Log Loaders¶
Functional Interfaces¶
General APIs¶
- zlogging.loader.parse(filename, *args, **kwargs)[source]¶
Parse Bro/Zeek log file.
- Parameters
filename (PathLike[str]) – Log file name.
*args (Any) – See
parse_json()
andparse_ascii()
for more information.**kwargs (Any) – See
parse_json()
andparse_ascii()
for more information.
- Returns
The parsed JSON log data.
- Raises
ParserError – If the format of the log file is unknown.
- Return type
- zlogging.loader.loads(data, *args, **kwargs)[source]¶
Parse Bro/Zeek log string.
- Parameters
data (
Union
[str
,bytes
]) – Log string as binary or encoded string.*args – See
loads_json()
andloads_ascii()
for more information.**kwargs – See
loads_json()
andloads_ascii()
for more information.
- Return type
- Returns
The parsed JSON log data.
- Raises
ParserError – If the format of the log file is unknown.
- zlogging.loader.load(file, *args, **kwargs)[source]¶
Parse Bro/Zeek log file.
- Parameters
file (
BufferedReader
) – Log file object opened in binary mode.*args – See
load_json()
andload_ascii()
for more information.**kwargs – See
load_json()
andload_ascii()
for more information.
- Return type
- Returns
The parsed JSON log data.
- Raises
ParserError – If the format of the log file is unknown.
ASCII Format¶
- zlogging.loader.parse_ascii(filename, parser=None, type_hook=None, enum_namespaces=None, bare=False, *args, **kwargs)[source]¶
Parse ASCII log file.
- Parameters
filename (PathLike[str]) – Log file name.
parser (Optional[Type[ASCIIParser]]) – Parser class.
type_hook (Optional[dict[str, Type[BaseType]]]) – Bro/Zeek type parser hooks. User may customise subclasses of
BaseType
to modify parsing behaviours.enum_namespaces (Optional[list[str]]) – Namespaces to be loaded.
bare (bool) – If
True
, do not loadzeek
namespace by default.*args (Any) – Arbitrary positional arguments.
**kwargs (Any) – Arbitrary keyword arguments.
- Returns
The parsed ASCII log data.
- Return type
- zlogging.loader.loads_ascii(data, parser=None, type_hook=None, enum_namespaces=None, bare=False, *args, **kwargs)[source]¶
Parse ASCII log string.
- Parameters
data (AnyStr) – Log string as binary or encoded string.
parser (Optional[Type[ASCIIParser]]) – Parser class.
type_hook (Optional[dict[str, Type[BaseType]]]) – Bro/Zeek type parser hooks. User may customise subclasses of
BaseType
to modify parsing behaviours.enum_namespaces (Optional[list[str]]) – Namespaces to be loaded.
bare (bool) – If
True
, do not loadzeek
namespace by default.*args (Any) – Arbitrary positional arguments.
**kwargs (Any) – Arbitrary keyword arguments.
- Returns
The parsed ASCII log data.
- Return type
- zlogging.loader.load_ascii(file, parser=None, type_hook=None, enum_namespaces=None, bare=False, *args, **kwargs)[source]¶
Parse ASCII log file.
- Parameters
file (BinaryFile) – Log file object opened in binary mode.
parser (Optional[Type[ASCIIParser]]) – Parser class.
type_hook (Optional[dict[str, Type[BaseType]]]) – Bro/Zeek type parser hooks. User may customise subclasses of
BaseType
to modify parsing behaviours.enum_namespaces (Optional[list[str]]) – Namespaces to be loaded.
bare (bool) – If
True
, do not loadzeek
namespace by default.*args (Any) – Arbitrary positional arguments.
**kwargs (Any) – Arbitrary keyword arguments.
- Returns
The parsed ASCII log data.
- Return type
JSON Format¶
- zlogging.loader.parse_json(filename, parser=None, model=None, *args, **kwargs)[source]¶
Parse JSON log file.
- Parameters
filename (PathLike[str]) – Log file name.
parser (Optional[Type[JSONParser]]) – Parser class.
model (Optional[Type[Model]]) – Field declarations for
JSONParser
, as in JSON logs the field typing information are omitted by the Bro/Zeek logging framework.*args (Any) – Arbitrary positional arguments.
**kwargs (Any) – Arbitrary keyword arguments.
- Returns
The parsed JSON log data.
- Return type
- zlogging.loader.loads_json(data, parser=None, model=None, *args, **kwargs)[source]¶
Parse JSON log string.
- Parameters
data (
Union
[str
,bytes
]) – Log string as binary or encoded string.parser (
Optional
[Type
[JSONParser
]]) – Parser class.model (
Optional
[Type
[Model
]]) – Field declarations forJSONParser
, as in JSON logs the field typing information are omitted by the Bro/Zeek logging framework.*args – Arbitrary positional arguments.
**kwargs – Arbitrary keyword arguments.
- Return type
- Returns
The parsed JSON log data.
- zlogging.loader.load_json(file, parser=None, model=None, *args, **kwargs)[source]¶
Parse JSON log file.
- Parameters
file (
BufferedReader
) – Log file object opened in binary mode.parser (
Optional
[Type
[JSONParser
]]) – Parser class.model (
Optional
[Type
[Model
]]) – Field declarations forJSONParser
, as in JSON logs the field typing information are omitted by the Bro/Zeek logging framework.*args – Arbitrary positional arguments.
**kwargs – Arbitrary keyword arguments.
- Return type
- Returns
The parsed JSON log data.
Predefined Loaders¶
- class zlogging.loader.ASCIIParser(type_hook=None, enum_namespaces=None, bare=False)[source]¶
Bases:
BaseParser
ASCII log parser.
- Parameters
- parse_file(file, model=None)[source]¶
Parse log file.
- Parameters
- Return type
- Returns
The parsed log as a
Model
per line.- Warns
ASCIIParserWarning – If the ASCII log file exited with error, see
ASCIIInfo.exit_with_error
for more information.
- parse_line(line, lineno=0, model=None, separator=b'\\t', parser=None)[source]¶
Parse log line as one-line record.
- Parameters
- Returns
The parsed log as a plain
dict
.- Raises
ASCIIParserError – If
parser
is not provided; or failed to serialiseline
as ASCII.- Return type
- class zlogging.loader.JSONParser(model=None)[source]¶
Bases:
BaseParser
JSON log parser.
- Parameters
model (
Optional
[Type
[Model
]]) – Field declrations forJSONParser
, as in JSON logs the field typing information are omitted by the Bro/Zeek logging framework.- Warns
JSONParserWarning – If
model
is not specified.
- model: Optional[Type[Model]]¶
~zlogging.loader.JSONParser, as in JSON logs the field typing information are omitted by the Bro/Zeek logging framework.
- Type
Field declrations for
- Type
class
Abstract Base Loader¶
- class zlogging.loader.BaseParser[source]¶
Bases:
object
Basic log parser.