/// <summary>Creates syslog parser for SIEMfx. Adds specific keyword and pattern-based extractors to default parser. </summary>
/// <returns></returns>
public static SyslogParser CreateSIEMfxSyslogParser()
{
var parser = SyslogParser.CreateDefault();
parser.AddValueExtractors(new KeywordValuesExtractor(), new PatternBasedValuesExtractor());
return(parser);
}
public SyslogFileReader(string fileName, IOutput output, params string[] queries)
: base(output, queries)
{
_fileName = fileName;
_eventStream = new Observable <IDictionary <string, object> >();
// Setting up syslog parser
_syslogParser = SyslogParser.CreateDefault();
_syslogParser.AddValueExtractors(new SyslogKeywordValuesExtractor(), new SyslogPatternBasedValuesExtractor());
_syslogEntryCount = 0;
}
public override bool Start()
{
// Setting up pipeline
if (!Start(_eventStream, "syslogserver", true))
{
return(false);
}
// Set up for listening on port
IPAddress localIp = null;
if (!string.IsNullOrEmpty(_adapterName))
{
localIp = GetLocalIp(_adapterName);
}
else
{
localIp = IPAddress.IPv6Any;
}
var endPoint = new IPEndPoint(localIp, _udpport);
var PortListener = new UdpClient(AddressFamily.InterNetworkV6);
PortListener.Client.DualMode = true;
PortListener.Client.Bind(endPoint);
PortListener.Client.ReceiveBufferSize = 10 * 1024 * 1024;
// Setting up syslog parser
var parser = SyslogParser.CreateDefault();
parser.AddValueExtractors(new SyslogKeywordValuesExtractor(), new SyslogPatternBasedValuesExtractor());
// Setting up syslog listener
var listener = new SyslogListener(parser, PortListener);
listener.Error += Listener_Error;
listener.EntryReceived += Listener_EntryReceived;
listener.Subscribe(ConvertToDictionary);
listener.Start();
return(true);
}
