com.github.jcustenborder.netty:palo-alto-syslog-parser

Release 0.1.7

A pom for deploying to maven central.

Homepage Maven Java Download

Keywords
netty, palo-alto-networks, syslog
License
Apache-2.0

Documentation

Maven Central

Introduction

This project provides an extended MessageToMessageDecoder to process syslog messages received by netty-codec-syslog. This works by receiving RFC3164Messages and parsing the message portion of the RFC3164Message into the proper PaloAltoMessage. To use this library you will need to have an understanding of Netty.

Usage

Add the message encoder to the existing pipeline.

    ServerBootstrap b = new ServerBootstrap(); // (2)
    b.group(bossGroup, workerGroup)
        .channel(NioServerSocketChannel.class) // (3)
        .childHandler(new ChannelInitializer<SocketChannel>() { // (4)
          @Override
          public void initChannel(SocketChannel ch) throws Exception {
            ch.pipeline().addLast(
                new LoggingHandler("Syslog", LogLevel.INFO),
                new DelimiterBasedFrameDecoder(2000, true, Delimiters.lineDelimiter()),
                new TCPSyslogMessageDecoder(),
                new SyslogMessageDecoder(),
                new PaloAltoMessageDecoder(),
                new MyPaloAltoMessageHandler()
            );
          }
        })
        .option(ChannelOption.SO_BACKLOG, 128)          // (5)
        .childOption(ChannelOption.SO_KEEPALIVE, true); // (6)

Subscribe to receive the messages you are interested in.

import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.SimpleChannelInboundHandler;

import java.util.ArrayList;
import java.util.List;

class MyPaloAltoMessageHandler extends SimpleChannelInboundHandler<TrafficLogMessage> {
  

  @Override
  protected void channelRead0(ChannelHandlerContext channelHandlerContext, TrafficLogMessage message) throws Exception {
  
  }
}

TrafficLogMessage

Name Description Type
receiveTime Receive Time java.util.Date
serialNumber Serial Number java.lang.String
type Type java.lang.String
threatContentType Threat/Content Type java.lang.String
generatedTime Generated Time java.util.Date
sourceIp Source IP java.lang.String
destinationIp Destination IP java.lang.String
natSourceIp NAT Source IP java.lang.String
natDestinationIp NAT Destination IP java.lang.String
ruleName Rule Name java.lang.String
sourceUser Source User java.lang.String
destinationUser Destination User java.lang.String
application Application java.lang.String
virtualSystem Virtual System java.lang.String
sourceZone Source Zone java.lang.String
destinationZone Destination Zone java.lang.String
inboundInterface Inbound Interface java.lang.String
outboundInterface Outbound Interface java.lang.String
logAction Log Action java.lang.String
sessionId Session ID java.lang.Long
repeatCount Repeat Count java.lang.Long
sourcePort Source Port java.lang.Integer
destinationPort Destination Port java.lang.Integer
natSourcePort NAT Source Port java.lang.Integer
natDestinationPort NAT Destination Port java.lang.Integer
flags Flags java.lang.Long
protocol Protocol java.lang.String
action Action java.lang.String
bytes Bytes java.lang.Long
bytesSent Bytes Sent java.lang.Long
bytesReceived Bytes Received java.lang.Long
packets Packets java.lang.Long
startTime Start Time java.util.Date
elapsedTime Elapsed Time java.lang.Long
category Category java.lang.String
sequenceNumber Sequence Number java.lang.Long
actionFlags Action Flags java.lang.String
sourceLocation Source Location java.lang.String
destinationLocation Destination Location java.lang.String
packetsSent Packets Sent java.lang.Long
packetsReceived Packets Received java.lang.Long
sessionEndReason Session End Reason java.lang.String
deviceGroupHierarchyLevel1 Device Group Hierarchy Level 1 java.lang.String
deviceGroupHierarchyLevel2 Device Group Hierarchy Level 2 java.lang.String
deviceGroupHierarchyLevel3 Device Group Hierarchy Level 3 java.lang.String
deviceGroupHierarchyLevel4 Device Group Hierarchy Level 4 java.lang.String
virtualSystemName Virtual System Name java.lang.String
deviceName Device Name java.lang.String
actionSource Action Source java.lang.String
sourceVmUuid Source VM UUID java.lang.String
destinationVmUuid Destination VM UUID java.lang.String
tunnelIdImsi Tunnel ID/IMSI java.lang.String
monitorTagImei Monitor Tag/IMEI java.lang.String
parentSessionId Parent Session ID java.lang.String
parentStartTime Parent Start Time java.util.Date
tunnelType Tunnel Type java.lang.String

ConfigLogMessage

Name Description Type
receiveTime Receive Time java.util.Date
serialNumber Serial Number java.lang.String
type Type java.lang.String
subtype Subtype java.lang.String
generatedTime Generated Time java.util.Date
host Host java.lang.String
virtualSystem Virtual System java.lang.String
command Command java.lang.String
admin Admin java.lang.String
client Client java.lang.String
result Result java.lang.String
configurationPath Configuration Path java.lang.String
beforeChangeDetail Before Change Detail java.lang.String
afterChangeDetail After Change Detail java.lang.String
sequenceNumber Sequence Number java.lang.Long
actionFlags Action Flags java.lang.String
deviceGroupHierarchyLevel1 Device Group Hierarchy Level 1 java.lang.String
deviceGroupHierarchyLevel2 Device Group Hierarchy Level 2 java.lang.String
deviceGroupHierarchyLevel3 Device Group Hierarchy Level 3 java.lang.String
deviceGroupHierarchyLevel4 Device Group Hierarchy Level 4 java.lang.String
virtualSystemName Virtual System Name java.lang.String
deviceName Device Name java.lang.String

AuthenticationLogMessage

Name Description Type
receiveTime Receive Time java.util.Date
serialNumber Serial Number java.lang.String
type Type java.lang.String
subtype Subtype java.lang.String
generatedTime Generated Time java.util.Date
host Host java.lang.String
virtualSystem Virtual System java.lang.String
command Command java.lang.String
admin Admin java.lang.String
client Client java.lang.String
result Result java.lang.String
configurationPath Configuration Path java.lang.String
beforeChangeDetail Before Change Detail java.lang.String
afterChangeDetail After Change Detail java.lang.String
sequenceNumber Sequence Number java.lang.Long
actionFlags Action Flags java.lang.String
deviceGroupHierarchyLevel1 Device Group Hierarchy Level 1 java.lang.String
deviceGroupHierarchyLevel2 Device Group Hierarchy Level 2 java.lang.String
deviceGroupHierarchyLevel3 Device Group Hierarchy Level 3 java.lang.String
deviceGroupHierarchyLevel4 Device Group Hierarchy Level 4 java.lang.String
virtualSystemName Virtual System Name java.lang.String
deviceName Device Name java.lang.String

ThreatLogMessage

Name Description Type
receiveTime Receive Time java.util.Date
serialNumber Serial Number java.lang.String
type Type java.lang.String
threatContentType Threat/Content Type java.lang.String
generatedTime Generated Time java.util.Date
sourceIp Source IP java.lang.String
destinationIp Destination IP java.lang.String
natSourceIp NAT Source IP java.lang.String
natDestinationIp NAT Destination IP java.lang.String
ruleName Rule Name java.lang.String
sourceUser Source User java.lang.String
destinationUser Destination User java.lang.String
application Application java.lang.String
virtualSystem Virtual System java.lang.String
sourceZone Source Zone java.lang.String
destinationZone Destination Zone java.lang.String
inboundInterface Inbound Interface java.lang.String
outboundInterface Outbound Interface java.lang.String
logAction Log Action java.lang.String
sessionId Session ID java.lang.Long
repeatCount Repeat Count java.lang.Long
sourcePort Source Port java.lang.Integer
destinationPort Destination Port java.lang.Integer
natSourcePort NAT Source Port java.lang.Integer
natDestinationPort NAT Destination Port java.lang.Integer
flags Flags java.lang.Long
protocol Protocol java.lang.String
action Action java.lang.String
urlFilename URL/Filename java.lang.String
threatId Threat ID java.lang.String
category Category java.lang.String
severity Severity java.lang.String
direction Direction java.lang.String
sequenceNumber Sequence Number java.lang.Long
actionFlags Action Flags java.lang.String
sourceLocation Source Location java.lang.String
destinationLocation Destination Location java.lang.String
contentType Content Type java.lang.String
pcapId PCAP ID java.lang.String
fileDigest File Digest java.lang.String
cloud Cloud java.lang.String
urlIndex URL Index java.lang.String
userAgent User Agent java.lang.String
fileType File Type java.lang.String
xForwardedFor X-Forwarded-For java.lang.String
referer Referer java.lang.String
sender Sender java.lang.String
subject Subject java.lang.String
recipient Recipient java.lang.String
reportId Report ID java.lang.String
deviceGroupHierarchyLevel1 Device Group Hierarchy Level 1 java.lang.String
deviceGroupHierarchyLevel2 Device Group Hierarchy Level 2 java.lang.String
deviceGroupHierarchyLevel3 Device Group Hierarchy Level 3 java.lang.String
deviceGroupHierarchyLevel4 Device Group Hierarchy Level 4 java.lang.String
virtualSystemName Virtual System Name java.lang.String
deviceName Device Name java.lang.String
sourceVmUuid Source VM UUID java.lang.String
destinationVmUuid Destination VM UUID java.lang.String
httpMethod HTTP Method java.lang.String
tunnelIdImsi Tunnel ID/IMSI java.lang.String
monitorTagImei Monitor Tag/IMEI java.lang.String
parentSessionId Parent Session ID java.lang.String
parentStartTime Parent Start Time java.util.Date
tunnelType Tunnel Type java.lang.String
threatCategory Threat Category java.lang.String
contentVersion Content Version java.lang.String

UserIdLogMessage

Name Description Type
receiveTime Receive Time java.util.Date
serialNumber Serial Number java.lang.String
type Type java.lang.String
threatContentType Threat/Content Type java.lang.String
generatedTime Generated Time java.util.Date

HipMatchLogMessage

Name Description Type
receiveTime Receive Time java.util.Date
serialNumber Serial Number java.lang.String
type Type java.lang.String
generatedTime Generated Time java.util.Date
sourceUser Source User java.lang.String
virtualSystem Virtual System java.lang.String
machineName Machine Name java.lang.String
os OS java.lang.String
sourceIp Source IP java.lang.String
hip HIP java.lang.String
repeatCount Repeat Count java.lang.Long
hipType HIP Type java.lang.String
sequenceNumber Sequence Number java.lang.Long
actionFlags Action Flags java.lang.String
deviceGroupHierarchyLevel1 Device Group Hierarchy Level 1 java.lang.String
deviceGroupHierarchyLevel2 Device Group Hierarchy Level 2 java.lang.String
deviceGroupHierarchyLevel3 Device Group Hierarchy Level 3 java.lang.String
deviceGroupHierarchyLevel4 Device Group Hierarchy Level 4 java.lang.String
virtualSystemName Virtual System Name java.lang.String
deviceName Device Name java.lang.String
virtualSystemId Virtual System ID java.lang.String
ipv6SourceIp IPv6 Source Ip java.lang.String

SystemLogMessage

Name Description Type
receiveTime Receive Time java.util.Date
serialNumber Serial Number java.lang.String
type Type java.lang.String
subType Content/Threat Type java.lang.String
generatedTime Generated Time java.util.Date
virtualSystem Virtual System java.lang.String
eventId Event ID java.lang.String
object Object java.lang.String
module Module java.lang.String
severity Severity java.lang.String
description Description java.lang.String
sequenceNumber Sequence Number java.lang.Long
actionFlags Action Flags java.lang.String
deviceGroupHierarchyLevel1 Device Group Hierarchy Level 1 java.lang.String
deviceGroupHierarchyLevel2 Device Group Hierarchy Level 2 java.lang.String
deviceGroupHierarchyLevel3 Device Group Hierarchy Level 3 java.lang.String
deviceGroupHierarchyLevel4 Device Group Hierarchy Level 4 java.lang.String
virtualSystemName Virtual System Name java.lang.String
deviceName Device Name java.lang.String

Stats

Dependencies
2
Dependent packages
0
Dependent repositories
0
Total releases
5
Latest release
First release
Stars
2
Forks
0
Watchers
0
Contributors
1
Repository size
1.36 MB
SourceRank
7

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

0.1.7
0.1.5
0.1.4
0.1.3
0.1.1

Contributors

Jeremy Custenborder


See all contributors

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2020-10-11 06:23:59 UTC

Login to resync this project