve.json file asynchronously
if err := loader.LoadOneFile("pathto/eve.json"); err != nil {
	log.Fatal(err)
}

// Range over the events and print dns answers to stdout
for loader.More() {
	if err := loader.Err(); err != nil {
		log.Fatal(err)
	}

	event := loader.Event()

	if event.DNS == nil || event.DNS.Empty() {
		continue
	}

	if event.DNS.Type == "answer" {
		log.Println(event.DNS)
	}
}

if err := loader.Err(); err != nil {
	log.Fatal(err)
}

func (*Loader) LoadSTDIN added in v0.1.0 

func (l *Loader) LoadSTDIN()

LoadSTDIN loads from stdin and parses it asynchronously. It does NOT call Loader.Close when finished, so Loader.More will return true.

func (*Loader) More 

func (l *Loader) More() bool

More returns true if there are more events to process.

func (*Loader) ParseAndCloseAsync added in v0.1.0 

func (l *Loader) ParseAndCloseAsync(r io.ReadCloser)

ParseAndCloseAsync parses the input stream and closes it asynchronously. It also calls Loader.Close when finished, causing Loader.More to return false.

func (*Loader) Scan added in v0.1.2 

func (l *Loader) Scan(r io.Reader)

Scan parses the input stream synchronously.

Source Files

View all Source files

Directories

Path Synopsis
pkg
buffer
events
protocol

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.