func (f *Automatic) GetParser(line []byte) syslogparser.LogParser { switch format, _ := detect(line); format { case detectedRFC3164: return rfc3164.NewParser(line) case detectedRFC5424: return rfc5424.NewParser(line) default: // If the line was an RFC6587 line, the splitter should already have removed the length, // so one of the above two will be chosen if the line is correctly formed. However, it // may have a second length illegally placed at the start, in which case the detector // will return detectedRFC6587. The line may also simply be malformed after the length in // which case we will have detectedUnknown. In this case we return the simplest parser so // the illegally formatted line is properly handled return rfc3164.NewParser(line) } }
func (s *Server) receiver(c net.PacketConn) { //q := (chan<- Message)(s.q) buf := make([]byte, 1024) for { n, _, err := c.ReadFrom(buf) if err != nil { if !s.shutdown { s.l.Fatalln("Read error:", err) } return } pkt := buf[:n] p := rfc3164.NewParser(pkt) if err := p.Parse(); err != nil { log.Println(err) } log := p.Dump() m := &Message{ Time: time.Now(), Priority: log["priority"].(syslog.Priority), Timestamp: log["timestamp"].(time.Time), Hostname: log["hostname"].(string), Tag: log["tag"].(string), Content: log["content"].(string), } s.passToHandlers(m) } }
func ExampleNewParser() { b := "<34>Oct 11 22:14:15 mymachine su: 'su root' failed for lonvick on /dev/pts/8" buff := []byte(b) p := rfc3164.NewParser(buff) err := p.Parse() if err != nil { panic(err) } fmt.Println(p.Dump()) }
func (s *concreteServer) handleConnection(conn net.Conn, callback CallbackFunc) { defer func() { if err := conn.Close(); err != nil { s.logger.Error(concreteServerLogTag, "Failed to close connection: %s", err.Error()) } }() scanner := bufio.NewScanner(conn) for scanner.Scan() { bytes := scanner.Bytes() p := rfc3164.NewParser(bytes) err := p.Parse() if err != nil { s.logger.Error( concreteServerLogTag, "Failed to parse syslog message: %s error: %s", string(bytes), err.Error(), ) continue } content, ok := p.Dump()["content"].(string) if !ok { s.logger.Error( concreteServerLogTag, "Failed to retrieve syslog message string content: %s", string(bytes), ) continue } message := Msg{Content: content} callback(message) } err := scanner.Err() if err != nil { s.logger.Error( concreteServerLogTag, "Scanner error while parsing syslog message: %s", err.Error(), ) } }
func printPacketInfo(packet gopacket.Packet) { applicationLayer := packet.ApplicationLayer() if applicationLayer != nil { buff := []byte(applicationLayer.Payload()) p := rfc3164.NewParser(buff) err := p.Parse() if err != nil { fmt.Println("Error decoding Payload:", err) } fmt.Printf("%s", p.Dump()["content"]) } if err := packet.ErrorLayer(); err != nil { fmt.Println("Error decoding some part of the packet:", err) } }
func (s *StreamServer) IsIgnoreLog(buf []byte) bool { p := rfc3164.NewParser(buf) if err := p.Parse(); err != nil { return false } data := p.Dump() tag := data["tag"].(string) if len(tag) == 0 { return false } s.Lock() rgs, ok := s.CurrentConfig[tag] s.Unlock() if ok { for _, r := range rgs { if r.MatchString(data["content"].(string)) { return true } } } return false }
func (s *server) processLine(line []byte) { p := rfc3164.NewParser(line) if err := p.Parse(); err != nil { logger.Println("failed to parse:", err) return } receivedMeter.Mark(1) parts := p.Dump() jsonBytes, err := json.Marshal(parts) if err != nil { logger.Println("error marshaling message, skipping.", err) return } if cfg.verbose { logger.Println("enqueuing", string(jsonBytes)) } if cfg.publish { put := func() error { return s.publishMessage(jsonBytes) } policy := backoff.NewExponentialBackOff() policy.MaxElapsedTime = time.Minute * 5 err := backoff.Retry(put, policy) if err != nil { // retrying a bunch of times failed... logger.Println("failed sending message.", err) sendDroppedMeter.Mark(1) } } }
package syslog_test import ( "fmt" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" "github.com/jeromer/syslogparser/rfc3164" ) var _ = Describe("syslogparser", func() { It("parses an example message", func() { text := []byte("<34>Oct 11 22:14:15 mach su: 'su root' failed for lonvick on /dev/pts/8") parser := rfc3164.NewParser(text) err := parser.Parse() Expect(err).ToNot(HaveOccurred()) parts := parser.Dump() // syslogparser.LogParts Expect(fmt.Sprintf("%T", parts["timestamp"])).To(Equal("time.Time")) Expect(parts["hostname"]).To(Equal("mach")) Expect(parts["tag"]).To(Equal("su")) Expect(parts["content"]).To(Equal("'su root' failed for lonvick on /dev/pts/8")) Expect(parts["priority"]).To(Equal(34)) Expect(parts["facility"]).To(Equal(4)) Expect(parts["severity"]).To(Equal(2)) }) })
func (f *RFC3164) GetParser(line []byte) syslogparser.LogParser { return rfc3164.NewParser(line) }