Skip to content

Commit

Permalink
Add support for generating a log message to stdout (#19)
Browse files Browse the repository at this point in the history 
* add support for generating a log message to stdout

* update README
  • Loading branch information
@pcktdmp
pcktdmp authored Mar 11, 2020
1 parent 5c44995 commit d6f2877
Show file tree
Hide file tree
Showing 3 changed files with 57 additions and 0 deletions.
14 changes: 14 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,13 @@ func main() {

fmt.Println(event)

// send a CEF event as log message to stdout
event.Log()

// or if you want to do error handling when
// sending the log
_, err := event.Log()

}

```
Expand All @@ -54,6 +61,13 @@ $ ./cef
CEF:0|Cool Vendor|Cool Product|1.0|FLAKY_EVENT|Something flaky happened.|3|sourceAddress=127.0.0.1 requestClientApplication=Go-http-client/1.1
```

### Example log output

```bash
$ ./ceflog
2020/03/11 21:49:45 CEF:0|Cool Vendor|Cool Product|1.0|FLAKY_EVENT|Something flaky happened.|3|sourceAddress=127.0.0.1 requestClientApplication=Go-http-client/1.1
```

## Not yet implemented

* Field limits according to format standard for [known](https://community.microfocus.com/t5/ArcSight-Connectors/ArcSight-Common-Event-Format-CEF-Implementation-Standard/ta-p/1645557?attachment-id=68077) CEF fields
23 changes: 23 additions & 0 deletions cefevent/cefevent.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,16 @@ package cefevent
import (
"errors"
"fmt"
"log"
"os"
"reflect"
"strings"
)

type CefEventer interface {
Generate() (string, error)
Validate() bool
Log() (bool, error)
}

type CefEvent struct {
Expand Down Expand Up @@ -74,6 +77,26 @@ func (event *CefEvent) Validate() bool {

}

// Log should be used as a stub in most cases, it either
// succeeds generating the CEF event and send it to stdout
// or doesnt and logs that to stderr. This function
// plays well inside containers.
func (event *CefEvent) Log() (bool, error) {

logMessage, err := event.Generate()

if err != nil {
log.SetOutput(os.Stderr)
errMsg := "Unable to generate and thereby log the CEF message."
log.Println(errMsg)
return false, errors.New(errMsg)
}

log.SetOutput(os.Stdout)
log.Println(logMessage)
return true, nil
}

func (event CefEvent) Generate() (string, error) {

if !CefEventer.Validate(&event) {
Expand Down
20 changes: 20 additions & 0 deletions cefevent_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -143,3 +143,23 @@ func TestCefEventerValidate(t *testing.T) {
t.Errorf("Validation should fail here.")
}
}

func TestCefEventerLoggingSuccess(t *testing.T) {

_, err := event.Log()

if err != nil {
t.Errorf("%v", err)
}
}

func TestCefEventerLoggingFail(t *testing.T) {

brokenEvent := event
brokenEvent.Version = ""
_, err := brokenEvent.Log()

if err == nil {
t.Errorf("%v", err)
}
}

0 comments on commit d6f2877

Please sign in to comment.