NAME

Bro::Log::Parse - Object-oriented Perl interface for parsing Bro log files

SYNOPSIS

  use Bro::Log::Parse;
  
  my $parse = Bro::Log::Parse->new('/path/to/logfile');
  while ( $fields = $parse->getLine() ) {
    print $fields->{ts}."\n";
  }

ABSTRACT

Perl interface for parsing Bro logfiles

DESCRIPTION

This library provides an easy and convenient way to parse the log files generated by the Bro Network Monitoring System.

Constructor

The base constructor for Bro::Log::Parse classes is called new. There are several different ways of calling the constructor, depending on the options you want to set. In a nutshell, one can either pass no argument (data is read from <>); a string argument, which is interpreted as a file name; a file handle which is used to read data from; or an array reference that can use all of these options and set a few more parameter.

new()

The first invocation of the base constructor for Bro::Log::Parse. No argument is passed. The resulting class reads Bro log data from <>.

new('/path/to/file')

Passing a string to the constructor for Bro::Log::Parse will read Bro log data from the file pointed to. If the file pointed to does not exist or cannot be opened, a fatal error is raised.

new($fh)

Passing a file handle to the constructor for Bro::Log::Parse will read Bro log data from the filehandle.

new({ option => value })

Pass a hashref of options to the constructor for Bro::log::Parse. Options that can be given (in descending order of importance):

fh: Filehandle to be used as data source.
file: Name of file to be used as data source.
diamond: Boolean; if set to true, data is read from <>, if no other data source is given.
line Value of the last line that was read; undef if no line was read yet.
headers Arrayref of all header lines that were read.

FUNCTIONS

getLine(): Read the the line of the input and return the parsed data as a hash. Returns undef when on EOF.
fh(): Return the filehandle data is read from. Returns undef if data is read from <>.
file(): Return the filename data is read from. Returns undef if no filename was given in constructor.

AUTHOR

Johanna Amann, <johanna@icir.org>

COPYRIGHT AND LICENSE

To install Bro::Log::Parse, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Bro::Log::Parse

CPAN shell

perl -MCPAN -e shell
install Bro::Log::Parse

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)