Test Parser

HTTP Request

POST /api/sonar/parsers/:code/test
Request using cURL
curl -H "Authorization: Bearer <API_KEY>" \
     -d line="<36>[SNIPER-2000] [Attack_Name=(0023)UDP Check Sum Error], [Time=2013/05/14 14:32:05], [Hacker=130.1.254.133], [Victim=130.1.213.10], [Protocol=udp/514], [Risk=Medium], [Handling=Alarm], [Information=], [SrcPort=514]" \
     -X POST \
     https://HOSTNAME/api/sonar/parsers/sniper/test
Request Parameters
KeyRequiredTypeDescriptionNote
codeOStringParser code
lineOStringTarget test string

Success Response

Below is the result of parsing the SNIPER IPS log as in the cURL example.

{
    "rows": [
        {
            "time": "2013-05-14 14:32:05+0900",
            "risk": "MEDIUM",
            "category": null,
            "host_name": "SNIPER-2000",
            "src_ip": "130.1.254.133",
            "src_port": 514,
            "dst_ip": "130.1.213.10"
            "dst_port": 514,
            "protocol": "UDP",
            "hack_code": "0023",
            "signature": "(0023)UDP Check Sum Error",
            "action": "DETECT",
        }
    ]
}
  • rows (Array): List of parsing result records. Field and value configuration depends on parser setting.

Error Responses

Parser is not found
{
  "error_code": "illegal-state",
  "error_msg": "parser profile not found: unknown"
}
Parsing failed

If the parsing fails, it returns the original data as is in the line field.

{
  "rows": [
    {
      "line": "Hello world,"
    }
  ]
}