def parse_line(self, line, report):
if line.startswith('#') or len(line) == 0:
self.tempdata.append(line)
else:
event = Event(report)
line_contents = line.split('|')
feed_name = line_contents[-1].strip()
file_format = FILE_FORMATS.get(feed_name) or FILE_FORMATS['_default']
if len(line_contents) != len(file_format) + 1:
raise ValueError(f'Incorrect format for feed {event.get("feed.url")}, found line: "{line}"')
if feed_name not in CATEGORY:
raise ValueError(f'Unknown data feed {feed_name}.')
event.update(CATEGORY[feed_name])
for field, (field_name, converter) in zip(line_contents, file_format):
value = converter(field.strip())
if value is not None:
event.add(field_name, value)
event.add('raw', line)
yield event
def parse_line(self, line, report):
if line.startswith('#') or len(line) == 0:
self.tempdata.append(line)
else:
value = line.split('|')
event = Event(report)
event.add('time.source', value[3].strip() + '+00:00')
if value[0].strip() != 'NA':
event.add('source.asn', value[0].strip())
if value[1].strip() != 'NA':
event.add('source.as_name', value[1].split()[0])
event.add('source.ip', value[2].strip())
if value[4].strip() in DataplaneParserBot.CATEGORY:
event.update(DataplaneParserBot.CATEGORY[value[4].strip()])
else:
raise ValueError('Unknown data feed %r.' % value[4].strip())
event.add('raw', line)
yield event
def parse_line(self, line, report):
if line.startswith('#') or len(line) == 0:
self.tempdata.append(line)
else:
value = line.split('|')
event = Event(report)
event.add('time.source', value[3].strip() + '+00:00')
if value[0].strip() != 'NA':
event.add('source.asn', value[0].strip())
if value[1].strip() != 'NA':
event.add('source.as_name', value[1].split()[0])
event.add('source.ip', value[2].strip())
if value[4].strip() in DataplaneParserBot.CATEGORY:
event.update(DataplaneParserBot.CATEGORY[value[4].strip()])
else:
raise ValueError('Unknown data feed %r.' % value[4].strip())
event.add('raw', line)
yield event
def parse_line(self, line, report):
if line.startswith('#') or len(line) == 0:
self.tempdata.append(line)
else:
event = Event(report)
line_contents = line.split('|')
if len(line_contents) != len(self.FILE_FORMAT) + 1:
raise ValueError('Incorrect format for feed {}, found line: "{}"'.format(event.get('feed.url'), line))
if line_contents[-1].strip() in self.CATEGORY:
event.update(self.CATEGORY[line_contents[-1].strip()])
else:
raise ValueError('Unknown data feed {}.'.format(line_contents[-1].strip()))
for field, setter in zip(line_contents, self.FILE_FORMAT):
value = setter[1](field.strip())
if value is not None:
event.add(setter[0], value)
event.add('raw', line)
yield event
