parserfilter
The main orcestrator is lib/parser.pm. To set things in motion, you use this module, then initialize it with ->new(configuration file). This causes the parser module to load all modules listed in the configuration file in the order they are specified. Each module is a .pm file with the same name as the module specified in the configuration file.
module
The modules must define a package following the same system; My::parser::package_name
The modules must define the following subs:
- new
Arguments
- class
- config
Resulting self-> attributes
- {'config'}
- {'parser'}
The parser is commonly the output of the modules_parser->new()
Returns $self
- parse
No arguments
Responsible to fetch whatever it wants to parse
Must return a dict:
-
reval => 0 if nothing interesting, or
-
retval => 1, retmsg => 'Any text you want the main module to know', lines => array of returns from the parser (See module_parser)
-
fetch
A function that returns a line of text for the parser to parse from any source, via any method you desire. Should return 0 if there was no pending line.
module_parser
A module responsible for parsing a line of text to a dictionary containing the following entries:
-
retval: 1 for match, 0 if no match.
main program will print what your parser said about this from the key 'retmsg'
-
retmsg: whatever text you think makes sense putting in the logs regarding the line you just parsed
-
hostile: 0 if not, 1 if it is.
-
host: IP4 representation of a host that did something. Only required if hostile is 1