NeoboxLogParser.java example

Explorer
kraken-master
/*
 * Copyright 2012 Future Systems
 * 
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * 
 * http://www.apache.org/licenses/LICENSE-2.0
 * 
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.krakenapps.logparser.syslog.xnsystems;

import java.util.Map;

import org.krakenapps.log.api.LogParser;
import org.krakenapps.logparser.syslog.internal.KeyValueParser;

public class NeoboxLogParser implements LogParser {
	@Override
	public Map<String, Object> parse(Map<String, Object> params) {
		Map<String, Object> m = KeyValueParser.parse((String) params.get("line"));
		if (m == null)
			return null;

		String xnid = (String) m.get("xnid");
		String msg = (String) m.get("msg");
		char c1 = xnid.charAt(0);
		char c2 = xnid.charAt(1);

		if (c1 == '0') {
			// web filtering
			if (c2 == '1') {
				m.put("policy_type", extract(msg, "policy_type"));
				m.put("policy_action", extract(msg, "policy_action"));
				m.put("src", extract(msg, "src"));
				m.put("src_port", Integer.valueOf(extract(msg, "src_port")));
				m.put("dst", extract(msg, "dst"));
				m.put("dst_port", Integer.valueOf(extract(msg, "dst_port")));
				m.put("url", extract(msg, "url"));
				m.remove("msg");
			}
			// firewall
			else if (c2 == '2') {
				m.put("policy_type", extract(msg, "policy_type"));
				m.put("policy_action", extract(msg, "policy_action"));
				m.put("in", extract(msg, "in"));
				m.put("src", extract(msg, "src"));
				m.put("src_port", Integer.valueOf(extract(msg, "src_port")));
				m.put("dst", extract(msg, "dst"));
				m.put("dst_port", Integer.valueOf(extract(msg, "dst_port")));
				m.put("proto", extract(msg, "proto"));
				m.remove("msg");
			}
			// ips
			else if (c2 == '3') {
				m.put("policy_type", extract(msg, "policy_type"));
				m.put("policy_action", extract(msg, "policy_action"));
				m.put("in", extract(msg, "in"));
				m.put("src", extract(msg, "src"));
				m.put("src_port", Integer.valueOf(extract(msg, "src_port")));
				m.put("dst", extract(msg, "dst"));
				m.put("dst_port", Integer.valueOf(extract(msg, "dst_port")));
				m.put("proto", extract(msg, "proto"));
				m.put("sid", extract(msg, "sid"));
				m.put("smsg", msg.substring(msg.indexOf("smsg=") + "smsg=".length()));
				m.remove("msg");
			}
			// dos
			else if (c2 == '4') {
				m.put("policy_type", extract(msg, "policy_type"));
				m.put("policy_action", extract(msg, "policy_action"));
				m.put("in", extract(msg, "in"));
				m.put("src", extract(msg, "src"));
				m.put("src_port", Integer.valueOf(extract(msg, "src_port")));
				m.put("dst", extract(msg, "dst"));
				m.put("dst_port", Integer.valueOf(extract(msg, "dst_port")));
				m.put("proto", extract(msg, "proto"));
				m.put("reason", msg.substring(msg.indexOf("reason=") + "reason=".length()));
				m.remove("msg");
			}
			// event
			else if (c2 == '5') {
				// do nothing
			}

		}

		return m;
	}

	private String extract(String msg, String key) {
		int begin = msg.indexOf(key);
		if (begin < 0)
			return null;

		int end = msg.indexOf(' ', begin + key.length());
		if (end < 0)
			return msg.substring(begin + key.length() + 1);

		return msg.substring(begin + key.length() + 1, end);
	}
}