senpa 0.1.1

A library to parse OPNsense firewall logs
Documentation
  • Coverage
  • 16.67%
    15 out of 90 items documented3 out of 23 items with examples
  • Size
  • Source code size: 36.76 kB This is the summed size of all the files inside the crates.io package for this release.
  • Documentation size: 7.15 MB This is the summed size of all files generated by rustdoc for all configured targets
  • Ø build duration
  • this release: 18s Average build duration of successful builds.
  • all releases: 17s Average build duration of successful builds in releases after 2024-10-23.
  • Links
  • vivi202/senpa
    0 0 0
  • crates.io
  • Dependencies
  • Versions
  • Owners
  • vivi202

Senpa

Senpa is a parser for OPNsense firewall logs(maybe it also work for pfsense).
it's based on this grammar specification.

Features

The serde feature adds Serde Serialize and Deserialize traits to Log.

How to parse a log?

    use senpa::prelude::*;

    let log= "96,,,fae559338f65e11c53669fc3642c93c2,vlan0.20,match,pass,out,\
    4,0x0,,127,61633,0,DF,6,tcp,\
    52,192.168.10.15,192.168.20.14,\
    52461,9100,0,S,3442468761,,64240,,mss;nop;wscale;nop;nop;sackOK";
    
    match parse_log(log){
        Ok(parsed_log) => {
            println!("# LOG #");
            println!("rule number: {} ",parsed_log.packet_filter.rule_info.number);
            assert_eq!(96,parsed_log.packet_filter.rule_info.number);

            println!("rule label: {} ",&parsed_log.packet_filter.rule_info.label);
            assert_eq!("fae559338f65e11c53669fc3642c93c2",&parsed_log.packet_filter.rule_info.label);

            match &parsed_log.packet_filter.action {
                Pass => println!("Action: Pass"),
                Block => println!("Action: Block"),
                Reject => println!("Action: Reject"),
            }
            assert_eq!(Pass,parsed_log.packet_filter.action);

            match &parsed_log.protocol.name {
                Tcp => println!("Proto: tcp"),
                Udp => println!("Proto: udp"),
                Other(other) => println!("Proto: {}",other),
            }
            assert_eq!(Tcp,parsed_log.protocol.name);

            match &parsed_log.proto_info {
                UdpInfo(udp_info) => println!("ProtoInfo:{:#?}",udp_info),
                TcpInfo(tcp_info) => println!("ProtoInfo:{:#?}",tcp_info),
                UnknownInfo(unknown) => println!("ProtoInfo: {}",unknown),
            }
            assert!(matches!(parsed_log.proto_info,TcpInfo(_)));
            
        }
        Err(e) => {
            println!("{}",e);
        }
    }

Todos

  • Add CARP support.