diff --git a/README.md b/README.md
index 94df9da5..98ab3a51 100644
--- a/README.md
+++ b/README.md
@@ -157,6 +157,7 @@ option.
| ` --asciitable` | ASCII and Unicode table parser | [details](https://kellyjonbrazil.github.io/jc/docs/parsers/asciitable) |
| ` --asciitable-m` | multi-line ASCII and Unicode table parser | [details](https://kellyjonbrazil.github.io/jc/docs/parsers/asciitable_m) |
| ` --blkid` | `blkid` command parser | [details](https://kellyjonbrazil.github.io/jc/docs/parsers/blkid) |
+| ` --cef` | CEF string parser | [details](https://kellyjonbrazil.github.io/jc/docs/parsers/cef) |
| ` --chage` | `chage --list` command parser | [details](https://kellyjonbrazil.github.io/jc/docs/parsers/chage) |
| ` --cksum` | `cksum` and `sum` command parser | [details](https://kellyjonbrazil.github.io/jc/docs/parsers/cksum) |
| ` --crontab` | `crontab` command and file parser | [details](https://kellyjonbrazil.github.io/jc/docs/parsers/crontab) |
@@ -207,6 +208,7 @@ option.
| ` --lsof` | `lsof` command parser | [details](https://kellyjonbrazil.github.io/jc/docs/parsers/lsof) |
| ` --lsusb` | `lsusb` command parser | [details](https://kellyjonbrazil.github.io/jc/docs/parsers/lsusb) |
| ` --m3u` | M3U and M3U8 file parser | [details](https://kellyjonbrazil.github.io/jc/docs/parsers/m3u) |
+| ` --mdadm` | `mdadm` command parser | [details](https://kellyjonbrazil.github.io/jc/docs/parsers/mdadm) |
| ` --mount` | `mount` command parser | [details](https://kellyjonbrazil.github.io/jc/docs/parsers/mount) |
| ` --mpstat` | `mpstat` command parser | [details](https://kellyjonbrazil.github.io/jc/docs/parsers/mpstat) |
| ` --mpstat-s` | `mpstat` command streaming parser | [details](https://kellyjonbrazil.github.io/jc/docs/parsers/mpstat_s) |
@@ -233,6 +235,8 @@ option.
| ` --stat` | `stat` command parser | [details](https://kellyjonbrazil.github.io/jc/docs/parsers/stat) |
| ` --stat-s` | `stat` command streaming parser | [details](https://kellyjonbrazil.github.io/jc/docs/parsers/stat_s) |
| ` --sysctl` | `sysctl` command parser | [details](https://kellyjonbrazil.github.io/jc/docs/parsers/sysctl) |
+| ` --syslog-bsd` | Syslog RFC 3164 string parser | [details](https://kellyjonbrazil.github.io/jc/docs/parsers/syslog_bsd) |
+| ` --syslog` | Syslog RFC 5424 string parser | [details](https://kellyjonbrazil.github.io/jc/docs/parsers/syslog) |
| ` --systemctl` | `systemctl` command parser | [details](https://kellyjonbrazil.github.io/jc/docs/parsers/systemctl) |
| ` --systemctl-lj` | `systemctl list-jobs` command parser | [details](https://kellyjonbrazil.github.io/jc/docs/parsers/systemctl_lj) |
| ` --systemctl-ls` | `systemctl list-sockets` command parser | [details](https://kellyjonbrazil.github.io/jc/docs/parsers/systemctl_ls) |
diff --git a/completions/jc_bash_completion.sh b/completions/jc_bash_completion.sh
index b1230cc8..1e9ba714 100644
--- a/completions/jc_bash_completion.sh
+++ b/completions/jc_bash_completion.sh
@@ -3,8 +3,8 @@ _jc()
local cur prev words cword jc_commands jc_parsers jc_options \
jc_about_options jc_about_mod_options jc_help_options jc_special_options
- jc_commands=(acpi airport arp blkid chage cksum crontab date df dig dmidecode dpkg du env file finger free git gpg hciconfig id ifconfig iostat iptables iw jobs last lastb ls lsblk lsmod lsof lsusb md5 md5sum mount mpstat netstat nmcli ntpq pidstat ping ping6 pip pip3 postconf printenv ps route rpm rsync sfdisk sha1sum sha224sum sha256sum sha384sum sha512sum shasum ss stat sum sysctl systemctl systeminfo timedatectl top tracepath tracepath6 traceroute traceroute6 ufw uname update-alternatives upower uptime vdir vmstat w wc who xrandr zipinfo)
- jc_parsers=(--acpi --airport --airport-s --arp --asciitable --asciitable-m --blkid --chage --cksum --crontab --crontab-u --csv --csv-s --date --df --dig --dir --dmidecode --dpkg-l --du --email-address --env --file --finger --free --fstab --git-log --git-log-s --gpg --group --gshadow --hash --hashsum --hciconfig --history --hosts --id --ifconfig --ini --iostat --iostat-s --ip-address --iptables --iso-datetime --iw-scan --jar-manifest --jobs --jwt --kv --last --ls --ls-s --lsblk --lsmod --lsof --lsusb --m3u --mount --mpstat --mpstat-s --netstat --nmcli --ntpq --passwd --pidstat --pidstat-s --ping --ping-s --pip-list --pip-show --plist --postconf --ps --route --rpm-qi --rsync --rsync-s --sfdisk --shadow --ss --stat --stat-s --sysctl --systemctl --systemctl-lj --systemctl-ls --systemctl-luf --systeminfo --time --timedatectl --timestamp --top --top-s --tracepath --traceroute --ufw --ufw-appinfo --uname --update-alt-gs --update-alt-q --upower --uptime --url --vmstat --vmstat-s --w --wc --who --x509-cert --xml --xrandr --yaml --zipinfo)
+ jc_commands=(acpi airport arp blkid chage cksum crontab date df dig dmidecode dpkg du env file finger free git gpg hciconfig id ifconfig iostat iptables iw jobs last lastb ls lsblk lsmod lsof lsusb md5 md5sum mdadm mount mpstat netstat nmcli ntpq pidstat ping ping6 pip pip3 postconf printenv ps route rpm rsync sfdisk sha1sum sha224sum sha256sum sha384sum sha512sum shasum ss stat sum sysctl systemctl systeminfo timedatectl top tracepath tracepath6 traceroute traceroute6 ufw uname update-alternatives upower uptime vdir vmstat w wc who xrandr zipinfo)
+ jc_parsers=(--acpi --airport --airport-s --arp --asciitable --asciitable-m --blkid --cef --chage --cksum --crontab --crontab-u --csv --csv-s --date --df --dig --dir --dmidecode --dpkg-l --du --email-address --env --file --finger --free --fstab --git-log --git-log-s --gpg --group --gshadow --hash --hashsum --hciconfig --history --hosts --id --ifconfig --ini --iostat --iostat-s --ip-address --iptables --iso-datetime --iw-scan --jar-manifest --jobs --jwt --kv --last --ls --ls-s --lsblk --lsmod --lsof --lsusb --m3u --mdadm --mount --mpstat --mpstat-s --netstat --nmcli --ntpq --passwd --pidstat --pidstat-s --ping --ping-s --pip-list --pip-show --plist --postconf --ps --route --rpm-qi --rsync --rsync-s --sfdisk --shadow --ss --stat --stat-s --sysctl --syslog-bsd --syslog --systemctl --systemctl-lj --systemctl-ls --systemctl-luf --systeminfo --time --timedatectl --timestamp --top --top-s --tracepath --traceroute --ufw --ufw-appinfo --uname --update-alt-gs --update-alt-q --upower --uptime --url --vmstat --vmstat-s --w --wc --who --x509-cert --xml --xrandr --yaml --zipinfo)
jc_options=(--force-color -C --debug -d --monochrome -m --pretty -p --quiet -q --raw -r --time-out -t --unbuffer -u --yaml-out -y)
jc_about_options=(--about -a)
jc_about_mod_options=(--pretty -p --yaml-out -y --monochrome -m --force-color -C)
diff --git a/completions/jc_zsh_completion.sh b/completions/jc_zsh_completion.sh
index 153489df..60b2ee09 100644
--- a/completions/jc_zsh_completion.sh
+++ b/completions/jc_zsh_completion.sh
@@ -9,7 +9,7 @@ _jc() {
jc_help_options jc_help_options_describe \
jc_special_options jc_special_options_describe
- jc_commands=(acpi airport arp blkid chage cksum crontab date df dig dmidecode dpkg du env file finger free git gpg hciconfig id ifconfig iostat iptables iw jobs last lastb ls lsblk lsmod lsof lsusb md5 md5sum mount mpstat netstat nmcli ntpq pidstat ping ping6 pip pip3 postconf printenv ps route rpm rsync sfdisk sha1sum sha224sum sha256sum sha384sum sha512sum shasum ss stat sum sysctl systemctl systeminfo timedatectl top tracepath tracepath6 traceroute traceroute6 ufw uname update-alternatives upower uptime vdir vmstat w wc who xrandr zipinfo)
+ jc_commands=(acpi airport arp blkid chage cksum crontab date df dig dmidecode dpkg du env file finger free git gpg hciconfig id ifconfig iostat iptables iw jobs last lastb ls lsblk lsmod lsof lsusb md5 md5sum mdadm mount mpstat netstat nmcli ntpq pidstat ping ping6 pip pip3 postconf printenv ps route rpm rsync sfdisk sha1sum sha224sum sha256sum sha384sum sha512sum shasum ss stat sum sysctl systemctl systeminfo timedatectl top tracepath tracepath6 traceroute traceroute6 ufw uname update-alternatives upower uptime vdir vmstat w wc who xrandr zipinfo)
jc_commands_describe=(
'acpi:run "acpi" command with magic syntax.'
'airport:run "airport" command with magic syntax.'
@@ -46,6 +46,7 @@ _jc() {
'lsusb:run "lsusb" command with magic syntax.'
'md5:run "md5" command with magic syntax.'
'md5sum:run "md5sum" command with magic syntax.'
+ 'mdadm:run "mdadm" command with magic syntax.'
'mount:run "mount" command with magic syntax.'
'mpstat:run "mpstat" command with magic syntax.'
'netstat:run "netstat" command with magic syntax.'
@@ -94,7 +95,7 @@ _jc() {
'xrandr:run "xrandr" command with magic syntax.'
'zipinfo:run "zipinfo" command with magic syntax.'
)
- jc_parsers=(--acpi --airport --airport-s --arp --asciitable --asciitable-m --blkid --chage --cksum --crontab --crontab-u --csv --csv-s --date --df --dig --dir --dmidecode --dpkg-l --du --email-address --env --file --finger --free --fstab --git-log --git-log-s --gpg --group --gshadow --hash --hashsum --hciconfig --history --hosts --id --ifconfig --ini --iostat --iostat-s --ip-address --iptables --iso-datetime --iw-scan --jar-manifest --jobs --jwt --kv --last --ls --ls-s --lsblk --lsmod --lsof --lsusb --m3u --mount --mpstat --mpstat-s --netstat --nmcli --ntpq --passwd --pidstat --pidstat-s --ping --ping-s --pip-list --pip-show --plist --postconf --ps --route --rpm-qi --rsync --rsync-s --sfdisk --shadow --ss --stat --stat-s --sysctl --systemctl --systemctl-lj --systemctl-ls --systemctl-luf --systeminfo --time --timedatectl --timestamp --top --top-s --tracepath --traceroute --ufw --ufw-appinfo --uname --update-alt-gs --update-alt-q --upower --uptime --url --vmstat --vmstat-s --w --wc --who --x509-cert --xml --xrandr --yaml --zipinfo)
+ jc_parsers=(--acpi --airport --airport-s --arp --asciitable --asciitable-m --blkid --cef --chage --cksum --crontab --crontab-u --csv --csv-s --date --df --dig --dir --dmidecode --dpkg-l --du --email-address --env --file --finger --free --fstab --git-log --git-log-s --gpg --group --gshadow --hash --hashsum --hciconfig --history --hosts --id --ifconfig --ini --iostat --iostat-s --ip-address --iptables --iso-datetime --iw-scan --jar-manifest --jobs --jwt --kv --last --ls --ls-s --lsblk --lsmod --lsof --lsusb --m3u --mdadm --mount --mpstat --mpstat-s --netstat --nmcli --ntpq --passwd --pidstat --pidstat-s --ping --ping-s --pip-list --pip-show --plist --postconf --ps --route --rpm-qi --rsync --rsync-s --sfdisk --shadow --ss --stat --stat-s --sysctl --syslog-bsd --syslog --systemctl --systemctl-lj --systemctl-ls --systemctl-luf --systeminfo --time --timedatectl --timestamp --top --top-s --tracepath --traceroute --ufw --ufw-appinfo --uname --update-alt-gs --update-alt-q --upower --uptime --url --vmstat --vmstat-s --w --wc --who --x509-cert --xml --xrandr --yaml --zipinfo)
jc_parsers_describe=(
'--acpi:`acpi` command parser'
'--airport:`airport -I` command parser'
@@ -103,6 +104,7 @@ _jc() {
'--asciitable:ASCII and Unicode table parser'
'--asciitable-m:multi-line ASCII and Unicode table parser'
'--blkid:`blkid` command parser'
+ '--cef:CEF string parser'
'--chage:`chage --list` command parser'
'--cksum:`cksum` and `sum` command parser'
'--crontab:`crontab` command and file parser'
@@ -153,6 +155,7 @@ _jc() {
'--lsof:`lsof` command parser'
'--lsusb:`lsusb` command parser'
'--m3u:M3U and M3U8 file parser'
+ '--mdadm:`mdadm` command parser'
'--mount:`mount` command parser'
'--mpstat:`mpstat` command parser'
'--mpstat-s:`mpstat` command streaming parser'
@@ -179,6 +182,8 @@ _jc() {
'--stat:`stat` command parser'
'--stat-s:`stat` command streaming parser'
'--sysctl:`sysctl` command parser'
+ '--syslog-bsd:Syslog RFC 3164 string parser'
+ '--syslog:Syslog RFC 5424 string parser'
'--systemctl:`systemctl` command parser'
'--systemctl-lj:`systemctl list-jobs` command parser'
'--systemctl-ls:`systemctl list-sockets` command parser'
diff --git a/docs/parsers/cef.md b/docs/parsers/cef.md
new file mode 100644
index 00000000..1cbec06c
--- /dev/null
+++ b/docs/parsers/cef.md
@@ -0,0 +1,68 @@
+[Home](https://kellyjonbrazil.github.io/jc/)
+
+
+# jc.parsers.cef
+
+jc - JSON Convert CEF string parser
+
+This is a best-effort parser since there are so many variations to CEF
+formatting from different vendors. If you require special handling for your
+CEF input, you can copy this parser code to the `jc` pluggin directory for
+your system and modify it to suit your needs.
+
+This parser will accept a single CEF string or multiple CEF string lines.
+Any text before "CEF" will be ignored. Syslog and CEF escaped characters
+(`\\`, `\\"`, `\\]`, `\\|`, `\\n`, `\\r`) are unescaped. To preserve
+escaping, use the `--raw` or `raw=True` option in the `parse()` function.
+
+Usage (cli):
+
+ $ echo 'CEF:0|Vendor|Product|3.2.0|1|SYSTEM|1|... | jc --cef
+
+Usage (module):
+
+ import jc
+ result = jc.parse('cef', cef_string_output)
+
+Schema:
+
+ [
+ {
+ "cef": string,
+ "bar": boolean,
+ "baz": integer
+ }
+ ]
+
+Examples:
+
+ $ cef | jc --cef -p
+ []
+
+ $ cef | jc --cef -p -r
+ []
+
+
+
+### parse
+
+```python
+def parse(data: str, raw: bool = False, quiet: bool = False) -> List[Dict]
+```
+
+Main text parsing function
+
+Parameters:
+
+ data: (string) text data to parse
+ raw: (boolean) unprocessed output if True
+ quiet: (boolean) suppress warning messages if True
+
+Returns:
+
+ List of Dictionaries. Raw or processed structured data.
+
+### Parser Information
+Compatibility: linux, darwin, cygwin, win32, aix, freebsd
+
+Version 1.0 by Kelly Brazil (kellyjonbrazil@gmail.com)
diff --git a/docs/parsers/mdadm.md b/docs/parsers/mdadm.md
new file mode 100644
index 00000000..8522af7c
--- /dev/null
+++ b/docs/parsers/mdadm.md
@@ -0,0 +1,64 @@
+[Home](https://kellyjonbrazil.github.io/jc/)
+
+
+# jc.parsers.mdadm
+
+jc - JSON Convert `mdadm` command output parser
+
+<>
+
+Usage (cli):
+
+ $ mdadm | jc --mdadm
+
+ or
+
+ $ jc mdadm
+
+Usage (module):
+
+ import jc
+ result = jc.parse('mdadm', mdadm_command_output)
+
+Schema:
+
+ [
+ {
+ "mdadm": string,
+ "bar": boolean,
+ "baz": integer
+ }
+ ]
+
+Examples:
+
+ $ mdadm | jc --mdadm -p
+ []
+
+ $ mdadm | jc --mdadm -p -r
+ []
+
+
+
+### parse
+
+```python
+def parse(data: str, raw: bool = False, quiet: bool = False) -> Dict
+```
+
+Main text parsing function
+
+Parameters:
+
+ data: (string) text data to parse
+ raw: (boolean) unprocessed output if True
+ quiet: (boolean) suppress warning messages if True
+
+Returns:
+
+ List of Dictionaries. Raw or processed structured data.
+
+### Parser Information
+Compatibility: linux
+
+Version 1.0 by Kelly Brazil (kellyjonbrazil@gmail.com)
diff --git a/docs/parsers/syslog.md b/docs/parsers/syslog.md
new file mode 100644
index 00000000..591c41b1
--- /dev/null
+++ b/docs/parsers/syslog.md
@@ -0,0 +1,64 @@
+[Home](https://kellyjonbrazil.github.io/jc/)
+
+
+# jc.parsers.syslog
+
+jc - JSON Convert Syslog RFC 5424 string parser
+
+<>
+
+Usage (cli):
+
+ $ syslogstring | jc --syslog
+
+ or
+
+ $ jc syslog-5424
+
+Usage (module):
+
+ import jc
+ result = jc.parse('syslog', syslog_command_output)
+
+Schema:
+
+ [
+ {
+ "syslog-5424": string,
+ "bar": boolean,
+ "baz": integer
+ }
+ ]
+
+Examples:
+
+ $ syslog-5424 | jc --syslog-5424 -p
+ []
+
+ $ syslog-5424 | jc --syslog-5424 -p -r
+ []
+
+
+
+### parse
+
+```python
+def parse(data: str, raw: bool = False, quiet: bool = False) -> List[Dict]
+```
+
+Main text parsing function
+
+Parameters:
+
+ data: (string) text data to parse
+ raw: (boolean) unprocessed output if True
+ quiet: (boolean) suppress warning messages if True
+
+Returns:
+
+ List of Dictionaries. Raw or processed structured data.
+
+### Parser Information
+Compatibility: linux, darwin, cygwin, win32, aix, freebsd
+
+Version 1.0 by Kelly Brazil (kellyjonbrazil@gmail.com)
diff --git a/docs/parsers/syslog_bsd.md b/docs/parsers/syslog_bsd.md
new file mode 100644
index 00000000..0512b470
--- /dev/null
+++ b/docs/parsers/syslog_bsd.md
@@ -0,0 +1,64 @@
+[Home](https://kellyjonbrazil.github.io/jc/)
+
+
+# jc.parsers.syslog\_bsd
+
+jc - JSON Convert Syslog RFC 3164 string parser
+
+<>
+
+Usage (cli):
+
+ $ syslogstring | jc --syslog-bsd
+
+ or
+
+ $ jc syslog-3164
+
+Usage (module):
+
+ import jc
+ result = jc.parse('syslog_bsd', syslog_command_output)
+
+Schema:
+
+ [
+ {
+ "syslog-3164": string,
+ "bar": boolean,
+ "baz": integer
+ }
+ ]
+
+Examples:
+
+ $ syslog-3164 | jc --syslog-3164 -p
+ []
+
+ $ syslog-3164 | jc --syslog-3164 -p -r
+ []
+
+
+
+### parse
+
+```python
+def parse(data: str, raw: bool = False, quiet: bool = False) -> List[Dict]
+```
+
+Main text parsing function
+
+Parameters:
+
+ data: (string) text data to parse
+ raw: (boolean) unprocessed output if True
+ quiet: (boolean) suppress warning messages if True
+
+Returns:
+
+ List of Dictionaries. Raw or processed structured data.
+
+### Parser Information
+Compatibility: linux, darwin, cygwin, win32, aix, freebsd
+
+Version 1.0 by Kelly Brazil (kellyjonbrazil@gmail.com)
diff --git a/jc/lib.py b/jc/lib.py
index 1c2a0797..0c8f217e 100644
--- a/jc/lib.py
+++ b/jc/lib.py
@@ -94,8 +94,8 @@ parsers = [
'stat',
'stat-s',
'sysctl',
- 'syslog-3164',
- 'syslog-5424',
+ 'syslog-bsd',
+ 'syslog',
'systemctl',
'systemctl-lj',
'systemctl-ls',
diff --git a/jc/parsers/syslog_5424.py b/jc/parsers/syslog.py
similarity index 55%
rename from jc/parsers/syslog_5424.py
rename to jc/parsers/syslog.py
index 9fa646a2..50b707e9 100644
--- a/jc/parsers/syslog_5424.py
+++ b/jc/parsers/syslog.py
@@ -4,7 +4,7 @@
Usage (cli):
- $ syslog-5424 | jc --syslog-5424
+ $ syslogstring | jc --syslog
or
@@ -13,7 +13,7 @@ Usage (cli):
Usage (module):
import jc
- result = jc.parse('syslog_5424', syslog_command_output)
+ result = jc.parse('syslog', syslog_command_output)
Schema:
@@ -61,11 +61,45 @@ def _process(proc_data: List[Dict]) -> List[Dict]:
List of Dictionaries. Structured to conform to the schema.
"""
+ # fix escape chars specified in syslog RFC 5424
+ # https://www.rfc-editor.org/rfc/rfc5424.html#section-6
+ escape_map = {
+ r'\\': '\\',
+ r'\"': r'"',
+ r'\]': r']'
+ }
+
+ structured = re.compile(r'''
+ (?P\[
+ (?P[^\[\=\x22\]\x20]{1,32})\s
+ (?P[^\[\=\x22\x20]{1,32}=\x22.+\x22\s?)+\]
+ )
+ ''', re.VERBOSE
+ )
+
+ each_struct = r'''(?P\[.+?(?[^\[\=\x22\]\x20]{1,32})\s'''
+
+ key_vals = r'''(?P\w+)=(?P\"[^\"]*\")'''
+
+ for item in proc_data:
+ for key, value in item.copy().items():
+ # remove any spaces around values
+ if item[key]:
+ item[key] = value.strip()
+
+ # fixup escaped characters
+ for esc, esc_sub in escape_map.items():
+ if item[key]:
+ item[key] = item[key].replace(esc, esc_sub)
+
+ # parse identity and key value pairs in the structured data section
+ # if proc_data['structured_data']:
+ # struct_match = structured.match(proc_data['structured_data'])
+ # if struct_match:
+ # struct_dict = struct_match.groupdict()
- # process the data here
- # rebuild output for added semantic information
- # use helper functions in jc.utils for int, float, bool
- # conversions and timestamps
return proc_data
@@ -92,7 +126,7 @@ def parse(
jc.utils.input_type_check(data)
raw_output: List = []
- syslog_dict = {}
+ syslog_out = {}
# inspired by https://regex101.com/library/Wgbxn2
syslog = re.compile(r'''
@@ -120,23 +154,29 @@ def parse(
for line in filter(None, data.splitlines()):
syslog_match = syslog.match(line)
if syslog_match:
- priority = None
- if syslog_match.group('priority'):
- priority = syslog_match.group('priority')[1:-1]
+ syslog_dict = syslog_match.groupdict()
+ for item in syslog_dict:
+ if syslog_dict[item] == '-':
+ syslog_dict[item] = None
- syslog_dict = {
+ priority = None
+
+ if syslog_dict['priority']:
+ priority = syslog_dict['priority'][1:-1]
+
+ syslog_out = {
'priority': priority,
- 'version': syslog_match.group('version'),
- 'timestamp': syslog_match.group('timestamp'),
- 'hostname': syslog_match.group('hostname'),
- 'appname': syslog_match.group('appname'),
- 'proc_id': syslog_match.group('procid'),
- 'msg_id': syslog_match.group('msgid'),
- 'struct': syslog_match.group('structureddata'),
- 'message': syslog_match.group('msg')
+ 'version': syslog_dict['version'],
+ 'timestamp': syslog_dict['timestamp'],
+ 'hostname': syslog_dict['hostname'],
+ 'appname': syslog_dict['appname'],
+ 'proc_id': syslog_dict['procid'],
+ 'msg_id': syslog_dict['msgid'],
+ 'structured_data': syslog_dict['structureddata'],
+ 'message': syslog_dict['msg']
}
- if syslog_dict:
- raw_output.append(syslog_dict)
+ if syslog_out:
+ raw_output.append(syslog_out)
return raw_output if raw else _process(raw_output)
diff --git a/jc/parsers/syslog_3164.py b/jc/parsers/syslog_bsd.py
similarity index 96%
rename from jc/parsers/syslog_3164.py
rename to jc/parsers/syslog_bsd.py
index dd6834b2..65b264ed 100644
--- a/jc/parsers/syslog_3164.py
+++ b/jc/parsers/syslog_bsd.py
@@ -4,7 +4,7 @@
Usage (cli):
- $ syslog-3164 | jc --syslog-3164
+ $ syslogstring | jc --syslog-bsd
or
@@ -13,7 +13,7 @@ Usage (cli):
Usage (module):
import jc
- result = jc.parse('syslog_3164', syslog_command_output)
+ result = jc.parse('syslog_bsd', syslog_command_output)
Schema:
diff --git a/man/jc.1 b/man/jc.1
index b237c3d8..312dc9e0 100644
--- a/man/jc.1
+++ b/man/jc.1
@@ -1,4 +1,4 @@
-.TH jc 1 2022-08-06 1.20.5 "JSON Convert"
+.TH jc 1 2022-08-12 1.20.5 "JSON Convert"
.SH NAME
\fBjc\fP \- JSON Convert JSONifies the output of many CLI tools and file-types
.SH SYNOPSIS
@@ -52,6 +52,11 @@ multi-line ASCII and Unicode table parser
\fB--blkid\fP
`blkid` command parser
+.TP
+.B
+\fB--cef\fP
+CEF string parser
+
.TP
.B
\fB--chage\fP
@@ -302,6 +307,11 @@ Key/Value file parser
\fB--m3u\fP
M3U and M3U8 file parser
+.TP
+.B
+\fB--mdadm\fP
+`mdadm` command parser
+
.TP
.B
\fB--mount\fP
@@ -432,6 +442,16 @@ PLIST file parser
\fB--sysctl\fP
`sysctl` command parser
+.TP
+.B
+\fB--syslog-bsd\fP
+Syslog RFC 3164 string parser
+
+.TP
+.B
+\fB--syslog\fP
+Syslog RFC 5424 string parser
+
.TP
.B
\fB--systemctl\fP