Giter Site home page Giter Site logo

rust-serde_cef's Introduction

serde_cef

Build Status Latest version Documentation License

CEF is an extensible, text-based format designed to support multiple device types by offerring the most relevant information. Message syntaxes are reduced to work with ESM normalization. Specifically, CEF defines a syntax for log records comprised of a standard header and a variable extension, formatted as key-value pairs.

Sep 19 08:26:10 host CEF:0|Security|threatmanager|1.0|100|worm successfully stopped|10|src=10.0.0.1 dst=2.1.2.2 spt=1232

Quickstart

You can start using it by first adding it to your Cargo.toml:

[dependencies]
serde_derive = "1.0"
serde_cef = "0.1"

Then, create a structure which implement serde::Serialize / serde::Deserialize traits and use the structure as extention in the serde_cef::CefRecord.

extern crate serde_cef;
#[macro_use]
extern crate serde_derive;

use serde_cef::{CefRecord, CefSeverity, CefSignatureId,to_string, from_str};

#[derive(Serialize, Deserialize, Clone, Debug)]
struct Foo {
    a: String,
    b: u64,
}

fn main() {
    let rec = CefRecord {
        headers: None,
        version: 0,
        device_vendor: "Fake".to_string(),
        device_product: "Product".to_string(),
        device_version: "0.1".to_string(),
        signature_id: CefSignatureId::U64(0),
        signature: "Nothing".to_string(),
        severity: CefSeverity::U8(6),
        extensions: Foo { a: "subtest".into(), b: 695217 },
    };
    let as_string = to_string(&rec).unwrap();
    println!("{}", &as_string);
    println!("{:?}", from_str::<Foo>(&as_string).unwrap());
}

Output:

CEF:0|Fake|Product|0.1|0|Nothing|6|a:subtest b:695217
CefRecord { headers: None, version: 0, device_vendor: "Fake", device_product: "Product", device_version: "0.1", signature_id: U64(0), signature: "Nothing", severity: U8(6), extensions: Foo { a: "subtest", b: 695217 } }

Feature ovh-ldp

The feature ovh-ldp allow to suffix fields names to suits to the LDP naming conventions.

In your Cargo.toml, set:

[dependencies]
serde_value_flatten = { version = "0.1", features = ["ovh-ldp"] }

Re-run the previous example, and now the output will be like :

CEF:0|Fake|Product|0.1|0|Nothing|6|a:subtest b_double:695217

License: BSD-3-Clause

rust-serde_cef's People

Contributors

cdumay avatar

Stargazers

Usairim Isani avatar David Krasnitsky avatar

Watchers

David Krasnitsky avatar avatar

Forkers

stainful dk26 usairimisani

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.