func handlePacket(buffer []byte) {
parser := rfc5424.NewParser(buffer)
err := parser.Parse()
if err != nil {
fmt.Printf("Error reading syslog message %s", err)
return
}
log := parser.Dump()
log["@timestamp"] = log["timestamp"]
log["facility_label"] = FACILITY_LABELS[(log["facility"]).(int)]
log["severity_label"] = SEVERITY_LABELS[(log["severity"]).(int)]
log["type"] = "syslog"
now := time.Now()
index := "logstash-" + now.Format("2006.01.02")
_, err = elasticSearch.Index(true, index, "logs", "", log)
if err != nil {
fmt.Printf("Error indexing message %s", err)
return
}
fmt.Println("Logged")
}
func ExampleNewParser() {
b := `<165>1 2003-10-11T22:14:15.003Z mymachine.example.com evntslog - ID47 [exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"] An application event log entry...`
buff := []byte(b)
p := rfc5424.NewParser(buff)
err := p.Parse()
if err != nil {
panic(err)
}
fmt.Println(p.Dump())
}
func Benchmark_Parsing(b *testing.B) {
msg := `<165>1 2003-10-11T22:14:15.003Z mymachine.example.com evntslog - ID47 [exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"] An application event log entry...`
buf := []byte(msg)
for n := 0; n < b.N; n++ {
p := rfc5424.NewParser(buf)
err := p.Parse()
if err != nil {
fmt.Println(err.Error())
panic("unable to parse message during benchmarking")
}
}
}
func Test_Parsing(t *testing.T) {
// msg := `<134>0 2015-05-05T21:20:00.493320+00:00 fisher apache-access - - [exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"] 173.247.206.174 - - [05/May/2015:21:19:52 +0000] "GET /2013/11/ HTTP/1. 1" 200 22056 "http://www.philipotoole.com/" "Wget/1.15 (linux-gnu)"`
msg := `<165>1 2003-10-11T22:14:15.003Z mymachine.example.com evntslog - ID47 [exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"] An application event log entry...`
buf := []byte(msg)
p := rfc5424.NewParser(buf)
err := p.Parse()
if err != nil {
t.Fatalf("failed to parse RFC5424 message: %s", err.Error())
}
for k, v := range p.Dump() {
fmt.Printf("%s: %v\n", k, v)
}
}
func (f *Automatic) GetParser(line []byte) syslogparser.LogParser {
switch format, _ := detect(line); format {
case detectedRFC3164:
return rfc3164.NewParser(line)
case detectedRFC5424:
return rfc5424.NewParser(line)
default:
// If the line was an RFC6587 line, the splitter should already have removed the length,
// so one of the above two will be chosen if the line is correctly formed. However, it
// may have a second length illegally placed at the start, in which case the detector
// will return detectedRFC6587. The line may also simply be malformed after the length in
// which case we will have detectedUnknown. In this case we return the simplest parser so
// the illegally formatted line is properly handled
return rfc3164.NewParser(line)
}
}
func (f *RFC5424) GetParser(line []byte) syslogparser.LogParser {
return rfc5424.NewParser(line)
}
