Deprecated.
NAME
Bro::Log::Parse - Object-oriented Perl interface for parsing Bro log files
DEPRECATION
This module is deprecated. Please use Zeek::Log::Parse instead. New features will only be added there.
SYNOPSIS
use Bro::Log::Parse;
my $parse = Bro::Log::Parse->new('/path/to/logfile');
while ( $fields = $parse->getLine() ) {
print $fields->{ts}."\n";
}
ABSTRACT
Perl interface for parsing Bro logfiles
DESCRIPTION
This library provides an easy and convenient way to parse the log files generated by the Bro Network Monitoring System.
If the JSON module is installed, this module can also be used to parse Bro log files that were written in JSON format.
Constructor
The base constructor for Bro::Log::Parse classes is called new. There are several different ways of calling the constructor, depending on the options you want to set. In a nutshell, one can either pass no argument (data is read from <>
); a string argument, which is interpreted as a file name; a file handle which is used to read data from; or an array reference that can use all of these options and set a few more parameter.
- new()
-
The first invocation of the base constructor for Bro::Log::Parse. No argument is passed. The resulting class reads Bro log data from
<>
. - new('/path/to/file')
-
Passing a string to the constructor for Bro::Log::Parse will read Bro log data from the file pointed to. If the file pointed to does not exist or cannot be opened, a fatal error is raised.
- new($fh)
-
Passing a file handle to the constructor for Bro::Log::Parse will read Bro log data from the filehandle.
- new({ option => value })
-
Pass a hashref of options to the constructor for Bro::log::Parse. Options that can be given (in descending order of importance):
- fh
-
Filehandle to be used as data source.
- file
-
Name of file to be used as data source.
- diamond
-
Boolean; if set to true, data is read from
<>
, if no other data source is given. - empty_as_undef
-
Boolean; if set to true,
getLine()
will return empty columns as undef instead of as empty arrayrefs.
FUNCTIONS
- getLine()
-
Read the the line of the input and return the parsed data as a hash. Returns undef when on EOF.
- fh()
-
Return the filehandle data is read from. Returns undef if data is read from
<>
. - file()
-
Return the filename data is read from. Returns undef if no filename was given in constructor.
- line()
-
Value of the last line that was read; undef if no line was read yet.
- headers()
-
Hash reference of all headers that were read. Contains, for example, open, fields, types, etc.
- headerlines()
-
Arrayref of all header lines that were read in order.
- fields()
-
Arrayref of all fields present in the input file.
AUTHOR
Johanna Amann, <johanna@icir.org>
COPYRIGHT AND LICENSE
Copyright 2014 by Johanna Amann This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.