-- Hoogle documentation, generated by Haddock
-- See Hoogle, http://www.haskell.org/hoogle/
-- | Decode RFC 3164 and RFC 5424 syslog message formats
--
-- Decode syslog messages that were formatted using RFC 3164 (BSD-syslog)
-- or RFC 5424 (IETF-syslog).
@package syslog
@version 0.1.0.0
-- | Parse RFC 3164 messages. For example:
--
--
-- <133>Feb 25 14:09:07 webserver syslogd: restart
-- <0>Oct 22 10:52:01 scapegoat.dmz.example.org sched[0]: That's All Folks!
--
--
-- This library assumes that the TAG field described by section
-- 5.3 of RFC 3164 is a process name. It also assumes that the optional
-- bracketed number that follows it is a process id. This library also
-- addresses three common extensions to RFC 3164:
--
--
-- - Some vendors include a year after the timestamp. For example:
-- 14Oct 15 11:14:59 2019 example.com .... When present,
-- the year is parsed and provided to the user.
-- - Some vendors include a priority that preceeds the process name.
-- For example: 133Aug 10 09:05:14 my-host notice tmsh[4726]:
-- .... The Linux man page for syslog.conf lists these
-- options for priority: debug, info, notice,
-- warning, warn, err, error,
-- crit, alert, emerg, panic. If a
-- process name begins with any of these keywords (followed by a space),
-- the keyword and the trailing space are removed from the process name,
-- and the keyword is made available in the priority field.
-- - Cisco ASAs omit the hostname sometimes. This is totally bizarre
-- and leads to messages that looks like: 190Jun 08 2022
-- 14:46:28: message. In this case, the hostname is set to the empty
-- string.
--
module Syslog.Bsd
data Message
Message :: !Word32 -> !Timestamp -> {-# UNPACK #-} !Bytes -> !Maybe Process -> {-# UNPACK #-} !Bytes -> Message
[$sel:priority:Message] :: Message -> !Word32
[$sel:timestamp:Message] :: Message -> !Timestamp
[$sel:hostname:Message] :: Message -> {-# UNPACK #-} !Bytes
[$sel:process:Message] :: Message -> !Maybe Process
[$sel:message:Message] :: Message -> {-# UNPACK #-} !Bytes
data Process
Process :: {-# UNPACK #-} !Bytes -> {-# UNPACK #-} !Bytes -> {-# UNPACK #-} !Maybe -> Process
-- | Priority is nonstandard. This field is the empty byte sequence when
-- the priority is not present.
[$sel:priority:Process] :: Process -> {-# UNPACK #-} !Bytes
[$sel:name:Process] :: Process -> {-# UNPACK #-} !Bytes
[$sel:id:Process] :: Process -> {-# UNPACK #-} !Maybe
data Timestamp
Timestamp :: !Month -> !DayOfMonth -> !Word8 -> !Word8 -> !Word8 -> {-# UNPACK #-} !Maybe -> Timestamp
[$sel:month:Timestamp] :: Timestamp -> !Month
[$sel:day:Timestamp] :: Timestamp -> !DayOfMonth
[$sel:hour:Timestamp] :: Timestamp -> !Word8
[$sel:minute:Timestamp] :: Timestamp -> !Word8
[$sel:second:Timestamp] :: Timestamp -> !Word8
-- | Section 5.1 of RFC 3164 notes that some software appends a
-- four-character year after the time of day. Since hostnames cannot
-- start with digits, we can parse this unambiguously. We extend RFC 3164
-- to handle these nonstandard years.
[$sel:year:Timestamp] :: Timestamp -> {-# UNPACK #-} !Maybe
-- | Run the RFC 3164 parser. See parser.
decode :: Bytes -> Maybe Message
-- | Parse a RFC 3164 message. Note that this is just
-- takePriority, takeTimestamp, takeHostname, and
-- takeProcess@ called in sequence, followed by skipping whitespace
-- and then treating the remaining input as the original message.
parser :: Parser () s Message
-- | Consume the angle-bracketed priority. RFC 3164 does not allow a space
-- to follow the priority, so this does not consume a trailing space.
takePriority :: e -> Parser e s Word32
-- | Consume the timestamp and the trailing space character if a trailing
-- space exists. Returns the parsed timestamp. This allows two extensions
-- to the RFC 3164 datetime format. The year may be present either right
-- after the day of the month or after the time of day.
takeTimestamp :: e -> Parser e s Timestamp
-- | Consume the hostname and the space that follows it. Returns the
-- hostname.
takeHostname :: e -> Parser e s Bytes
-- | Take the process name and the process id and consume the colon that
-- follows them. Does not consume any space after the colon.
takeProcess :: e -> Parser e s Process
instance GHC.Show.Show Syslog.Bsd.Timestamp
instance GHC.Show.Show Syslog.Bsd.Process
instance GHC.Show.Show Syslog.Bsd.Message
-- | Parse RFC 5424 messages. For example (from the spec itself):
--
--
-- <165>1 2003-10-11T22:14:15.003Z mymachine.example.com
-- evntslog - ID47 [exampleSDID@32473 iut="3" eventSource="Application"
-- eventID="1011"] BOMAn application event log entry...
--
module Syslog.Ietf
data Message
Message :: !Word32 -> !Word32 -> !OffsetDatetime -> {-# UNPACK #-} !Bytes -> {-# UNPACK #-} !Bytes -> {-# UNPACK #-} !Maybe -> {-# UNPACK #-} !Bytes -> {-# UNPACK #-} !SmallArray Element -> {-# UNPACK #-} !Bytes -> Message
[$sel:priority:Message] :: Message -> !Word32
[$sel:version:Message] :: Message -> !Word32
[$sel:timestamp:Message] :: Message -> !OffsetDatetime
[$sel:hostname:Message] :: Message -> {-# UNPACK #-} !Bytes
[$sel:application:Message] :: Message -> {-# UNPACK #-} !Bytes
[$sel:processId:Message] :: Message -> {-# UNPACK #-} !Maybe
-- | A missing message type, represented as a hyphen in IETF-flavor syslog,
-- is represented by the empty byte sequence.
[$sel:messageType:Message] :: Message -> {-# UNPACK #-} !Bytes
[$sel:structuredData:Message] :: Message -> {-# UNPACK #-} !SmallArray Element
[$sel:message:Message] :: Message -> {-# UNPACK #-} !Bytes
data Element
Element :: {-# UNPACK #-} !Bytes -> {-# UNPACK #-} !SmallArray Parameter -> Element
[$sel:id:Element] :: Element -> {-# UNPACK #-} !Bytes
[$sel:parameters:Element] :: Element -> {-# UNPACK #-} !SmallArray Parameter
data Parameter
Parameter :: {-# UNPACK #-} !Bytes -> {-# UNPACK #-} !Bytes -> Parameter
[$sel:name:Parameter] :: Parameter -> {-# UNPACK #-} !Bytes
[$sel:value:Parameter] :: Parameter -> {-# UNPACK #-} !Bytes
-- | Run the RFC 5424 parser. See parser.
decode :: Bytes -> Maybe Message
-- | Parse a RFC 5424 message.
parser :: Parser () s Message
instance GHC.Show.Show Syslog.Ietf.Parameter
instance GHC.Show.Show Syslog.Ietf.Element
instance GHC.Show.Show Syslog.Ietf.Message