Data Model¶

class zlogging.model.Model(*args, **kwargs)[source]¶

Bases: object

Log data model.

Parameters

*args (Any) – Arbitrary positional arguments.
**kwargs (Any) – Arbitrary keyword arguments.

Warns

BroDeprecationWarning – Use of bro_* type annotations.

Raises

ModelValueError – In case of inconsistency between field data types, or values of unset_field, empty_field and set_separator.
ModelTypeError – Wrong parameters when initialisation.

Return type

Model

Note

Customise the Model.__post_init__ method in your subclassed data model to implement your own ideas.

Example

Define a custom log data model using the prefines Bro/Zeek data types, or subclasses of BaseType:

class MyLog(Model):
    field_one = StringType()
    field_two = SetType(element_type=PortType)

Or you may use type annotations as PEP 484 introduced when declaring data models. All available type hints can be found in zlogging.typing:

class MyLog(Model):
    field_one: zeek_string
    field_two: zeek_set[zeek_port]

However, when mixing annotations and direct assignments, annotations will take proceedings, i.e. the Model class shall process first annotations then assignments. Should there be any conflicts, ModelError will be raised.

See also

See expand_typing() for more information about processing the fields.

property fields: OrderedDict[str, Union[_SimpleType, _GenericType]]¶: Fields of the data model.

property unset_field: bytes¶

Placeholder for empty field.

Return type: bytes

property empty_field: bytes¶

Placeholder for unset field.

Return type: bytes

property set_separator: bytes¶

Separator for set/vector fields.

Return type: bytes

__post_init__()[source]¶

Post-processing customisation.

Return type: None

__call__(format)[source]¶

Serialise data model with given format.

Parameters: format (str) – Serialisation format.
Return type: Any
Returns: The serialised data.
Raises: ModelFormatError – If format is not supproted, i.e. Mode.to{format}() does not exist.

tojson()[source]¶

Serialise data model as JSON log format.

Returns: An OrderedDict mapping each field and serialised JSON serialisable data.
Return type: OrderedDict[str, Any]

toascii()[source]¶

Serialise data model as ASCII log format.

Returns: An OrderedDict mapping each field and serialised text data.
Return type: OrderedDict[str, str]

asdict(dict_factory=None)[source]¶

Convert data model as a dictionary mapping field names to field values.

Parameters: dict_factory (Optional[Type[dict]]) – If given, dict_factory will be used instead of built-in dict.
Returns: A dictionary mapping field names to field values.
Return type: dict[str, Any]

astuple(tuple_factory=None)[source]¶

Convert data model as a tuple of field values.

Parameters: tuple_factory (Optional[Type[tuple]]) – If given, tuple_factory will be used instead of built-in namedtuple.
Returns: A tuple of field values.
Return type: tuple[Any, …]

zlogging.model.new_model(name, **fields)[source]¶

Create a data model dynamically with the appropriate fields.

Parameters

name (str) – data model name
**fields – defined fields of the data model

Return type

Type[Model]

Returns

Created data model.

Examples

Typically, we define a data model by subclassing the Model class, as following:

class MyLog(Model):
    field_one = StringType()
    field_two = SetType(element_type=PortType)

when defining dynamically with new_model(), the definition above can be rewrote to:

MyLog = new_model('MyLog', field_one=StringType(), field_two=SetType(element_type=PortType))

Data Model¶

ZLogging

Navigation

Related Topics