Skip to main content

Module input

rsigma_runtime

Module input 

Source
Expand description

Input format adapters for the rsigma runtime.

Each adapter parses a raw log line into a typed EventInputDecoded that implements rsigma_eval::Event. The InputFormat enum selects which adapter to use, and parse_line is the main dispatch function.

Always-on formats: JSON/GELF, syslog (RFC 3164/5424), plain text, auto-detect. Feature-gated formats: logfmt (logfmt), CEF (cef).

Structs§

SyslogConfig
Configuration for the syslog adapter.

Enums§

EventInputDecoded
A decoded event ready for Sigma rule evaluation.
InputFormat
Selects which input format adapter to use for raw log lines.

Functions§

auto_detect
Auto-detect the format of a single line and parse it.
parse_json
Parse a line as JSON. Returns None on parse failure.
parse_line
Parse a raw log line using the specified format.
parse_plain
Wrap a raw line as a plain text event.
parse_syslog
Parse a syslog line into an event.