/// <summary>Creates syslog parser for SIEMfx. Adds specific keyword and pattern-based extractors to default parser. </summary> /// <returns></returns> public static SyslogParser CreateSIEMfxSyslogParser() { var parser = SyslogParser.CreateDefault(); parser.AddValueExtractors(new KeywordValuesExtractor(), new PatternBasedValuesExtractor()); return(parser); }
public SyslogFileReader(string fileName, IOutput output, params string[] queries) : base(output, queries) { _fileName = fileName; _eventStream = new Observable <IDictionary <string, object> >(); // Setting up syslog parser _syslogParser = SyslogParser.CreateDefault(); _syslogParser.AddValueExtractors(new SyslogKeywordValuesExtractor(), new SyslogPatternBasedValuesExtractor()); _syslogEntryCount = 0; }
public override bool Start() { // Setting up pipeline if (!Start(_eventStream, "syslogserver", true)) { return(false); } // Set up for listening on port IPAddress localIp = null; if (!string.IsNullOrEmpty(_adapterName)) { localIp = GetLocalIp(_adapterName); } else { localIp = IPAddress.IPv6Any; } var endPoint = new IPEndPoint(localIp, _udpport); var PortListener = new UdpClient(AddressFamily.InterNetworkV6); PortListener.Client.DualMode = true; PortListener.Client.Bind(endPoint); PortListener.Client.ReceiveBufferSize = 10 * 1024 * 1024; // Setting up syslog parser var parser = SyslogParser.CreateDefault(); parser.AddValueExtractors(new SyslogKeywordValuesExtractor(), new SyslogPatternBasedValuesExtractor()); // Setting up syslog listener var listener = new SyslogListener(parser, PortListener); listener.Error += Listener_Error; listener.EntryReceived += Listener_EntryReceived; listener.Subscribe(ConvertToDictionary); listener.Start(); return(true); }