parsuri

package module

v0.1.1 Latest Latest Go to latest Published: Apr 17, 2025 License: BSD-3-Clause Imports: 12 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/yunginnanet/parsuri

Links

Open Source Insights

README ¶

parsuri

parsuri is a Go library to parse suricata eve.json files with proper marshaling.

Example

package main

import (
	"github.com/yunginnanet/parsuri"
	"log"
)

func main() {
	loader := parsuri.NewLoader()

	// Load the eve.json file asynchronously
	if err := loader.LoadOneFile("eve.json"); err != nil {
		log.Fatal(err)
	}

	// Range over the events and print dns answers to stdout
	for loader.More() {
		if err := loader.Err(); err != nil {
			log.Fatal(err)
		}
		event := loader.Event()
		if event.DNS != nil && !event.DNS.Empty() && event.DNS.Type == "answer" {
			log.Println(event.DNS)
		}
	}

	if err := loader.Err(); err != nil {
		log.Fatal(err)
	}
}

Credit

This is a rewrite of surevego.

License

BSD-3 Copyright (c) 2017 Robert Haist
BSD-3 Copyright (c) 2025 yunginnanet

Documentation ¶

Examples ¶

NewLoader

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Loader ¶

type Loader struct {
	// contains filtered or unexported fields
}

Loader is a struct that loads events from a file or stream asynchronously into a queue.

func NewLoader ¶

func NewLoader() *Loader

Example ¶

loader := NewLoader()

// Load the eve.json file asynchronously
if err := loader.LoadOneFile("pathto/eve.json"); err != nil {
	log.Fatal(err)
}

// Range over the events and print dns answers to stdout
for loader.More() {
	if err := loader.Err(); err != nil {
		log.Fatal(err)
	}
	event := loader.Event()
	if !event.DNS.Empty() && event.DNS.Type == "answer" {
		log.Println(event.DNS)
	}
}

if err := loader.Err(); err != nil {
	log.Fatal(err)
}

func (*Loader) Close ¶ added in v0.1.0

func (l *Loader) Close() error

Close closes the loader and prevents further processing. This will cause Loader.More to return false.

func (*Loader) Err ¶

func (l *Loader) Err() error

Err clears the error slice and returns a single error.

func (*Loader) Event ¶

func (l *Loader) Event() events.EveEvent

Event removes and returns the next events.EveEvent from the queue.

func (*Loader) LoadFile ¶

func (l *Loader) LoadFile(path string) error

LoadFile loads a file, parses it, and closes it asynchronously. It does NOT call Loader.Close when finished, so Loader.More will return true.

func (*Loader) LoadOneFile ¶ added in v0.1.0

func (l *Loader) LoadOneFile(path string) error

LoadOneFile loads a file, parses it, and closes it asynchronously. It also calls Loader.Close when finished, causing Loader.More to return false.

func (*Loader) LoadSTDIN ¶ added in v0.1.0

func (l *Loader) LoadSTDIN()

LoadSTDIN loads from stdin and parses it asynchronously. It does NOT call Loader.Close when finished, so Loader.More will return true.

func (*Loader) More ¶

func (l *Loader) More() bool

More returns true if there are more events to process.

func (*Loader) Parse ¶ added in v0.1.0

func (l *Loader) Parse(r io.Reader)

Parse parses the input stream synchronously.

func (*Loader) ParseAndCloseAsync ¶ added in v0.1.0

func (l *Loader) ParseAndCloseAsync(r io.ReadCloser)

ParseAndCloseAsync parses the input stream and closes it asynchronously. It also calls Loader.Close when finished, causing Loader.More to return false.

func (*Loader) ParseAsync ¶ added in v0.1.0

func (l *Loader) ParseAsync(r io.Reader)

ParseAsync parses the input stream asynchronously.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
buffer
events

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL