Expand description
Super Speedy Syslog Searcher library, s4lib!
§Introduction
This is the library implementation used by binary program s4. This library is documented in part to have a presence on docs.rs.
The s4lib library was not designed for use outside of program s4, and it was not designed to be an especially user-friendly API.
The term “syslog” within code context is used refers to a file where a text-encoded message has some parsesable datetimestamp. It includes but it not limited to an RFC 5424 compliant message.
The term “log message” is for any type log message, including ad-hoc log messages, formal syslog RFC 5424 messages, fixedstruct entries (acct/lastlog/lastlogx/utmp/utmpx/wtmp/wtmpx), systemd journal messages, evtx entries, and other types of log messages.
§Overview of modules
Broadly, there are definietions of data, under the data
module, and
there
are Readers, under readers
module. Note that the “Reader“s do not
implement the Rust Read
trait; it is merely a general phrase. These are
where this tool’s specific features are implemented.
The printer
module handles printing log messages to standard output,
along with user-passed command-line printing options
(e.g. --color
, --prepend-tz
, etc.).
The [debug
] module is for helper functions and features for debug builds
and testing (it may not appear in these generated docs).
The libload
module is for loading shared
libraries at runtime (e.g. libsystemd.so
to parse journal files).
The common
module is for shared constants, definitions, and helper
functions. There are also sub-module common.rs
specific to that module,
e.g. data/common.rs
.
And finally the driver is under the bin/s4.rs
.
Also see Definitions of data and Sysline
.
Modules§
- Pre-compiled C-bindings using
bindgen
. - Common imports, type aliases, and other globals for s4lib.
- The
data
module is specialized data containers forBlocks
,Line
s,Sysline
s,FixedStruct
,Evtx
, andJournalEntry
s. - Shared library dynamic loaders.
- The
printer
module is for printing user-facing log messages (Sysline
s,FixedStruct
s,Evtx
s, andJournalEntry
s). with various text effects (color, underline, etc.) and per-line prepended data (datetime, file name, etc.). - “Readers” for s4lib.
Macros§
- Declare a
DateTimeParseInstr
tuple more easily. d
ebuge
println! anerr
ord
ebuge
println! anwarn
inge
println! anerr
ore
println! awarn
ing