palo-alto-syslog-parser

A pom for deploying to maven central.

License	License Apache License 2.0
Categories	Categories Net Netty Networking
GroupId	GroupId com.github.jcustenborder.netty
ArtifactId	ArtifactId palo-alto-syslog-parser
Last Version	Last Version 0.1.7
Release Date	Release Date Apr 21, 2018
Type	Type jar
Description	Description palo-alto-syslog-parser A pom for deploying to maven central.
Project URL	Project URL https://github.com/jcustenborder/palo-alto-syslog-parser
Source Code Management	Source Code Management https://github.com/jcustenborder/palo-alto-syslog-parser

Download palo-alto-syslog-parser

Filename	Size
palo-alto-syslog-parser-0.1.7.pom
palo-alto-syslog-parser-0.1.7.jar	141 KB
palo-alto-syslog-parser-0.1.7-sources.jar	127 KB
palo-alto-syslog-parser-0.1.7-javadoc.jar	341 KB
Browse

How to add to project

Apache Maven

<!-- https://jarcasting.com/artifacts/com.github.jcustenborder.netty/palo-alto-syslog-parser/ -->
<dependency>
    <groupId>com.github.jcustenborder.netty</groupId>
    <artifactId>palo-alto-syslog-parser</artifactId>
    <version>0.1.7</version>
</dependency>

Gradle Groovy

// https://jarcasting.com/artifacts/com.github.jcustenborder.netty/palo-alto-syslog-parser/
implementation 'com.github.jcustenborder.netty:palo-alto-syslog-parser:0.1.7'

Gradle Kotlin

// https://jarcasting.com/artifacts/com.github.jcustenborder.netty/palo-alto-syslog-parser/
implementation ("com.github.jcustenborder.netty:palo-alto-syslog-parser:0.1.7")

Apache Buildr

'com.github.jcustenborder.netty:palo-alto-syslog-parser:jar:0.1.7'

Apache Ivy

<dependency org="com.github.jcustenborder.netty" name="palo-alto-syslog-parser" rev="0.1.7">
  <artifact name="palo-alto-syslog-parser" type="jar" />
</dependency>

Groovy Grape

@Grapes(
@Grab(group='com.github.jcustenborder.netty', module='palo-alto-syslog-parser', version='0.1.7')
)

Scala SBT

libraryDependencies += "com.github.jcustenborder.netty" % "palo-alto-syslog-parser" % "0.1.7"

Leiningen

[com.github.jcustenborder.netty/palo-alto-syslog-parser "0.1.7"]

Dependencies

compile (3)

Group / Artifact	Type	Version
com.opencsv : opencsv	jar	4.1
com.github.jcustenborder.netty : netty-codec-syslog	jar	[0.2.7,0.2.1000)
org.immutables : value	jar	2.5.5

provided (4)

Group / Artifact	Type	Version
io.netty : netty-all	jar	4.1.6.Final
org.slf4j : slf4j-api	jar	1.7.21
com.fasterxml.jackson.core : jackson-databind	jar	2.8.5
com.fasterxml.jackson.datatype : jackson-datatype-jsr310	jar	2.8.5

test (8)

Group / Artifact	Type	Version
org.junit.jupiter : junit-jupiter-engine	jar	5.1.0
org.junit.jupiter : junit-jupiter-api	jar	5.1.0
org.mockito : mockito-core	jar	2.18.3
org.mockito : mockito-junit-jupiter	jar	2.18.3
ch.qos.logback : logback-classic	jar	1.1.8
org.graylog2 : syslog4j	jar	0.9.60
com.google.guava : guava	jar	23.0
org.glassfish.jaxb : codemodel	jar	2.2.11

Project Modules

There are no modules declared in this project.

Introduction

This project provides an extended MessageToMessageDecoder to process syslog messages received by netty-codec-syslog. This works by receiving RFC3164Messages and parsing the message portion of the RFC3164Message into the proper PaloAltoMessage. To use this library you will need to have an understanding of Netty.

Usage

Add the message encoder to the existing pipeline.

    ServerBootstrap b = new ServerBootstrap(); // (2)
    b.group(bossGroup, workerGroup)
        .channel(NioServerSocketChannel.class) // (3)
        .childHandler(new ChannelInitializer<SocketChannel>() { // (4)
          @Override
          public void initChannel(SocketChannel ch) throws Exception {
            ch.pipeline().addLast(
                new LoggingHandler("Syslog", LogLevel.INFO),
                new DelimiterBasedFrameDecoder(2000, true, Delimiters.lineDelimiter()),
                new TCPSyslogMessageDecoder(),
                new SyslogMessageDecoder(),
                new PaloAltoMessageDecoder(),
                new MyPaloAltoMessageHandler()
            );
          }
        })
        .option(ChannelOption.SO_BACKLOG, 128)          // (5)
        .childOption(ChannelOption.SO_KEEPALIVE, true); // (6)

Subscribe to receive the messages you are interested in.

import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.SimpleChannelInboundHandler;

import java.util.ArrayList;
import java.util.List;

class MyPaloAltoMessageHandler extends SimpleChannelInboundHandler<TrafficLogMessage> {
  

  @Override
  protected void channelRead0(ChannelHandlerContext channelHandlerContext, TrafficLogMessage message) throws Exception {
  
  }
}

TrafficLogMessage

Name	Description	Type
receiveTime	Receive Time	java.util.Date
serialNumber	Serial Number	java.lang.String
type	Type	java.lang.String
threatContentType	Threat/Content Type	java.lang.String
generatedTime	Generated Time	java.util.Date
sourceIp	Source IP	java.lang.String
destinationIp	Destination IP	java.lang.String
natSourceIp	NAT Source IP	java.lang.String
natDestinationIp	NAT Destination IP	java.lang.String
ruleName	Rule Name	java.lang.String
sourceUser	Source User	java.lang.String
destinationUser	Destination User	java.lang.String
application	Application	java.lang.String
virtualSystem	Virtual System	java.lang.String
sourceZone	Source Zone	java.lang.String
destinationZone	Destination Zone	java.lang.String
inboundInterface	Inbound Interface	java.lang.String
outboundInterface	Outbound Interface	java.lang.String
logAction	Log Action	java.lang.String
sessionId	Session ID	java.lang.Long
repeatCount	Repeat Count	java.lang.Long
sourcePort	Source Port	java.lang.Integer
destinationPort	Destination Port	java.lang.Integer
natSourcePort	NAT Source Port	java.lang.Integer
natDestinationPort	NAT Destination Port	java.lang.Integer
flags	Flags	java.lang.Long
protocol	Protocol	java.lang.String
action	Action	java.lang.String
bytes	Bytes	java.lang.Long
bytesSent	Bytes Sent	java.lang.Long
bytesReceived	Bytes Received	java.lang.Long
packets	Packets	java.lang.Long
startTime	Start Time	java.util.Date
elapsedTime	Elapsed Time	java.lang.Long
category	Category	java.lang.String
sequenceNumber	Sequence Number	java.lang.Long
actionFlags	Action Flags	java.lang.String
sourceLocation	Source Location	java.lang.String
destinationLocation	Destination Location	java.lang.String
packetsSent	Packets Sent	java.lang.Long
packetsReceived	Packets Received	java.lang.Long
sessionEndReason	Session End Reason	java.lang.String
deviceGroupHierarchyLevel1	Device Group Hierarchy Level 1	java.lang.String
deviceGroupHierarchyLevel2	Device Group Hierarchy Level 2	java.lang.String
deviceGroupHierarchyLevel3	Device Group Hierarchy Level 3	java.lang.String
deviceGroupHierarchyLevel4	Device Group Hierarchy Level 4	java.lang.String
virtualSystemName	Virtual System Name	java.lang.String
deviceName	Device Name	java.lang.String
actionSource	Action Source	java.lang.String
sourceVmUuid	Source VM UUID	java.lang.String
destinationVmUuid	Destination VM UUID	java.lang.String
tunnelIdImsi	Tunnel ID/IMSI	java.lang.String
monitorTagImei	Monitor Tag/IMEI	java.lang.String
parentSessionId	Parent Session ID	java.lang.String
parentStartTime	Parent Start Time	java.util.Date
tunnelType	Tunnel Type	java.lang.String

ConfigLogMessage

Name	Description	Type
receiveTime	Receive Time	java.util.Date
serialNumber	Serial Number	java.lang.String
type	Type	java.lang.String
subtype	Subtype	java.lang.String
generatedTime	Generated Time	java.util.Date
host	Host	java.lang.String
virtualSystem	Virtual System	java.lang.String
command	Command	java.lang.String
admin	Admin	java.lang.String
client	Client	java.lang.String
result	Result	java.lang.String
configurationPath	Configuration Path	java.lang.String
beforeChangeDetail	Before Change Detail	java.lang.String
afterChangeDetail	After Change Detail	java.lang.String
sequenceNumber	Sequence Number	java.lang.Long
actionFlags	Action Flags	java.lang.String
deviceGroupHierarchyLevel1	Device Group Hierarchy Level 1	java.lang.String
deviceGroupHierarchyLevel2	Device Group Hierarchy Level 2	java.lang.String
deviceGroupHierarchyLevel3	Device Group Hierarchy Level 3	java.lang.String
deviceGroupHierarchyLevel4	Device Group Hierarchy Level 4	java.lang.String
virtualSystemName	Virtual System Name	java.lang.String
deviceName	Device Name	java.lang.String

AuthenticationLogMessage

Name	Description	Type
receiveTime	Receive Time	java.util.Date
serialNumber	Serial Number	java.lang.String
type	Type	java.lang.String
subtype	Subtype	java.lang.String
generatedTime	Generated Time	java.util.Date
host	Host	java.lang.String
virtualSystem	Virtual System	java.lang.String
command	Command	java.lang.String
admin	Admin	java.lang.String
client	Client	java.lang.String
result	Result	java.lang.String
configurationPath	Configuration Path	java.lang.String
beforeChangeDetail	Before Change Detail	java.lang.String
afterChangeDetail	After Change Detail	java.lang.String
sequenceNumber	Sequence Number	java.lang.Long
actionFlags	Action Flags	java.lang.String
deviceGroupHierarchyLevel1	Device Group Hierarchy Level 1	java.lang.String
deviceGroupHierarchyLevel2	Device Group Hierarchy Level 2	java.lang.String
deviceGroupHierarchyLevel3	Device Group Hierarchy Level 3	java.lang.String
deviceGroupHierarchyLevel4	Device Group Hierarchy Level 4	java.lang.String
virtualSystemName	Virtual System Name	java.lang.String
deviceName	Device Name	java.lang.String

ThreatLogMessage

Name	Description	Type
receiveTime	Receive Time	java.util.Date
serialNumber	Serial Number	java.lang.String
type	Type	java.lang.String
threatContentType	Threat/Content Type	java.lang.String
generatedTime	Generated Time	java.util.Date
sourceIp	Source IP	java.lang.String
destinationIp	Destination IP	java.lang.String
natSourceIp	NAT Source IP	java.lang.String
natDestinationIp	NAT Destination IP	java.lang.String
ruleName	Rule Name	java.lang.String
sourceUser	Source User	java.lang.String
destinationUser	Destination User	java.lang.String
application	Application	java.lang.String
virtualSystem	Virtual System	java.lang.String
sourceZone	Source Zone	java.lang.String
destinationZone	Destination Zone	java.lang.String
inboundInterface	Inbound Interface	java.lang.String
outboundInterface	Outbound Interface	java.lang.String
logAction	Log Action	java.lang.String
sessionId	Session ID	java.lang.Long
repeatCount	Repeat Count	java.lang.Long
sourcePort	Source Port	java.lang.Integer
destinationPort	Destination Port	java.lang.Integer
natSourcePort	NAT Source Port	java.lang.Integer
natDestinationPort	NAT Destination Port	java.lang.Integer
flags	Flags	java.lang.Long
protocol	Protocol	java.lang.String
action	Action	java.lang.String
urlFilename	URL/Filename	java.lang.String
threatId	Threat ID	java.lang.String
category	Category	java.lang.String
severity	Severity	java.lang.String
direction	Direction	java.lang.String
sequenceNumber	Sequence Number	java.lang.Long
actionFlags	Action Flags	java.lang.String
sourceLocation	Source Location	java.lang.String
destinationLocation	Destination Location	java.lang.String
contentType	Content Type	java.lang.String
pcapId	PCAP ID	java.lang.String
fileDigest	File Digest	java.lang.String
cloud	Cloud	java.lang.String
urlIndex	URL Index	java.lang.String
userAgent	User Agent	java.lang.String
fileType	File Type	java.lang.String
xForwardedFor	X-Forwarded-For	java.lang.String
referer	Referer	java.lang.String
sender	Sender	java.lang.String
subject	Subject	java.lang.String
recipient	Recipient	java.lang.String
reportId	Report ID	java.lang.String
deviceGroupHierarchyLevel1	Device Group Hierarchy Level 1	java.lang.String
deviceGroupHierarchyLevel2	Device Group Hierarchy Level 2	java.lang.String
deviceGroupHierarchyLevel3	Device Group Hierarchy Level 3	java.lang.String
deviceGroupHierarchyLevel4	Device Group Hierarchy Level 4	java.lang.String
virtualSystemName	Virtual System Name	java.lang.String
deviceName	Device Name	java.lang.String
sourceVmUuid	Source VM UUID	java.lang.String
destinationVmUuid	Destination VM UUID	java.lang.String
httpMethod	HTTP Method	java.lang.String
tunnelIdImsi	Tunnel ID/IMSI	java.lang.String
monitorTagImei	Monitor Tag/IMEI	java.lang.String
parentSessionId	Parent Session ID	java.lang.String
parentStartTime	Parent Start Time	java.util.Date
tunnelType	Tunnel Type	java.lang.String
threatCategory	Threat Category	java.lang.String
contentVersion	Content Version	java.lang.String

UserIdLogMessage

Name	Description	Type
receiveTime	Receive Time	java.util.Date
serialNumber	Serial Number	java.lang.String
type	Type	java.lang.String
threatContentType	Threat/Content Type	java.lang.String
generatedTime	Generated Time	java.util.Date

HipMatchLogMessage

Name	Description	Type
receiveTime	Receive Time	java.util.Date
serialNumber	Serial Number	java.lang.String
type	Type	java.lang.String
generatedTime	Generated Time	java.util.Date
sourceUser	Source User	java.lang.String
virtualSystem	Virtual System	java.lang.String
machineName	Machine Name	java.lang.String
os	OS	java.lang.String
sourceIp	Source IP	java.lang.String
hip	HIP	java.lang.String
repeatCount	Repeat Count	java.lang.Long
hipType	HIP Type	java.lang.String
sequenceNumber	Sequence Number	java.lang.Long
actionFlags	Action Flags	java.lang.String
deviceGroupHierarchyLevel1	Device Group Hierarchy Level 1	java.lang.String
deviceGroupHierarchyLevel2	Device Group Hierarchy Level 2	java.lang.String
deviceGroupHierarchyLevel3	Device Group Hierarchy Level 3	java.lang.String
deviceGroupHierarchyLevel4	Device Group Hierarchy Level 4	java.lang.String
virtualSystemName	Virtual System Name	java.lang.String
deviceName	Device Name	java.lang.String
virtualSystemId	Virtual System ID	java.lang.String
ipv6SourceIp	IPv6 Source Ip	java.lang.String

SystemLogMessage

Name	Description	Type
receiveTime	Receive Time	java.util.Date
serialNumber	Serial Number	java.lang.String
type	Type	java.lang.String
subType	Content/Threat Type	java.lang.String
generatedTime	Generated Time	java.util.Date
virtualSystem	Virtual System	java.lang.String
eventId	Event ID	java.lang.String
object	Object	java.lang.String
module	Module	java.lang.String
severity	Severity	java.lang.String
description	Description	java.lang.String
sequenceNumber	Sequence Number	java.lang.Long
actionFlags	Action Flags	java.lang.String
deviceGroupHierarchyLevel1	Device Group Hierarchy Level 1	java.lang.String
deviceGroupHierarchyLevel2	Device Group Hierarchy Level 2	java.lang.String
deviceGroupHierarchyLevel3	Device Group Hierarchy Level 3	java.lang.String
deviceGroupHierarchyLevel4	Device Group Hierarchy Level 4	java.lang.String
virtualSystemName	Virtual System Name	java.lang.String
deviceName	Device Name	java.lang.String

Versions

Version
0.1.7 Apr 21, 2018
0.1.5 Apr 17, 2018
0.1.4 Apr 10, 2018
0.1.3 Apr 10, 2018
0.1.1 Mar 2, 2018

palo-alto-syslog-parser

License

Categories

GroupId

ArtifactId

Last Version

Release Date

Type

Description

Project URL

Source Code Management