The purpose of this repository is to consolidate the log source knowledge capital that exceeds or expands upon what is natively supported in the product.
These parsers have been migrated to Community under Shareables > Parsers
Never, for any reason, ever, should anyone commit a change directly against the master branch.
- Create a development branch off of the master branch (see naming convention standards)
- Clone your new development branch to your local system
- Make the desired changes/additions
- Commit those changes (see commit standards)
- Push those changes to origin
- Create a Pull Request to pull your changes into master
- A user with write privileges will need to review the proposed changes and merge the commit
- At this point your development branch changes are all in master, but changes from other people will not be reflected in your dev branch. To update your dev branch to match master, in GitHub Desktop, go to the Repository menu and select Update From Default Branch
- Naming Convention
No file or directory name should ever contain spaces.
- Branches - Last name of the contributor, all lower case (e.g. talley)
- Directories - Lead with a capital letter, followed by camelCase. (e.g. SampleDirectoryName). If the name contains an all-caps acronym like 'VPN' or 'IDS', that native capitalization should be maintained.
- Files - File name should maintain strict camelCase (e.g. sampleFileName). Even all-caps acronyms should be ignored in favor of camelCase. File names under each log source should contain the log source name in a prefix, followed by an underscore, before describing the individual file (e.g. logSource_fileDescription.re). File names should always contain the appropriate suffix for the file type (e.g. .re, .py, .sh)
- Directory Structure
- Manufacturer (Cisco)
- Device (ASA)
- Collection Format (Syslog) - Optional; use if multiple formats exist
- Device (ASA)
- Manufacturer (Cisco)
- Tabs, not Spaces - Seriously, always tabs
- README - Every directory containing actual code, RegEx, or scripts should have a README.md file to introduce the contents, including any assumptions or known issues. Log sources that were added during the initial import to build this repository will have the 'Original Author' listed in the README; this designation is not required unless the GitHub author is different than the original author.
- Commit Notes
- Summary - WHAT you're changing/adding
- Description - WHY you're making changes/additions
Measure twice, cut once.