#
# spec file for package liblognorm
#
# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
# Copyright (c) 2025 Andreas Stieger <Andreas.Stieger@gmx.de>
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via https://bugs.opensuse.org/
#


%define sover 5
Name:           liblognorm
Version:        2.0.6
Release:        3.1
Summary:        Library and tool to normalize log data
License:        Apache-2.0 AND LGPL-2.1-or-later
Group:          Development/Libraries/C and C++
URL:            https://www.liblognorm.com/
Source0:        https://www.liblognorm.com/download/files/download/%{name}-%{version}.tar.gz
Patch0:         liblognorm-2.0.6-pcre2.patch
# for liblognorm-2.0.6-pcre2.patch
BuildRequires:  autoconf
BuildRequires:  automake
BuildRequires:  libtool
#
BuildRequires:  pkgconfig >= 0.9.0
BuildRequires:  pkgconfig(libestr)
BuildRequires:  pkgconfig(libfastjson) >= 0.99.0
BuildRequires:  pkgconfig(libpcre2-8) >= 10.00

%description
Liblognorm is a fast-samples based normalization library. It is a library and
a tool to normalize log data.

Liblognorm shall help to make sense out of syslog data, or, actually, any event
data that is present in text form.

In short words, one will be able to throw arbitrary log message to liblognorm,
one at a time, and for each message it will output well-defined name-value
pairs and a set of tags describing the message.

So, for example, if you have traffic logs from three different firewalls,
liblognorm will be able to "normalize" the events into generic ones. Among
others, it will extract source and destination ip addresses and ports and make
them available via well-defined fields. As the end result, a common log
analysis application will be able to work on that common set and so this
backend will be independent from the actual firewalls feeding it. Even better,
once we have a well-understood interim format, it is also easy to convert that
into any other vendor specific format, so that you can use that vendor's
analysis tool.

%package -n     liblognorm%{sover}
Summary:        Library and tool to normalize log data
Group:          Development/Libraries/C and C++

%description  -n liblognorm%{sover}
Liblognorm is a library and a tool to normalize log data.

Liblognorm shall help to make sense out of syslog data, or, actually, any event
data that is present in text form.

In short words, one will be able to throw arbitrary log message to liblognorm,
one at a time, and for each message it will output well-defined name-value
pairs and a set of tags describing the message.

So, for example, if you have traffic logs from three different firewalls,
liblognorm will be able to "normalize" the events into generic ones. Among
others, it will extract source and destination ip addresses and ports and make
them available via well-defined fields. As the end result, a common log
analysis application will be able to work on that common set and so this
backend will be independent from the actual firewalls feeding it. Even better,
once we have a well-understood interim format, it is also easy to convert that
into any other vendor specific format, so that you can use that vendor's
analysis tool.

%package        devel
Summary:        Development files for %{name}
Group:          Development/Libraries/C and C++
Requires:       %{name}%{sover} = %{version}
Conflicts:      %{name}0-devel

%description    devel
Liblognorm is a library and a tool to normalize log data.

Liblognorm shall help to make sense out of syslog data, or, actually, any event
data that is present in text form.

In short words, one will be able to throw arbitrary log message to liblognorm,
one at a time, and for each message it will output well-defined name-value
pairs and a set of tags describing the message.

So, for example, if you have traffic logs from three different firewalls,
liblognorm will be able to "normalize" the events into generic ones. Among
others, it will extract source and destination ip addresses and ports and make
them available via well-defined fields. As the end result, a common log
analysis application will be able to work on that common set and so this
backend will be independent from the actual firewalls feeding it. Even better,
once we have a well-understood interim format, it is also easy to convert that
into any other vendor specific format, so that you can use that vendor's
analysis tool.

The %{name}-devel package contains libraries and header files for
developing applications that use %{name}.

%prep
%autosetup -p1

%build
# for liblognorm-2.0.6-pcre2.patch
autoreconf -fiv
#
%configure \
	--disable-static \
	--enable-regexp \
	--disable-testbench \
	--enable-advanced-stats \
	--enable-tools \
	--disable-docs \
	%{nil}
%make_build

%install
%make_install
find %{buildroot} -type f -name "*.la" -delete -print

%check
%make_build check

%ldconfig_scriptlets -n liblognorm%{sover}

%files -n liblognorm%{sover}
%license COPYING
%{_libdir}/*.so.*
%{_bindir}/lognormalizer

%files devel
%license COPYING
%doc NEWS README AUTHORS ChangeLog
%{_includedir}/*
%{_libdir}/*.so
%{_includedir}/*.h
%{_libdir}/pkgconfig/lognorm.pc

%changelog
* Sat Mar 15 2025 Andreas Stieger <andreas.stieger@gmx.de>
- build with pcre2, add liblognorm-2.0.6-pcre2.patch
* Mon Jan 14 2019 kukuk@suse.de
- Use %%license instead of %%doc [bsc#1082318]
* Mon Nov 12 2018 kdalamagkidis@suse.com
- liblognorm 2.0.6:
  * added Checkpoint LEA transfer format
  * added lazy matching mode to string parser
  * suppress invalid param error for field name "-" for hexnumber,
    float, number, date-rfc3164 and date-rfc5424
  * fix cisco-interface-spec failure when at end of line
- removed liblognorm-2.0.4-no-return-in-nonvoid-function.patch
* Tue Nov 14 2017 astieger@suse.com
- liblognorm 2.0.4:
  * added support for native JSON number formats
    supported by parsers: number, float, hex
  * added support for creating unix timestamps
    supported by parsers: date-rfc3164, date-rfc5424
- add liblognorm-2.0.4-no-return-in-nonvoid-function.patch
* Fri May  5 2017 jmatejek@suse.com
- drop HTML docs and python-Sphinx dependency
- use pkgconfig always
* Tue Apr  4 2017 astieger@suse.com
- liblognorm 2.0.3:
  * add ability to load rulebase from a string
  * string parser did not correctly parse word at end of line
  * literal parser did not always store value if name is specified
* Mon Jan 30 2017 ndas@suse.com
- This updated library is needed for latest rsyslog(fate#320546)
* Sun Dec  4 2016 astieger@suse.com
- liblognorm 2.0.2:
  * bugfix: no error was emitted on invalid "annotate" line
  * "annnotate": permit inline comments
  * bugfix: abort in literal path compaction when using
    "alternative" parser
  * bugfix: lognormalizer could loop
* Thu Aug  4 2016 astieger@suse.com
- liblognorm 2.0.1:
  * fix public headers, which invalidly contained a strndup()
    definition
  * fix some issues in pkgconfig file
* Sat Jul 23 2016 astieger@suse.com
- liblognorm 2.0.0 (liblognorm5):
  * completely rewritten, much feature-enhanced version
  * requires libfastjson instead of json-c
  * lognormalizer tool can now handle lines larger 10k characters
* Sun Mar 13 2016 astieger@suse.com
- liblognorm 1.1.3:
  * add support for libfastjson
  * check for runaway rules
  * fix: process last line if it misses the terminating LF
* Wed Jul 22 2015 astieger@suse.com
- liblognorm 1.1.2:
  * permit newline inside parser definition
  * new parser "cisco-interface-spec"
  * new parser "json" to process json parts of the message
  * new parser "mac48" to process mac layer addresses
  * new parser "name-value-list" (currently inofficial, experimental)
  * some parsers did incorrectly report success when an error occurred
  * call "rest" parser only if nothing else matches.
  * new API to support error callbacks
  * testbench is now enabled by default
  * bugfix: misadressing on some constant values
  * bugfix: add missing function prototypes
* Tue Mar 10 2015 astieger@suse.com
- liblognorm 1.1.1
  * fixed library version numbering (2)
  * added new parser syntaxes
  * bugfix: function ln_parseFieldDescr() returns state value
    due to unitialized variable. This can also lead to invalid
    returning no sample node where one would have to be created.
- add configuration to continue to build documentation
- new tests added in this release are APACHE-2.0 licenced
* Thu Jan 22 2015 andreas.stieger@gmx.de
- liblognorm 1.1.0:
  + added regular expression support
- fix SLE11/12 build
* Wed Oct 22 2014 heinemannj66@gmail.com
- Changed BuildRequires dependencies for SLES11SP3
  - BuildRequires:  libjson-c-devel
  - BuildRequires:  libestr-devel
* Fri Apr 11 2014 andreas.stieger@gmx.de
- liblognorm 1.0.1:
  - improved doc (via RST/Sphinx)
  - bugfix: unparsed fields were copied incorrectly
    from non-terminated string
  - bugfix: mandatory tag did not work in lognormalizeri
* Wed Jan 29 2014 e.istomin@edss.ee
- Changed BuildRequires dependency from "pkgconfig(json)" to pkgconfig(json-c)
* Thu Jan 16 2014 andreas.stieger@gmx.de
- liblognorm 1.0.0:
  * incompatible interface and older programs will not compile with it
  * libestr is not used any more in interface functions. Traditional
    C strings are used instead. Internally, libestr is still used,
    but scheduled for removal.
  * libee is not used any more. JSON-C is used for object handling
    instead. Parsers and formatters are now part of liblognorm.
  * added new field type “rest”, which simply sinks all up to end of
    the string.
  * added support for glueing two fields together, without literal
    between them. It allows for constructs like:
    %%volume:number%%%%unit:word%%  which matches string “1000Kbps”
  * Fix incorrect merging of trees with empty literal at end
- packaging changes:
  * parallel build working again
  * move some documentation into -devel package
  * conflict with devel package of previous liblognorm0-devel as per
    shared library packaging policy
* Fri Jul 19 2013 andreas.stieger@gmx.de
- update to 0.3.7
  - added support to load single samples
* Fri Apr 19 2013 mt@suse.de
- update to 0.3.6:
  - bugfix: unitialized variable could lead to rulebase load error
* Mon Nov 12 2012 mt@suse.com
- Defined rpm build root to fix build on SLE-11
* Thu Sep 20 2012 andreas.stieger@gmx.de
- update to 0.3.5:
  renamed "normalizer" tool to "lognormalizer to solve name clashes
* Fri Aug 24 2012 andreas.stieger@gmx.de
- liblognorm 0.3.4
- licence is LGPL-2.1+
- parallel build not working