usiem-basic-parser

Basic Parser component that supports multiple different sources and log formats

Usage

```rust // Create component and register parsers let mut parsercomponent = BasicParserComponent::new(); parsercomponent.addparser(Box::from(parser1)); parsercomponent.add_parser(Box::from(parser2));

// Send the component to the kernel to be managed kernel.addcomponent(parsercomponent); ```

How to build parsers

```rust use usiem::components::common::{LogParser, LogParsingError}; use usiem::events::SiemLog; use usiem::components::SiemComponent;

struct DummyParserTextDUMMY {}

impl LogParser for DummyParserTextDUMMY { fn parselog(&self, mut log: SiemLog) -> Result { log.addfield("parser", SiemField::from_str("DummyParserTextDUMMY")); Ok(log) } fn name(&self) -> Cow<'static, str> { Cow::Borrowed("DummyParserTextDUMMY") } }

let parser1 = DummyParserTextDUMMY{}; parsercomponent.addparser(Box::from(parser1));

```