Test Parser

HTTP Request

POST /api/sonar/parsers/:code/test
Request using cURL
curl -H "Authorization: Bearer <API_KEY>" \
     -d line="<36>[SNIPER-2000] [Attack_Name=(0023)UDP Check Sum Error], [Time=2013/05/14 14:32:05], [Hacker=], [Victim=], [Protocol=udp/514], [Risk=Medium], [Handling=Alarm], [Information=], [SrcPort=514]" \
     -X POST \
Request Parameters
codeOStringParser code
lineOStringTarget test string

Success Response

Below is the result of parsing the SNIPER IPS log as in the cURL example.

    "rows": [
            "time": "2013-05-14 14:32:05+0900",
            "risk": "MEDIUM",
            "category": null,
            "host_name": "SNIPER-2000",
            "src_ip": "",
            "src_port": 514,
            "dst_ip": ""
            "dst_port": 514,
            "protocol": "UDP",
            "hack_code": "0023",
            "signature": "(0023)UDP Check Sum Error",
            "action": "DETECT",
  • rows (Array): List of parsing result records. Field and value configuration depends on parser setting.

Error Responses

Parser is not found
  "error_code": "illegal-state",
  "error_msg": "parser profile not found: unknown"
Parsing failed

If the parsing fails, it returns the original data as is in the line field.

  "rows": [
      "line": "Hello world,"