package Security::Monitoring::Logs::Normalization::Parser; use 5.006; use strict; use warnings; use Carp; use Security::Monitoring::Utils; =head1 NAME Normalization::Parser =head1 VERSION Version 0.01 =cut our $VERSION = '0.01'; =head1 SYNOPSIS my %params = { regex=>'single quoted string regex to be evalued', name=>"my_parser_name", tag=>"log_type_or_anything", callback_ref=>'string containing a sub that will be called whenever matching does or does not happen,like writing to a file handle' } my $instance = $class->init(\%params); open my $fh, '<','to_be_parsed.log'; $instance->parse($fh); the callback ref should use one input and one output, see tests for examples =head1 DESCRIPTION this module provides a class for the parser instance that will be in charge of normalizing each logs and store the metadata =head1 SUBROUTINES/METHODS =head2 new instance creator =cut sub new { my $class = shift; my $params = shift; if (!defined($params)){ croak("params are not defined!\n"); } my $self = {}; bless $self,$class; $self->_init($params); return $self; } =head2 _init instance initialisation subroutine =cut sub _init{ my $self = shift; my $params = shift; #makes code from the callback string my $callback = eval $params->{callback_ref}; $params->{callback_ref} = $callback; my @keys = keys %{$params}; foreach my $key (@keys){ $self->{$key} = $params->{$key}; } } =head2 parse starts parsing from a file handle ref =cut sub parse{ my ($self,$input,$output) = @_; if (!defined($self->{regex})|| !defined($input) || !defined($output)|| !defined($self->{callback_ref})){ croak "sorry, my caller must have a defined regex and my input and output have to be defined, the caller callback has to be too"; } else{ my $reghash_ref = $self->{regex}; while(<$input>){ my $line = $_; my $result = undef; eval '$result = $line =~ '.$self->{regex}; $self->{callback_ref}($result,$line,$output); } } } 1; # End of Security::Monitoring::Logs::Normalization::Parser