Expand description
Input format adapters for the rsigma runtime.
Each adapter parses a raw log line into a typed EventInputDecoded that
implements rsigma_eval::Event. The InputFormat enum selects which
adapter to use, and parse_line is the main dispatch function.
Always-on formats: JSON/GELF, syslog (RFC 3164/5424), plain text, auto-detect.
Feature-gated formats: logfmt (logfmt), CEF (cef).
Structs§
- Syslog
Config - Configuration for the syslog adapter.
Enums§
- Event
Input Decoded - A decoded event ready for Sigma rule evaluation.
- Input
Format - Selects which input format adapter to use for raw log lines.
Functions§
- auto_
detect - Auto-detect the format of a single line and parse it.
- parse_
json - Parse a line as JSON. Returns
Noneon parse failure. - parse_
line - Parse a raw log line using the specified format.
- parse_
plain - Wrap a raw line as a plain text event.
- parse_
syslog - Parse a syslog line into an event.