view release on metacpan or  search on metacpan

lib/App/Spoor/AccessEntryParser.pm  view on Meta::CPAN

=item * type: This is hardcoded to 'access'

=item * event: This is hardcoded to 'unrecognised'.

=back

=cut

sub parse {
  use DateTime::Format::Strptime;
  use URI::Escape qw( uri_unescape );

  my $log_entry = shift; 
  my $level;
  my $event;
  my $status;
  my $forward_recipient;
  my %result;
  my $date_parser = DateTime::Format::Strptime->new(pattern => '%m/%d/%Y:%H:%M:%S %z', on_error => 'croak');

  if ($log_entry =~ /
    \A
    (?<ip>\S+)\s
    -\s
    (?<username>.+)\s
    \[(?<timestamp>[^\]]+)\]\s
    "(?<http_request>[^"]+)"\s
    (?<response_code>\d{3})\s
  /x) {
    my $log_time = $date_parser->parse_datetime($+{timestamp})->epoch();
    my $credential = uri_unescape($+{username});
    my $ip = $+{ip};
    my $http_request = $+{http_request};
    my $response_code = $+{response_code};

    if ($credential =~ /@/) {
      $level = 'mailbox';
    } else {
      $level = 'unrecognised';
    }

lib/App/Spoor/AccessEntryParser.pm  view on Meta::CPAN

      $status = 'failed';
    }

    if ($credential =~ /@/ && $http_request =~ /\APOST.+doaddfwd.html/) {
      $event = 'forward_added_partial_ip';
    } elsif (
      $credential =~ /@/ &&
      $http_request =~ /\AGET.+dodelfwd.html\?.*emaildest=(?<forward_recipient>[^\s?]+)/
    ) {
      $event = 'forward_removed';
      $forward_recipient = uri_unescape($+{forward_recipient});
    } else {
      $event = 'unrecognised';
    }

    %result = (
      type => 'access',
      log_time => $log_time,
      event => $event,
      ip => $ip,
      credential => $credential,