++ed by:
UNUSEDPHD

1 PAUSE user

Johanna Amann
and 1 contributors

NAME

Bro::Log::Parse - Object-oriented Perl interface for parsing Bro log files

SYNOPSIS

  use Bro::Log::Parse;
  
  my $parse = Bro::Log::Parse->new('/path/to/logfile');
  while ( $fields = $parse->getLine() ) {
    print $fields->{ts}."\n";
  }

ABSTRACT

Perl interface for parsing Bro logfiles

DESCRIPTION

This library provides an easy and convenient way to parse the log files generated by the Bro Network Monitoring System.

If the JSON module is installed, this module can also be used to parse Bro log files that were written in JSON format.

Constructor

The base constructor for Bro::Log::Parse classes is called new. There are several different ways of calling the constructor, depending on the options you want to set. In a nutshell, one can either pass no argument (data is read from <>); a string argument, which is interpreted as a file name; a file handle which is used to read data from; or an array reference that can use all of these options and set a few more parameter.

new()

The first invocation of the base constructor for Bro::Log::Parse. No argument is passed. The resulting class reads Bro log data from <>.

new('/path/to/file')

Passing a string to the constructor for Bro::Log::Parse will read Bro log data from the file pointed to. If the file pointed to does not exist or cannot be opened, a fatal error is raised.

new($fh)

Passing a file handle to the constructor for Bro::Log::Parse will read Bro log data from the filehandle.

new({ option => value })

Pass a hashref of options to the constructor for Bro::log::Parse. Options that can be given (in descending order of importance):

fh

Filehandle to be used as data source.

file

Name of file to be used as data source.

diamond

Boolean; if set to true, data is read from <>, if no other data source is given.

empty_as_undef

Boolean; if set to true, getLine() will return empty columns as undef instead of as empty arrayrefs.

FUNCTIONS

getLine()

Read the the line of the input and return the parsed data as a hash. Returns undef when on EOF.

fh()

Return the filehandle data is read from. Returns undef if data is read from <>.

file()

Return the filename data is read from. Returns undef if no filename was given in constructor.

line()

Value of the last line that was read; undef if no line was read yet.

headers()

Hash reference of all headers that were read. Contains, for example, open, fields, types, etc.

headerlines()

Arrayref of all header lines that were read in order.

fields()

Arrayref of all fields present in the input file.

AUTHOR

Johanna Amann, <johanna@icir.org>

COPYRIGHT AND LICENSE

Copyright 2014 by Johanna Amann This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.