0.1.5 • Published 11 years ago

unified2 v0.1.5

Weekly downloads
3
License
-
Repository
github
Last release
11 years ago

Unified2

A small library for unified2 parsing in node.js.

Installation

$ npm install unified2

Usage

Example

var unified2 = require('unified2');
parser = new unified2unified2.Parser('unified2.alert.14560142132', { offset: 0 });

parser.on('data', function(data) {
  // event data...
});

parser.on('error', function(error) {
  // error
});

parser.on('rollover', function() {
  // triggered when a rollover is detected (the file shrinks in size)
});

parser.on('end', function(data) {
  // triggered when parser ends (e.g., out of data)
});

parser.run()

Tailing a file

It is often useful to wait for more data as the file is being written, e.g. by a Snort sensor.

Simply pass tail: true in the options for the parser to wait for more logs, e.g.:

var unified2 = require('unified2');
parser = new unified2unified2.Parser('unified2.alert.14560142132', { offset: 0, tail: true });
...
parser.run();

To stop the parser, you can do parser.stop() which will trigger an end event.

Debug logging

pass in DEBUG=unified2 as an environment variable to turn on debug logging.

Is it fast? This is javascript after all.

Pretty fast! IO is async too, so by parallelizing parsers you can increase performance.

Here's reading ~4.6 MB and writing parsed objects (~34MB) to stdout.

unified2 (master*) $ time node tests/test.js > /tmp/test.js.output                                                                                                                                                                ~/src/unified2
node tests/test.js > /tmp/test.js  12.16s user 0.84s system 103% cpu 12.621 total

License

Copyright (C) 2013 Threat Stack, Inc (https://www.threatstack.com)

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.

ref-structrefref-unionref-arrayipdebugpcap
@everything-registry/sub-chunk-3012pigsty
0.1.5

11 years ago

0.1.4

11 years ago

0.1.3

11 years ago

0.1.2

11 years ago

0.1.1

11 years ago

0.1.0

11 years ago