Skip to content
/ yangtze Public

Watch for text pattern using tokens and radix tree.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

athoune/yangtze

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

126 Commits
index
index
 
 
pattern
pattern
 
 
serialize
serialize
 
 
set
set
 
 
store
store
 
 
token
token
 
 
.drone.yml
.drone.yml
 
 
.gitignore
.gitignore
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
SECURITY.md
SECURITY.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

Yangtze (长江 Yángzǐ Jiāng)

Build Status

Watch for text pattern using tokens and radix tree.

Yangtze target is filtering massive flow of logs.

Syntax

The pattern syntax is crude. The line is split on tokens. Tokens contain letter, digit, _ and -, all other things disapear.

The pattern syntax use specific tokens.

  • . one token
  • ? zero or one token
  • ... one or more tokens

Example

One boring example from my /var/log/auth.log :

Mar  7 17:51:50 sd-127470 sshd[12455]: Failed password for invalid user cron from 51.15.72.126 port 59758 ssh2
Mar  7 17:51:33 sd-127470 sshd[12453]: Failed password for root from 182.100.67.129 port 58472 ssh2

The pattern should be :

Failed password for ... from ... port . ssh2

API

idx, err := index.NewSimpleIndex()
err = i.AddPatternBytes([]byte("Failed password for ... from ... port . ssh2"))
_, ok := i.ReadLine([]byte("Mar  7 17:51:50 sd-127470 sshd[12455]: Failed password for invalid user cron from 51.15.72.126 port 59758 ssh2"))

Licence

3 terms BSD licence, ©2017 Mathieu Lecarme

About

Watch for text pattern using tokens and radix tree.

Topics

logging golang-library

Resources

Readme

Security policy

Security policy
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages