pan-os-syslog-0.1.0.0: Parse syslog traffic from PAN-OS

Safe Haskell	None
Language	Haskell2010

Panos.Syslog.Unsafe

Contents

Types
Decoding

Synopsis

data Log
- = LogTraffic !Traffic
- | LogThreat !Threat
- | LogSystem !System
- | LogOther
data Traffic = Traffic {
- message :: !ByteArray
- syslogHost :: !Bounds
- receiveTime :: !Datetime
- serialNumber :: !Bounds
- subtype :: !Bounds
- timeGenerated :: !Datetime
- sourceAddress :: !IP
- destinationAddress :: !IP
- natSourceIp :: !IP
- natDestinationIp :: !IP
- ruleName :: !Bounds
- sourceUser :: !Bounds
- destinationUser :: !Bounds
- application :: !Bounds
- virtualSystem :: !Bounds
- sourceZone :: !Bounds
- destinationZone :: !Bounds
- inboundInterface :: !Bounds
- outboundInterface :: !Bounds
- logAction :: !Bounds
- sessionId :: !Word64
- repeatCount :: !Word64
- sourcePort :: !Word16
- destinationPort :: !Word16
- natSourcePort :: !Word16
- natDestinationPort :: !Word16
- flags :: !Word32
- ipProtocol :: !Bounds
- action :: !Bounds
- bytes :: !Word64
- bytesSent :: !Word64
- bytesReceived :: !Word64
- packets :: !Word64
- startTime :: !Datetime
- elapsedTime :: !Word64
- category :: !Bounds
- sequenceNumber :: !Word64
- actionFlags :: !Word64
- sourceCountry :: !Bounds
- destinationCountry :: !Bounds
- packetsSent :: !Word64
- packetsReceived :: !Word64
- sessionEndReason :: !Bounds
- deviceGroupHierarchyLevel1 :: !Word64
- deviceGroupHierarchyLevel2 :: !Word64
- deviceGroupHierarchyLevel3 :: !Word64
- deviceGroupHierarchyLevel4 :: !Word64
- virtualSystemName :: !Bounds
- deviceName :: !Bounds
- actionSource :: !Bounds
}
data Threat = Threat {
- message :: !ByteArray
- syslogHost :: !Bounds
- receiveTime :: !Datetime
- serialNumber :: !Bounds
- subtype :: !Bounds
- timeGenerated :: !Datetime
- sourceAddress :: !IP
- destinationAddress :: !IP
- natSourceIp :: !IP
- natDestinationIp :: !IP
- ruleName :: !Bounds
- sourceUser :: !Bounds
- destinationUser :: !Bounds
- application :: !Bounds
- virtualSystem :: !Bounds
- sourceZone :: !Bounds
- destinationZone :: !Bounds
- inboundInterface :: !Bounds
- outboundInterface :: !Bounds
- logAction :: !Bounds
- sessionId :: !Word64
- repeatCount :: !Word64
- sourcePort :: !Word16
- destinationPort :: !Word16
- natSourcePort :: !Word16
- natDestinationPort :: !Word16
- action :: !Bounds
- ipProtocol :: !Bounds
- flags :: !Word32
- miscellaneousBounds :: !Bounds
- miscellaneousByteArray :: !ByteArray
- threatName :: !Bounds
- threatId :: !Word64
- category :: !Bounds
- severity :: !Bounds
- direction :: !Bounds
- sequenceNumber :: !Word64
- actionFlags :: !Word64
- sourceCountry :: !Bounds
- destinationCountry :: !Bounds
- contentType :: !Bounds
- pcapId :: !Word64
- fileDigest :: !Bounds
- cloud :: !Bounds
- urlIndex :: !Word64
- userAgentBounds :: !Bounds
- userAgentByteArray :: !ByteArray
- fileType :: !Bounds
- forwardedFor :: !Bounds
- referer :: !Bytes
- sender :: !Bytes
- subject :: !Bytes
- recipient :: !Bytes
- reportId :: !Bounds
- deviceGroupHierarchyLevel1 :: !Word64
- deviceGroupHierarchyLevel2 :: !Word64
- deviceGroupHierarchyLevel3 :: !Word64
- deviceGroupHierarchyLevel4 :: !Word64
- virtualSystemName :: !Bounds
- deviceName :: !Bounds
- httpMethod :: !Bounds
- tunnelId :: !Word64
- parentSessionId :: !Word64
- threatCategory :: !Bounds
- contentVersion :: !Bounds
- sctpAssociationId :: !Word64
- payloadProtocolId :: !Word64
- httpHeaders :: !Bytes
}
data System = System {
- message :: !ByteArray
- syslogHost :: !Bounds
- receiveTime :: !Datetime
- serialNumber :: !Bounds
- subtype :: !Bounds
- timeGenerated :: !Datetime
- virtualSystem :: !Bounds
- eventId :: !Bounds
- object :: !Bounds
- module_ :: !Bounds
- severity :: !Bounds
- descriptionBounds :: !Bounds
- descriptionByteArray :: !ByteArray
- sequenceNumber :: !Word64
- actionFlags :: !Word64
- deviceGroupHierarchyLevel1 :: !Word64
- deviceGroupHierarchyLevel2 :: !Word64
- deviceGroupHierarchyLevel3 :: !Word64
- deviceGroupHierarchyLevel4 :: !Word64
- virtualSystemName :: !Bounds
- deviceName :: !Bounds
}
newtype Field = Field UnmanagedBytes
data Bounds = Bounds !Int !Int
decode :: Bytes -> Either Field Log

Types

data Log Source #

Sum that represents all known PAN-OS syslog types. Use decode to parse a byte sequence into a structured log.

Constructors

LogTraffic !Traffic
LogThreat !Threat
LogSystem !System
LogOther

data Traffic Source #

A PAN-OS traffic log. Read-only accessors are found in Panos.Syslog.Traffic.

Constructors

Fields

data Threat Source #

A PAN-OS threat log. Read-only accessors are found in Panos.Syslog.Threat.

Constructors

Fields

data System Source #

A PAN-OS system log. Read-only accessors are found in Panos.Syslog.System.

Constructors

Fields

message :: !ByteArray
syslogHost :: !Bounds
receiveTime :: !Datetime
serialNumber :: !Bounds
subtype :: !Bounds
timeGenerated :: !Datetime
virtualSystem :: !Bounds
eventId :: !Bounds
object :: !Bounds
module_ :: !Bounds
severity :: !Bounds
descriptionBounds :: !Bounds
descriptionByteArray :: !ByteArray
sequenceNumber :: !Word64
actionFlags :: !Word64
deviceGroupHierarchyLevel1 :: !Word64
deviceGroupHierarchyLevel2 :: !Word64
deviceGroupHierarchyLevel3 :: !Word64
deviceGroupHierarchyLevel4 :: !Word64
virtualSystemName :: !Bounds
deviceName :: !Bounds

newtype Field Source #

The field that was being parsed when a parse failure occurred. This is typically for useful for libary developers, but to present it to the end user, call show or throwIO.

Constructors

Field UnmanagedBytes

Instances

Show Field Source #
Instance details Defined in Panos.Syslog.Unsafe Methods showsPrec :: Int -> Field -> ShowS # show :: Field -> String # showList :: [Field] -> ShowS #
Exception Field Source #
Instance details Defined in Panos.Syslog.Unsafe Methods toException :: Field -> SomeException # fromException :: SomeException -> Maybe Field # displayException :: Field -> String #

data Bounds Source #

Constructors

Bounds !Int !Int

Decoding

decode :: Bytes -> Either Field Log Source #

Decode a PAN-OS syslog message of an unknown type.