node-log-forwarder/sample-user-scripts/syslog.js at master · fluggo/node-log-forwarder · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
'use strict';

const crypto = require('crypto');
const d3 = require('d3');
const grok = require('node-grok');
const tz = require('timezone/loaded');

const dateFormat = d3.timeFormat('%Y.%m.%d');

var _lookupCounter = 1;
var _recordFinderBuffer = Buffer.allocUnsafe(2);

function shortenBase64(str) {
  var len = str.length;

  while(len && str[len - 1] === '=')
    len--;

  while(len && str[len - 1] === 'A')
    len--;

  return str.substr(0, len);
}

function makeRecordFinder() {
  if(++_lookupCounter >= 65535)
    _lookupCounter = 1;

  _recordFinderBuffer.writeUInt16LE(_lookupCounter, 0);
  return shortenBase64(_recordFinderBuffer.toString('base64'));
}

function preprocess(ctx, line) {
  return {
    reportingIp: ctx.meta.remoteAddress,
    receivingPort: ctx.meta.localPort,
    receivedTime: ctx.meta.receiveTime,
    eventTime: ctx.meta.receiveTime,
    message: (line instanceof Buffer) ? line.toString('latin1') : line,
    tag: ['raw'],
    recordFinder: makeRecordFinder(),
  };
}

function process(ctx, msg) {
  const buffer = Buffer.allocUnsafe(8);
  buffer.writeUIntLE(new Date(msg.eventTime).getTime(), 0, 8);

  ctx.meta.finderUrl = 'https://localhost/investigator/?sl=' + encodeURIComponent(shortenBase64(buffer.toString('base64')) + '-' + msg.recordFinder);
  ctx.sendElasticsearch('raw-syslog-' + dateFormat(msg.eventTime), 'raw-syslog');

  return { log: msg };
}


/****** IRC ******/

function ellipsify(str, length) {
  if(str.length > length)
    return str.substring(0, length - 3) + '...';

  return str;
}

function ircEscape(str) {
  if(!str)
    return '(unknown)';

  return str.replace(/[\x00-\x1f]/g, ' ');
}

function formatIrc(ctx, msg) {
  return ellipsify(ircEscape(msg.log.message), 250);
}