µSIEM Parser

Basic Parser component that supports multiple different sources and log formats

Usage

```rust // Create component and register parsers let mut parsercomponent = BasicParserComponent::new(); parsercomponent.addparser(Box::from(parser1)); parsercomponent.add_parser(Box::from(parser2));

// Send the component to the kernel to be managed kernel.addcomponent(parsercomponent); ```

How to build parsers

There are some examples in the µSIEM library used for testing.

```rust

[derive(Clone)]

pub struct DummyParserText { schema : FieldSchema } impl DummyParserText { pub fn new() -> Self { Self { schema : FieldSchema::new() } } }

impl LogParser for DummyParserText { fn parselog( &self, mut log: SiemLog, _datasets: &DatasetHolder, ) -> Result { if !log.message().contains("DUMMY") { return Err(LogParsingError::NoValidParser(log)); } log.addfield("parser", SiemField::from_str("DummyParserText")); Ok(log) } fn name(&self) -> &'static str { "DummyParserText" } fn description(&self) -> &'static str { "This is a dummy that parsers if contains DUMMY in text" } fn schema(&self) -> & FieldSchema { &self.schema }

fn generator(&self) -> Box<dyn LogGenerator> {
    return Box::new(DummyLogGenerator {});
}

}

let parser1 = DummyParserText::new(); parsercomponent.addparser(Box::from(parser1));

```