eris-0.005 - Eris is the Greek Goddess of Chaos - metacpan.org

Changes for version 0.005

Change: a4aa7aa00b3bb87e3a11f1e40fc1bd2d1d949688 Author: Brad Lhotsky <brad@divisionbyzero.net> Date : 2017-12-04 00:10:58 +0000
- Release version 0.005
- Update documentaiton to demonstrate enabling the debug dictionary in the syslog schema.
Change: 537771e0cbd49dea95f9f2d8358cfa7275d5a260 Author: Brad Lhotsky <brad@divisionbyzero.net> Date : 2017-11-24 11:15:46 +0000
- Correct the shebang line for install
Change: b2090fc15bdee9533c4732afbbc73c74114051cf Author: Brad Lhotsky <brad@divisionbyzero.net> Date : 2017-11-24 09:34:31 +0000
- Use auto-detection of MinimumPerl
- I incorrectly set the minimum Perl version. Removing this hard-coded config detects the correct minimum Perl version.

Documentation

eris-context.pl

Utility for testing the logging contextualizer

eris-eris-client.pl

Simple wrapper to spawn workers for handling syslog stream

eris-es-indexer.pl

Sample implementation using the eris toolkit to index data to elasticsearch

eris-field-lookup.pl

Utility for testing the logging contextualizer

eris-stdin-listener.pl

Simple wrapper to spawn workers for handling syslog stream

Modules

eris

Eris is the Greek Goddess of Chaos

eris::dictionary

Field dictionary loader

eris::dictionary::cee

Contains fields in the Common Event Expression syntax

eris::dictionary::eris

Contains fields eris adds to events

eris::dictionary::eris::debug

Debugging data in the event

eris::dictionary::syslog

Contains fields extracted from syslog messages

Structured log or event object implementation

eris::log::context::GeoIP

Apply MaxMind GeoIPv2 Data to events

eris::log::context::attacks::url

Inspects URL's for common attack patterns

eris::log::context::crond

Parse crond messages to structured data

eris::log::context::dhcpd

Parses dhcpd messages into structured data.

eris::log::context::pfSense::filterlog

Parse the pfsense filterlog

eris::log::context::postfix

Parses postfix messages into structured data

eris::log::context::snort

Parses the Snort and Suricata alert logs

eris::log::context::sshd

Parse sshd logs into structured data

eris::log::context::static

Add static keys/values to every message

eris::log::context::sudo

Parses the sudo key=value pairs into structured documents

eris::log::context::yum

Parse the yum syslog output into structured data

eris::log::contexts

Discovery and access for context objects

eris::log::contextualizer

Primary interface to the eris log parsing library

eris::log::decoder::json

Decodes any detected JSON in a log line from then opening curly brace

eris::log::decoder::syslog

Parse the syslog headers using Parse::Syslog::Line

eris::log::decoders

Discovery and access for decoders

eris::role::context

Role for implementing a log context

eris::role::decoder

Role for implementing decoders

eris::role::dictionary

Interface for implementing a dictionary object

eris::role::dictionary::hash

Simple dictionary implementation based off a hash

eris::role::pluggable

Implements the plumbing for an object to support plugins

eris::role::plugin

Common interface for implementing an eris plugin

eris::role::schema

Role for implementing a schema

eris::schema::syslog

Schema for the syslog data

Discovery and access for schemas

Examples

example.log

Other files

To install eris, copy and paste the appropriate command in to your terminal.

cpanm eris

perl -MCPAN -e shell
install eris

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)