Python CEF Parsing for Lizard People
Pourover is the only chemicaly-altered CEF Log Parsing library for Python, ideal for consumption by Lizard People.
Some stuff we can do:
from datetime import datetime import pourover # Create log objects from a file log = pourover.parse_file('test.log') # check the length pythonically - expose useful properties if len(log) > 10: if log.has_syslog_prefix and log.start_time > datetime(year=2018, month=4, day=20): # perform some operations pass else: # perform some operations on a logfile that doesn't have syslog prefixes pass else: # perform some operations on a really small log pass # Find messages with a certain value in the header search_results = log.search_headers('Specific Vendor') for message in log: # iterate through each message in the log like you'd expect to be able to pass # Logs can be indexed/sliced in the way you'd expect first_message = log last_message = log[-1] # Create message objects from a string message = pourover.parse_line('Apr 15 22:11:20 testhost CEF:0|Test Vendor|Test Product|Test Version|100|Test Name|100|src=22.214.171.124 dst=126.96.36.199') if message.has_syslog_prefix: if message.timestamp > datetime(year=2018, month=4, day=20): # perform an operation on logs from later than April 20th, 2018 pass if 'src' in message.extensions: # do something if it's got an extension called 'src' pass if message.device_vendor == 'Some Vendor': # do something if the vendor is Some Vendor pass # stick this message right onto that log (it'll even order the messages by timestamp - wow!) log.append(message)
To install Pourover, simply run
$ pip install pourover ✨🐊✨
Get in Touch :snake:
If you’ve found a Bug or would like to make a feature request, please see the Contributing section above, thanks!
If you’d like to reach out, shoot me an email at email@example.com.
Release history Release notifications
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
|Filename, size & hash SHA256 hash help||File type||Python version||Upload date|
|pourover-0.1b8-py2.py3-none-any.whl (15.2 kB) Copy SHA256 hash SHA256||Wheel||py2.py3|
|pourover-0.1b8.tar.gz (15.1 kB) Copy SHA256 hash SHA256||Source||None|