mirror of
https://github.com/kellyjonbrazil/jc.git
synced 2026-04-24 20:56:11 +02:00
doc update
This commit is contained in:
Kelly Brazil
+11
-4
@@ -16,6 +16,9 @@ Extended fields, as defined in the CEF specification, are relabeled
|
||||
and the values are converted to their respective types. Extra naive and
|
||||
UTC epoch timestamps are added where appropriate per the CEF specification.
|
||||
|
||||
A warning message to `STDERR` will be printed if an unparsable line is found
|
||||
unless `--quiet` or `quiet=True` is used.
|
||||
|
||||
To preserve escaping and original keynames and to prevent type conversions
|
||||
use the `--raw` CLI option or `raw=True` param in the `parse()` function.
|
||||
|
||||
@@ -40,15 +43,17 @@ See: https://www.microfocus.com/documentation/arcsight/arcsight-smartconnectors-
|
||||
"deviceProduct": string,
|
||||
"deviceVersion": string,
|
||||
"deviceEventClassId": string,
|
||||
"deviceEventClassIdNum": integer/null,
|
||||
"name": string,
|
||||
"agentSeverity": string/integer,
|
||||
"agentSeverityString": string,
|
||||
"agentSeverityNum": integer,
|
||||
"agentSeverityNum": integer/null,
|
||||
"CEFVersion": integer,
|
||||
<extended fields> string/integer/float, # [0]
|
||||
<extended fields>"_epoch": integer, # [1]
|
||||
<extended fields>"_epoch_utc": integer, # [2]
|
||||
<custom fields> string
|
||||
<extended fields>"_epoch": integer/null, # [1]
|
||||
<extended fields>"_epoch_utc": integer/null, # [2]
|
||||
<custom fields> string,
|
||||
"unparsable": string # [3]
|
||||
}
|
||||
]
|
||||
|
||||
@@ -59,6 +64,8 @@ See: https://www.microfocus.com/documentation/arcsight/arcsight-smartconnectors-
|
||||
[2] Timezone-aware calculated epoch timestamp. (UTC only) This value
|
||||
will be null if a UTC timezone cannot be extracted from the original
|
||||
timestamp string value.
|
||||
[3] this field exists if the CEF line is not parsable. The value
|
||||
is the original syslog line.
|
||||
|
||||
Examples:
|
||||
|
||||
|
||||
@@ -49,10 +49,12 @@ Examples:
|
||||
|
||||
$ cat syslog.txt | jc --syslog-bsd-s -p
|
||||
{"priority":34,"date":"Oct 11 22:14:15","hostname":"mymachine","t...}
|
||||
{"priority":34,"date":"Oct 11 22:14:16","hostname":"mymachine","t...}
|
||||
...
|
||||
|
||||
$ cat syslog.txt | jc --syslog-bsd-s -p -r
|
||||
{"priority":"34","date":"Oct 11 22:14:15","hostname":"mymachine","...}
|
||||
{"priority":"34","date":"Oct 11 22:14:16","hostname":"mymachine","...}
|
||||
...
|
||||
|
||||
<a id="jc.parsers.syslog_bsd_s.parse"></a>
|
||||
|
||||
@@ -72,10 +72,12 @@ Examples:
|
||||
|
||||
$ cat syslog.txt | jc --syslog-s -p
|
||||
{"priority":165,"version":1,"timestamp":"2003-08-24T05:14:15.000003-...}
|
||||
{"priority":165,"version":1,"timestamp":"2003-08-24T05:14:16.000003-...}
|
||||
...
|
||||
|
||||
$ cat syslog.txt | jc --syslog-s -p -r
|
||||
{"priority":"165","version":"1","timestamp":"2003-08-24T05:14:15.000...}
|
||||
{"priority":"165","version":"1","timestamp":"2003-08-24T05:15:15.000...}
|
||||
...
|
||||
|
||||
<a id="jc.parsers.syslog_s.parse"></a>
|
||||
|
||||
Reference in New Issue
Block a user