forked from solzimer/nsyslog-parser
-
Notifications
You must be signed in to change notification settings - Fork 0
/
cef.js
122 lines (113 loc) · 2.21 KB
/
cef.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
const FRX = /[a-zA-Z][a-zA-Z0-9]+=/;
const CEP_FIELDS = [
"version",
"deviceVendor",
"deviceProduct",
"deviceVersion",
"deviceEventClassID",
"name",
"severity",
"extension"
]
function splitHeaders(text) {
var arr = [], map = {};
var scape = false;
var fields = 7;
var curr = "";
text.split("").forEach(ch=>{
if(!fields) {
curr += ch;
}
else {
if(ch=="|") {
if(scape) {
scape = false;
curr += ch;
}
else {
arr.push(curr);
curr = "";
fields--;
}
}
else if(ch=="\\" && !scape) {
scape = true;
}
else {
scape = false;
curr += ch;
}
}
});
if(curr.length)
arr.push(curr);
CEP_FIELDS.forEach((f,i)=>map[f]=arr[i]);
return map;
}
function splitFields(msg) {
var map = {};
var scape = false;
var key = "";
var nextKey = "";
var curr = "";
msg.split("").forEach(ch=>{
if(ch=="=") {
if(scape ||
// false positive where our "=" has not been preceded by a space, this is likely meant to be escaped = (unless this is the first key)
(nextKey === curr) && Object.keys(map).length > 0) {
// Escape this = and treat it like any other character
scape = false;
curr += ch;
nextKey += ch;
}
else {
// The equals isn't escaped, so add the previous key value to the map
if (key) {
map[key] = curr.slice(0, curr.length - nextKey.length - 1);
}
// Now prepare for the next key value
key = nextKey;
curr = "";
nextKey = "";
}
}
else if(ch=="\\" && !scape) {
// This is the escape character, so flag the next character to be escaped
scape = true;
}
else if(ch==" ") {
scape = false;
curr += ch;
// reset the next possible key as we've seen a space
nextKey = "";
}
else if(ch=="n" && scape) {
scape = false;
curr += "\n";
}
else if(ch=="r" && scape) {
scape = false;
curr += "\n";
}
else {
scape = false;
// add the character to the possible key and current value
curr += ch;
nextKey += ch;
}
});
if(key && curr) {
map[key] = curr;
}
return map;
}
module.exports = {
parse(text) {
var headers = splitHeaders(text);
var fields = splitFields(headers.extension || "");
return {
headers : headers,
fields : fields
}
}
}