feat: Add Be and tbd skill, also added Roadmap file

2026-05-10 16:32:12 -04:00
parent 3500ade13f
commit 0bb8885802
29587 changed files with 10611695 additions and 0 deletions
--- a/Skills/@be/node_modules/@myndzi/glossy/test/decide.js
+++ b/Skills/@be/node_modules/@myndzi/glossy/test/decide.js
@@ -0,0 +1,7 @@
+var syslogParser = require('../lib/glossy/parse.js'),
+          assert = require('assert');
+
+assert.ok(syslogParser, 'parser loaded');
+assert.equal(syslogParser.decideValue(1), "1");
+assert.equal(syslogParser.decideValue('-'), null);
+assert.equal(syslogParser.decideValue('ー'), 'ー');
--- a/Skills/@be/node_modules/@myndzi/glossy/test/decode_pri.js
+++ b/Skills/@be/node_modules/@myndzi/glossy/test/decode_pri.js
@@ -0,0 +1,24 @@
+var syslogParser = require('../lib/glossy/parse.js'),
+          assert = require('assert');
+
+assert.ok(syslogParser, 'parser loaded');
+assert.deepEqual(syslogParser.decodePri('<16>'), {
+    prival: 16,
+    facilityID: 2,
+    severityID: 0,
+    facility: 'mail',
+    severity: 'emerg'
+});
+
+assert.deepEqual(syslogParser.decodePri('<66>1'), {
+    prival: 66,
+    facilityID: 8,
+    severityID: 2,
+    facility: 'uucp',
+    severity: 'crit'
+});
+
+
+assert.equal(syslogParser.decodePri('1<16>'), false);
+assert.equal(syslogParser.decodePri('<200>'), false);
+
--- a/Skills/@be/node_modules/@myndzi/glossy/test/parse_3164.js
+++ b/Skills/@be/node_modules/@myndzi/glossy/test/parse_3164.js
@@ -0,0 +1,104 @@
+var syslogParser = require('../lib/glossy/parse.js'),
+ syslogGenerator = require('../lib/glossy/produce.js'),
+          assert = require('assert');
+
+assert.ok(syslogParser, 'parser loaded');
+
+var gen = new syslogGenerator({type: 'bsd'});
+
+var doubleSpaced = "<13>Feb  5 17:32:18 10.0.0.99 Use the BFG!";
+syslogParser.parse(doubleSpaced, function(parsedMessage){
+    var msg = gen.produce(parsedMessage);
+    assert.equal(doubleSpaced, msg);    
+
+    var expectedData = { 
+        originalMessage: doubleSpaced,
+        prival: 13,
+        facilityID: 1,
+        severityID: 5,
+        facility: 'user',
+        severity: 'notice',
+        type: 'RFC3164',
+        host: '10.0.0.99',
+        message: 'Use the BFG!' };
+
+    delete parsedMessage.date;
+    delete parsedMessage.time;
+    delete parsedMessage.timestamp;
+
+    assert.deepEqual(parsedMessage, expectedData);
+});
+
+var withCommand = "<34>Oct 11 22:14:15 mymachine su: 'su root' failed for lonvick on /dev/pts/8";
+syslogParser.parse(withCommand, function(parsedMessage){
+    var expectedData = {
+        originalMessage: withCommand,
+        prival: 34,
+        facilityID: 4,
+        severityID: 2,
+        facility: 'auth',
+        severity: 'crit',
+        type: 'RFC3164',
+        host: 'mymachine',
+        message: "su: 'su root' failed for lonvick on /dev/pts/8" };
+
+    var parsedDate = parsedMessage.time;
+    delete parsedMessage.time;
+
+    assert.equal(parsedDate.getUTCMonth(), 9);
+    assert.equal(parsedDate.getUTCHours(), 20);
+    assert.deepEqual(parsedMessage, expectedData);
+
+});
+
+var withDifficultTime = "<191>94103: 51w2d: DHCPD: assigned IP address 10.10.1.94 to client 0100.01c4.21d3.b3";
+syslogParser.parse(withDifficultTime, function(parsedMessage){
+    var expectedData = { 
+        originalMessage: withDifficultTime,
+        prival: 191,
+        facilityID: 23,
+        severityID: 7,
+        facility: 'local7',
+        severity: 'debug',
+        type: 'RFC3164',
+        time: undefined,
+        message: '51w2d: DHCPD: assigned IP address 10.10.1.94 to client 0100.01c4.21d3.b3'};
+
+    assert.deepEqual(parsedMessage, expectedData);
+});
+
+var withYear = "<32>Mar 05 2011 22:21:02: %ASA-6-302013: Built inbound TCP connection 401 for outside:123.123.123.123/4413 (123.123.123.123/4413) to net:BOX/25 (BOX/25)";
+syslogParser.parse(withYear, function(parsedMessage){
+    var expectedData = { 
+        originalMessage: withYear,
+        prival: 32,
+        facilityID: 4,
+        severityID: 0,
+        facility: 'auth',
+        severity: 'emerg',
+        type: 'RFC3164',
+        time: undefined,
+        host: '22:21:02:',
+        message: '%ASA-6-302013: Built inbound TCP connection 401 for outside:123.123.123.123/4413 (123.123.123.123/4413) to net:BOX/25 (BOX/25)' };
+
+   assert.deepEqual(parsedMessage, expectedData);
+});
+
+var withSpaces = "<13>Mar 15 11:22:40 myhost.com     0    11,03/15/12,11:22:38,§ó·s,10.10.10.171,,40C6A91373B6,";
+syslogParser.parse(withSpaces, function(parsedMessage){
+    var expectedData = { 
+        originalMessage: withSpaces,
+        prival: 13,
+        facilityID: 1,
+        severityID: 5,
+        facility: 'user',
+        severity: 'notice',
+        type: 'RFC3164',
+        host: 'myhost.com',
+        message: '    0    11,03/15/12,11:22:38,§ó·s,10.10.10.171,,40C6A91373B6,' };
+
+    delete parsedMessage.time;
+    assert.deepEqual(parsedMessage, expectedData);
+
+});
+
--- a/Skills/@be/node_modules/@myndzi/glossy/test/parse_5424.js
+++ b/Skills/@be/node_modules/@myndzi/glossy/test/parse_5424.js
@@ -0,0 +1,106 @@
+var syslogParser = require('../lib/glossy/parse.js'),
+          assert = require('assert');
+
+assert.ok(syslogParser, 'parser loaded');
+var withPrecisionTime = "<165>1 2003-08-24T05:14:15.000003-07:00 192.0.2.1 myproc 8710 - - %% It's time to make the do-nuts.";
+syslogParser.parse(withPrecisionTime, function(parsedMessage){
+    var expectedData = { 
+        originalMessage: withPrecisionTime,
+        prival: 165,
+        facilityID: 20,
+        severityID: 5,
+        facility: 'local4',
+        severity: 'notice',
+        type: 'RFC5424',
+        host: '192.0.2.1',
+        appName: 'myproc',
+        pid: '8710',
+        msgID: null,
+        message: "%% It's time to make the do-nuts." };
+    
+    delete parsedMessage.time;
+    assert.deepEqual(parsedMessage, expectedData);
+
+});
+
+// FIXME 3 minute offset from UTC?!
+var with8601 = "<34>1 2003-10-11T22:14:15.003Z mymachine.example.com su - ID47 - BOM'su root' failed for lonvick on /dev/pts/8";
+syslogParser.parse(with8601, function(parsedMessage){
+    var expectedData = { 
+        originalMessage: with8601,
+        prival: 34,
+        facilityID: 4,
+        severityID: 2,
+        facility: 'auth',
+        severity: 'crit',
+        type: 'RFC5424',
+        time:  new Date('2003-10-11T22:14:15.003Z'),
+        host: 'mymachine.example.com',
+        appName: 'su',
+        pid: null,
+        msgID: 'ID47',
+        message: "BOM'su root' failed for lonvick on /dev/pts/8" };
+    
+    assert.deepEqual(parsedMessage, expectedData);
+});
+
+// FIXME 3 minute offset from UTC?!
+var withSD = '<165>1 2003-10-11T22:14:15.003Z mymachine.example.com evntslog - ID47 [exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"] BOMAn application event log entry...';
+syslogParser.parse(withSD, function(parsedMessage){
+    var expectedData = { 
+        originalMessage: withSD,
+        prival: 165,
+        facilityID: 20,
+        severityID: 5,
+        facility: 'local4',
+        severity: 'notice',
+        type: 'RFC5424',
+        time:  new Date('2003-10-11T22:14:15.003Z'),
+        host: 'mymachine.example.com',
+        appName: 'evntslog',
+        pid: null,
+        msgID: 'ID47',
+        structuredData: { 
+            'exampleSDID@32473': { 
+                iut: '3',
+                eventSource: 'Application',
+                eventID: '1011' 
+            } 
+        }, 
+        message: 'BOMAn application event log entry...' };
+
+    assert.deepEqual(parsedMessage, expectedData);
+});
+
+// FIXME 3 minute offset from UTC?!
+var withDoubleSD =  '<165>1 2003-10-11T22:14:15.003Z mymachine.example.com evntslog - ID47 [exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"][examplePriority@32473 class="high"]';
+syslogParser.parse(withDoubleSD, function(parsedMessage){
+    var expectedStructuredData = { 
+        'exampleSDID@32473': { 
+            iut: '3', 
+            eventSource: 'Application',
+            eventID: '1011' 
+         },
+         'examplePriority@32473': {
+             'class': 'high'
+         }
+    };
+
+    var expectedData = { 
+        originalMessage: withDoubleSD,
+        prival: 165,
+        facilityID: 20,
+        severityID: 5,
+        facility: 'local4',
+        severity: 'notice',
+        type: 'RFC5424',
+        time:  new Date('2003-10-11T22:14:15.003Z'),
+        host: 'mymachine.example.com',
+        appName: 'evntslog',
+        pid: null,
+        msgID: 'ID47',
+        structuredData: expectedStructuredData,  //FIXME Both sets should be there
+        message: '' };
+    assert.deepEqual(parsedMessage, expectedData);
+});
+
--- a/Skills/@be/node_modules/@myndzi/glossy/test/parse_5848.js
+++ b/Skills/@be/node_modules/@myndzi/glossy/test/parse_5848.js
@@ -0,0 +1,40 @@
+var syslogParser = require('../lib/glossy/parse.js'),
+          assert = require('assert');
+
+assert.ok(syslogParser, 'parser loaded');
+
+var fullySigned = '<110>1 2009-05-03T14:00:39.519307+02:00 host.example.org syslogd 2138 - [ssign-cert VER="0111" RSID="1" SG="0" SPRI="0" TPBL="587" INDEX="1" FLEN="587" FRAG="2009-05-03T14:00:39.519005+02:00 K BACsLMZ NCV2NUAwe4RAeAnSQuvv2KS51SnHFAaWJNU2XVDYvW1LjmJgg4vKvQPo3HEOD+2hEkt1zcXADe03u5pmHoWy5FGiyCbglYxJkUJJrQqlTSS6vID9yhsmEnh07w3pOsxmb4qYo0uWQrAAenBweVMlBgV3ZA5IMA8xq8l+i8wCgkWJjCjfLar7s+0X3HVrRroyARv8EAIYoxofh9m N8n821BTTuQnz5hp40d6Z3UudKePu2di5Mx3GFelwnV0Qh5mSs0YkuHJg0mcXyUAoeYry5X6482fUxbm+gOHVmYSDtBmZEB8PTEt8Os8aedWgKEt/E4dT+Hmod4omECLteLXxtScTMgDXyC+bSBMjRRCaeWhHrYYdYBACCWMdTc12hRLJTn8LX99kv1I7qwgieyna8GCJv/rEgC ssS9E1qARM+h19KovIUOhl4VzBw3rK7v8Dlw/CJyYDd5kwSvCwjhO21LiReeS90VPYuZFRC1B82Sub152zOqIcAWsgd4myCCiZbWBsuJ8P0gtarFIpleNacCc6OV3i2Rg==" SIGN="AKAQEUiQptgpd0lKcXbuggGXH/dCdQCgdysrTBLUlbeGAQ4vwrnLOqSL7+c="]';
+
+var fullySignedSD = syslogParser.parseStructure(fullySigned);
+assert.deepEqual(fullySignedSD, { 
+    'ssign-cert': { 
+        VER: '0111',
+        RSID: '1',
+        SG: '0',
+        SPRI: '0',
+        TPBL: '587',
+        INDEX: '1',
+        FLEN: '587',
+        FRAG: '2009-05-03T14:00:39.519005+02:00 K BACsLMZ NCV2NUAwe4RAeAnSQuvv2KS51SnHFAaWJNU2XVDYvW1LjmJgg4vKvQPo3HEOD+2hEkt1zcXADe03u5pmHoWy5FGiyCbglYxJkUJJrQqlTSS6vID9yhsmEnh07w3pOsxmb4qYo0uWQrAAenBweVMlBgV3ZA5IMA8xq8l+i8wCgkWJjCjfLar7s+0X3HVrRroyARv8EAIYoxofh9m N8n821BTTuQnz5hp40d6Z3UudKePu2di5Mx3GFelwnV0Qh5mSs0YkuHJg0mcXyUAoeYry5X6482fUxbm+gOHVmYSDtBmZEB8PTEt8Os8aedWgKEt/E4dT+Hmod4omECLteLXxtScTMgDXyC+bSBMjRRCaeWhHrYYdYBACCWMdTc12hRLJTn8LX99kv1I7qwgieyna8GCJv/rEgC ssS9E1qARM+h19KovIUOhl4VzBw3rK7v8Dlw/CJyYDd5kwSvCwjhO21LiReeS90VPYuZFRC1B82Sub152zOqIcAWsgd4myCCiZbWBsuJ8P0gtarFIpleNacCc6OV3i2Rg==',
+        SIGN: 'AKAQEUiQptgpd0lKcXbuggGXH/dCdQCgdysrTBLUlbeGAQ4vwrnLOqSL7+c=' 
+    } 
+});
+
+assert.deepEqual(syslogParser.parseSignedCertificate(fullySignedSD['ssign-cert']), {
+    version: '01',
+    hashAlgorithm: 1,
+    hashAlgoString: 'SHA1',
+    sigScheme: 1,
+    rebootSessionID: 1,
+    signatureGroup: 0,
+    signaturePriority: 0,
+    totalPayloadLength: 587,
+    payloadIndex: 1,
+    fragmentLength: 587,
+    payloadTimestamp: new Date('2009-05-03T14:00:39.519005+02:00'),
+    payloadType: 'K',
+    payloadName: 'Public Key',
+    keyBlob: new Buffer(fullySignedSD['ssign-cert']['FRAG'].split(/\s/)[2], encoding='base64'),
+    thisSignature:  new Buffer(fullySignedSD['ssign-cert']['SIGN'], encoding='base64')
+});
+
--- a/Skills/@be/node_modules/@myndzi/glossy/test/parse_8601.js
+++ b/Skills/@be/node_modules/@myndzi/glossy/test/parse_8601.js
@@ -0,0 +1,14 @@
+var syslogParser = require('../lib/glossy/parse.js'),
+          assert = require('assert');
+
+assert.ok(syslogParser, 'parser loaded');
+
+assert.deepEqual(
+    syslogParser.parse8601('2011-10-10T14:48:00'), 
+    new Date(Date.parse('2011-10-10T14:48:00'))
+);
+
+assert.equal(
+    syslogParser.parse8601('foo'), 
+    undefined
+);
--- a/Skills/@be/node_modules/@myndzi/glossy/test/parse_rfc3339.js
+++ b/Skills/@be/node_modules/@myndzi/glossy/test/parse_rfc3339.js
@@ -0,0 +1,9 @@
+var syslogParser = require('../lib/glossy/parse.js'),
+          assert = require('assert');
+
+assert.ok(syslogParser, 'parser loaded');
+
+assert.deepEqual(
+    syslogParser.parseRfc3339("1985-04-12T23:20:50.52Z"),
+    new Date(482196050000)
+);
--- a/Skills/@be/node_modules/@myndzi/glossy/test/produce.js
+++ b/Skills/@be/node_modules/@myndzi/glossy/test/produce.js
@@ -0,0 +1,180 @@
+var assert       = require('assert');
+var producer     = require('../lib/glossy/produce.js');
+
+assert.ok(producer, 'producer loaded');
+
+var syslogProducer = new producer();
+assert.ok(syslogProducer, 'new SyslogProducer object created');
+assert.equal(syslogProducer.type, 'RFC5424', 'Syslog Producer set correctly');
+
+var BSDProducer = new producer({ type: 'BSD'});
+assert.ok(BSDProducer, 'new BSDProducer object created');
+assert.equal(BSDProducer.type, 'RFC3164', 'BSD Producer set correctly');
+
+var presetProducer = new producer({
+    type:     'bsd',
+    facility: 'ntp',
+    host:     'localhost',
+    appName:   'kill'
+});
+
+var invalidProducer = new producer({
+    type: 'invalid',
+    facility: 'invalid',
+});
+assert.notEqual(invalidProducer, 'invalid producer is null');
+
+var msg = syslogProducer.produce({
+    facility: 'local4',
+    severity: 'error',
+    host: 'localhost',
+    appName: 'sudo',
+    pid: '123',
+    date: new Date(1234567890000),
+    message: 'Test Message'
+});
+assert.equal(msg, "<163>1 2009-02-13T23:31:30.000Z localhost sudo 123 - - Test Message",'Valid message returned');
+
+syslogProducer.produce({
+    facility: 'audit',
+    severity: 'error',
+    host: '127.0.0.1',
+    appName: 'sudo',
+    pid: '419',
+    date: new Date(1234567890000),
+    message: 'Test Message'
+}, function(cbMsg) {
+    assert.equal(cbMsg, '<107>1 2009-02-13T23:31:30.000Z 127.0.0.1 sudo 419 - - Test Message', 'Valid message in callback returned');
+});
+
+BSDProducer.produce({
+    facility: 'audit',
+    severity: 'error',
+    host: '127.0.0.1',
+    appName: 'sudo',
+    pid: '419',
+    date: new Date(1234567890000),
+    message: 'Test Message'
+}, function(cbMsg){
+    assert.equal(cbMsg, '<107>Feb 14 00:31:30 127.0.0.1 sudo[419]: Test Message');
+});
+
+var debugMsg = presetProducer.debug({
+    facility: 'local2',
+    message: 'Debug Message',
+    date: new Date(1234567890000),
+    pid: 91
+});
+assert.ok(debugMsg);
+assert.equal(debugMsg, '<151>Feb 14 00:31:30 localhost kill[91]: Debug Message');
+
+var infoMsg = presetProducer.info({
+    facility: 'ntp',
+    message: 'Info Message',
+    pid: 42,
+    date: new Date(1234567890000)
+});
+assert.ok(infoMsg);
+assert.equal(infoMsg, '<102>Feb 14 00:31:30 localhost kill[42]: Info Message');
+
+var noticeMsg = presetProducer.debug({
+    facility: 'local2',
+    message: 'Notice Message',
+    pid: 16,
+    date: new Date(1234567890000)
+});
+assert.ok(noticeMsg);
+assert.equal(noticeMsg, '<151>Feb 14 00:31:30 localhost kill[16]: Notice Message');
+
+var warnMsg = presetProducer.debug({
+    facility: 'local4',
+    message: 'Warning Message',
+    pid: 91,
+    date: new Date(1234567890000)
+});
+assert.ok(warnMsg);
+assert.equal(warnMsg, '<167>Feb 14 00:31:30 localhost kill[91]: Warning Message');
+
+var errorMsg = presetProducer.debug({
+    facility: 'clock',
+    message: 'Error Message',
+    pid: 91,
+    date: new Date(1234567890000)
+});
+assert.ok(errorMsg);
+assert.equal(errorMsg, '<79>Feb 14 00:31:30 localhost kill[91]: Error Message');
+
+var criticalMsg = presetProducer.crit({
+    facility: 'local0',
+    message: 'Critical Message',
+    pid: 91,
+    date: new Date(1234567890000)
+});
+assert.ok(criticalMsg);
+assert.equal(criticalMsg, '<130>Feb 14 00:31:30 localhost kill[91]: Critical Message');
+
+var alertMsg = presetProducer.alert({
+    facility: 'clock',
+    message: 'Alert Message',
+    pid: 91,
+    date: new Date(1234567890000)
+});
+assert.ok(alertMsg);
+assert.equal(alertMsg, '<73>Feb 14 00:31:30 localhost kill[91]: Alert Message');
+
+var emergencyMsg = presetProducer.emergency({
+    facility: 'news',
+    message: 'Emergency Message',
+    pid: 91,
+    date: new Date(1234567890000)
+});
+assert.ok(emergencyMsg);
+assert.equal(emergencyMsg, '<56>Feb 14 00:31:30 localhost kill[91]: Emergency Message');
+
+var structuredMsg = syslogProducer.produce({
+    facility: 'local4',
+    severity: 'error',
+    host: 'mymachine.example.com',
+    appName: 'evntslog',
+    msgID: 'ID47',
+    date: new Date(1234567890000),
+    structuredData: {
+        'exampleSDID@32473': {
+            'iut':         "3",
+            'eventSource': "Application",
+            'eventID':     "1011",
+            'seqNo':       "1"
+        }
+    },
+    message: 'BOMAn application event log entry...'
+});
+
+assert.ok(structuredMsg);
+assert.equal(structuredMsg, '<163>1 2009-02-13T23:31:30.000Z mymachine.example.com evntslog - ID47 [exampleSDID@32473 iut="3" eventSource="Application" eventID="1011" seqNo="1"] BOMAn application event log entry...');
+
+var structuredWithArray = syslogProducer.produce({
+    facility: 'local4',
+    severity: 'error',
+    host: 'mymachine.example.com',
+    appName: 'evntslog',
+    msgID: 'ID47',
+    date: new Date(1234567890000),
+    structuredData: {
+        'origin': {
+            'ip': ['127.0.1.1', '127.0.0.1']
+        }
+    },
+    message: 'BOMAn application event log entry...'    
+});
+
+assert.ok(structuredWithArray);
+assert.equal(structuredWithArray, '<163>1 2009-02-13T23:31:30.000Z mymachine.example.com evntslog - ID47 [origin ip="127.0.1.1" ip="127.0.0.1"] BOMAn application event log entry...');
+
+var messageWithOneDigitDate = presetProducer.emergency({
+    facility: 'news',
+    message: 'Emergency Message',
+    pid: 91,
+    date: new Date(1233531090000)
+});
+assert.ok(messageWithOneDigitDate);
+assert.equal(messageWithOneDigitDate, '<56>Feb  2 00:31:30 localhost kill[91]: Emergency Message');
--- a/Skills/@be/node_modules/@myndzi/glossy/test/runner.js
+++ b/Skills/@be/node_modules/@myndzi/glossy/test/runner.js
@@ -0,0 +1,40 @@
+// set timezone to CET for tests
+process.env.TZ='CET';
+
+var spawn = require('child_process').spawn,
+       fs = require('fs'),
+ exitCode = 0,
+  timeout = 10000;
+
+fs.readdir(__dirname, function (e, files) {
+    if(e) throw e;
+
+    var tests = files.filter(function (f) {return f.substr(-2) === 'js' && f != 'runner.js'});
+
+    var next = function () {
+        if(tests.length === 0) process.exit(exitCode); 
+
+        var file = tests.shift();
+        var proc = spawn('node', [ 'test/' + file ]);
+
+        var killed = false;
+        var t = setTimeout(function () {
+            proc.kill();
+            exitCode += 1;
+            console.error(file + ' timeout');
+            killed = true;
+        }, timeout)
+
+        proc.stdout.pipe(process.stdout);
+        proc.stderr.pipe(process.stderr);
+        proc.on('exit', function (code) {
+            if (code && !killed) console.error(file + ' failed');
+            exitCode += code || 0;
+            clearTimeout(t);
+            next();
+        })
+    }
+    next();
+})
+
+
--- a/Skills/@be/node_modules/@myndzi/glossy/test/structure_data.js
+++ b/Skills/@be/node_modules/@myndzi/glossy/test/structure_data.js
@@ -0,0 +1,24 @@
+var syslogParser = require('../lib/glossy/parse.js'),
+          assert = require('assert');
+
+assert.ok(syslogParser, 'parser loaded');
+var singleStructure = '[exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"]';
+assert.deepEqual(syslogParser.parseStructure(singleStructure), {
+    'exampleSDID@32473': {
+        iut: '3', 
+        eventSource: 'Application',
+        eventID: '1011' 
+    } 
+});
+
+var doubleStructure = '[exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"][examplePriority@32473 class="high"] ';
+assert.deepEqual(syslogParser.parseStructure(doubleStructure), {
+    'exampleSDID@32473': {
+            iut: '3',
+        eventID: '1011',
+        eventSource: 'Application'
+     },
+     'examplePriority@32473': {
+         'class': 'high'
+     }
+});