Pourover: Log Parsing for Lizards
Pourover is the only chemicaly-altered CEF Log Parsing library for Python, ideal for consumption by Lizard People.
Some stuff we can do:
from datetime import datetime
import pourover
# Create log objects from a file
log = pourover.parse_file('test.log')
# check the length pythonically - expose useful properties
if len(log) > 10:
if log.has_syslog_prefix and log.start_time > datetime(year=2018, month=4, day=20):
# perform some operations
pass
else:
# perform some operations on a logfile that doesn't have syslog prefixes
pass
else:
# perform some operations on a really small log
pass
# Find messages with a certain value in the header
search_results = log.search_headers('Specific Vendor')
for message in log:
# iterate through each message in the log like you'd expect to be able to
pass
# Logs can be indexed/sliced in the way you'd expect
first_message = log[0]
last_message = log[-1]
# Create message objects from a string
message = pourover.parse_line('Apr 15 22:11:20 testhost CEF:0|Test Vendor|Test Product|Test Version|100|Test Name|100|src=1.1.1.1 dst=1.1.1.2')
if message.has_syslog_prefix:
if message.timestamp > datetime(year=2018, month=4, day=20):
# perform an operation on logs from later than April 20th, 2018
pass
if 'src' in message.extensions:
# do something if it's got an extension called 'src'
pass
if message.device_vendor == 'Some Vendor':
# do something if the vendor is Some Vendor
pass
# stick this message right onto that log (it'll even order the messages by timestamp - wow!)
log.append(message)
💻
Installing To install Pourover, simply run
$ pip install pourover
✨🐊✨
🐊
Features
🐉
Contributing
🐍
Get in Touch If you've found a Bug or would like to make a feature request, please see the Contributing section above, thanks!
If you'd like to reach out, shoot me an email at zach@csh.rit.edu.