Python CEF Parsing for Lizard People
Pourover is the only chemicaly-altered CEF Log Parsing library for Python, ideal for consumption by Lizard People.
Some stuff we can do:
from datetime import datetime import pourover # Create log objects from a file log = pourover.parse_file('test.log') # useful properties like linecount and start_time if log.linecount > 10: if log.has_syslog_prefix and log.start_time > datetime(year=2018, month=4, day=20): # perform some operations pass else: # perform some operations on a logfile that doesn't have syslog prefixes pass else: # perform some operations on a really small log pass # Find messages with a certain value in the header search_results = log.search_headers('Specific Vendor') for message in log: # iterate through each message in the log like you'd expect to be able to pass # Logs can be indexed/sliced in the way you'd expect first_message = log last_message = log[-1] # Create message objects from a string message = pourover.parse_line('Apr 15 22:11:20 testhost CEF:0|Test Vendor|Test Product|Test Version|100|Test Name|100|src=184.108.40.206 dst=220.127.116.11') if message.has_syslog_prefix: if message.timestamp > datetime(year=2018, month=4, day=20): # perform an operation on logs from later than April 20th, 2018 pass if 'src' in message.extensions: # do something if it's got an extension called 'src' pass if message.device_vendor == 'Some Vendor': # do something if the vendor is Some Vendor pass # stick this message right onto that log (it'll even order the messages by timestamp - wow!) log.append(message)
To install Pourover, simply run
$ pip install pourover ✨🐊✨
Get in Touch :snake:
If you’ve found a Bug or would like to make a feature request, please see the Contributing section above, thanks!
If you’d like to reach out, shoot me an email at firstname.lastname@example.org.
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
|Filename, size & hash SHA256 hash help||File type||Python version||Upload date|
|pourover-0.1b6-py2.py3-none-any.whl (17.9 kB) Copy SHA256 hash SHA256||Wheel||py2.py3||May 12, 2018|
|pourover-0.1b6.tar.gz (13.3 kB) Copy SHA256 hash SHA256||Source||None||May 12, 2018|