rsigma-runtime 0.8.1

Streaming runtime for rsigma — event sources, sinks, and log processing pipeline
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42

use std::fs::{File, OpenOptions};
use std::io::{BufWriter, Write};
use std::path::Path;

use rsigma_eval::ProcessResult;

use crate::error::RuntimeError;

/// Appends ProcessResult as NDJSON to a file with buffered writes.
pub struct FileSink {
    writer: BufWriter<File>,
}

impl FileSink {
    /// Open (or create) the file at `path` for appending.
    pub fn open(path: &Path) -> Result<Self, RuntimeError> {
        let file = OpenOptions::new().create(true).append(true).open(path)?;
        Ok(FileSink {
            writer: BufWriter::new(file),
        })
    }

    /// Serialize and append a ProcessResult to the file.
    pub fn send(&mut self, result: &ProcessResult) -> Result<(), RuntimeError> {
        if result.detections.is_empty() && result.correlations.is_empty() {
            return Ok(());
        }

        for m in &result.detections {
            let json = serde_json::to_string(m)?;
            writeln!(self.writer, "{json}")?;
        }

        for m in &result.correlations {
            let json = serde_json::to_string(m)?;
            writeln!(self.writer, "{json}")?;
        }

        self.writer.flush()?;
        Ok(())
    }
}