Examples with MappedMessage org.graylog.plugins.cef.parser.MappedMessage used on opensource projects
Example 6 with MappedMessage
use of org.graylog.plugins.cef.parser.MappedMessage in project graylog2-server by Graylog2.
the class CEFCodec method decodeCEF.
protected Message decodeCEF(@Nonnull RawMessage rawMessage, String s) {
try {
final MappedMessage cef = new MappedMessage(parser.parse(s, timezone.toTimeZone(), locale), useFullNames);
// Build standard message.
Message result = new Message(buildMessageSummary(cef), decideSource(cef, rawMessage), new DateTime(cef.timestamp()));
// Add all extensions.
result.addFields(cef.mappedExtensions());
// Add standard CEF fields.
result.addField("device_vendor", cef.deviceVendor());
result.addField("device_product", cef.deviceProduct());
result.addField("device_version", cef.deviceVersion());
result.addField("event_class_id", cef.deviceEventClassId());
result.addField("name", cef.name());
result.addField("severity", cef.severity());
return result;
} catch (Exception e) {
throw new RuntimeException("Could not decode CEF message.", e);
}
}
Also used :
MappedMessage(org.graylog.plugins.cef.parser.MappedMessage)
RawMessage(org.graylog2.plugin.journal.RawMessage)
Message(org.graylog2.plugin.Message)
MappedMessage(org.graylog.plugins.cef.parser.MappedMessage)
DateTime(org.joda.time.DateTime)
Aggregations
MappedMessage (org.graylog.plugins.cef.parser.MappedMessage)6
RawMessage (org.graylog2.plugin.journal.RawMessage)5
InetSocketAddress (java.net.InetSocketAddress)4
Test (org.junit.Test)4
Timer (com.codahale.metrics.Timer)1
CEFParser (com.github.jcustenborder.cef.CEFParser)1
HashMap (java.util.HashMap)1
Message (org.graylog2.plugin.Message)1
DateTime (org.joda.time.DateTime)1
