pan-os-syslog: Parse syslog traffic from PAN-OS
Parse syslog traffic from PAN-OS. The data types in this library are optimized for decoding logs, not for creating them. On consumer-grade hardware, the benchmark suite demonstrates that 500-byte traffic logs are parsed in under one microsecond. Contributions are welcome. This project's goals are:
Support as many PAN-OS syslog types as possible: traffic, threat, hip-match, etc.
Support as many versions of PAN-OS as possible: 8.0, 8.1, 9.0, etc.
High performance. This library strives to avoid unneeded allocations. Some allocations cannot be avoided. For example, it is necessary to allocate space for the results.
Do a minimum amount of useful work on each field. The reasoning is that users will typically discard most of the fields, so there is no point wasting clock cycles doing unneeded work. Its hard to define what this is precisely. Roughly, the rule this library follows is that integral fields are parsed as
Word64, and non-integral fields are
Bytes. This library does not attempt to validate hostnames, URIs, etc.
A good way to think about this library is that it is kind of like a tokenizer. It is the first step when parsing PAN-OS logs into some application-specific data type. There almost certainly needs to be a second step to decodes fields that are actually of interest to an application. This second step may involve validating URIs, splitting the user domain and user name, etc.
|Dependencies||base (>=184.108.40.206 && <5), byteslice (>=0.1.3 && <0.3), bytesmith (>=0.3.1 && <0.4), chronos (>=1.0.6 && <1.1), ip (>=1.6 && <1.8), primitive (>=0.7 && <0.8), primitive-addr (>=0.1.0.2 && <2), run-st (>=0.1 && <0.2) [details]|
|Copyright||2019 Layer 3 Communications|
|Source repo||head: git clone git://github.com/layer-3-communications/pan-os-syslog.git|
|Uploaded||by andrewthad at 2020-01-15T16:43:51Z|
|Downloads||407 total (5 in the last 30 days)|
|Rating||(no votes yet) [estimated by Bayesian average]|
|Status||Docs available [build log]
Last success reported on 2020-01-15 [all 1 reports]