Add option to forward in GELF JSON format.

This commit is contained in:
Mark Nellemann 2021-02-03 12:00:45 +01:00
parent cf14736d1a
commit 3313713f36
5 changed files with 54 additions and 14 deletions

View file

@ -1,8 +1,8 @@
# Simple Syslog Server
# Syslog Server
All received messages are written to *stdout* and optionally forwarded to another syslog server.
All received messages are written to *stdout* and/or forwarded to another syslog server.
The syslog server is able to listen on UDP and/or TCP and parses syslog messages in either RFC5424 or RFC3164 (BSD) format.
The syslog server is able to listen on both UDP and TCP and parses syslog messages in either RFC5424 or RFC3164 (BSD) format.
The default syslog port (514) requires you to run syslogd as root / administrator.
If you do not wish to do so, you can choose a port number (with the *-p* or *--port* flag) above 1024.
@ -13,11 +13,12 @@ If you do not wish to do so, you can choose a port number (with the *-p* or *--p
- Run *bin/syslogd*, use the *-h* option for help :)
````
Usage: syslogd [-dhV] [--[no-]ansi] [--[no-]stdout] [--[no-]tcp] [--[no-]udp]
Usage: syslogd [-dghV] [--[no-]ansi] [--[no-]stdout] [--[no-]tcp] [--[no-]udp]
[--rfc5424] [-f=<host>] [-p=<port>]
Simple Syslog Server
Syslog Server
-d, --debug Enable debugging [default: 'false'].
-f, --forward=<host> Forward to UDP host[:port] (RFC-5424).
-g, --gelf Forward in Graylog (GELF) JSON format.
-h, --help Show this help message and exit.
--[no-]ansi Output ANSI colors [default: true].
--[no-]stdout Output messages to stdout [default: true].
@ -26,7 +27,6 @@ Simple Syslog Server
-p, --port=<port> Listening port [default: 514].
--rfc5424 Parse RFC-5424 messages [default: RFC-3164].
-V, --version Print version information and exit.
````
### Examples
@ -49,6 +49,13 @@ Listening on the standard syslog port (requires root privileges) and forwarding
java -jar /path/to/syslogd-x.y.z-all.jar --forward remotehost:1514
```
Forwarding to a Graylog server in GELF format.
```
java -jar /path/to/syslogd-x.y.z-all.jar --forward remotehost:12201 --gelf
```
If you don't want any output locally (only forwarding), you can use the ```--no-stdout``` flag.

View file

@ -1,3 +1,3 @@
id = syslogd
group = biz.nellemann.syslogd
version = 1.0.10
version = 1.0.11

View file

@ -1,2 +0,0 @@
[SyslogServer] [DEBUG] SyslogParser - getFacility() - 68 => 8
[SyslogServer] [DEBUG] SyslogParser - getSeverity() - 68 => 4

View file

@ -34,7 +34,7 @@ import java.util.regex.Pattern;
@Command(name = "syslogd",
mixinStandardHelpOptions = true,
description = "Simple Syslog Server",
description = "Syslog Server",
versionProvider = biz.nellemann.syslogd.VersionProvider.class)
public class Application implements Callable<Integer>, LogListener {
@ -64,6 +64,9 @@ public class Application implements Callable<Integer>, LogListener {
@CommandLine.Option(names = { "-f", "--forward"}, description = "Forward to UDP host[:port] (RFC-5424).", paramLabel = "<host>")
private String forward;
@CommandLine.Option(names = { "-g", "--gelf"}, description = "Forward in Graylog (GELF) JSON format.", defaultValue = "false")
private boolean gelf;
@CommandLine.Option(names = { "-d", "--debug" }, description = "Enable debugging [default: 'false'].")
private boolean enableDebug = false;
@ -141,7 +144,11 @@ public class Application implements Callable<Integer>, LogListener {
if(doForward) {
try {
udpClient.send(SyslogPrinter.toRfc5424(msg));
if(gelf) {
udpClient.send(SyslogPrinter.toGelf(msg));
} else {
udpClient.send(SyslogPrinter.toRfc5424(msg));
}
} catch (Exception e) {
e.printStackTrace();
}

View file

@ -12,6 +12,7 @@ public class SyslogPrinter {
private final static char SPACE = ' ';
public static String toString(SyslogMessage msg) {
StringBuilder sb = new StringBuilder(msg.timestamp.toString());
sb.append(String.format(" [%8.8s.%-6.6s] ", msg.facility, msg.severity));
@ -42,7 +43,11 @@ public class SyslogPrinter {
}
// <13>Sep 23 08:53:28 xps13 mark: adfdfdf3432434
/**
* Return a RFC-3164 formatted string of the SyslogMessage.
* @param msg
* @return
*/
public static String toRfc3164(SyslogMessage msg) {
StringBuilder sb = new StringBuilder();
sb.append(getPri(msg.facility, msg.severity));
@ -55,8 +60,11 @@ public class SyslogPrinter {
}
// <13>1 2020-09-23T08:57:30.950699+02:00 xps13 mark - - [timeQuality tzKnown="1" isSynced="1" syncAccuracy="125500"] adfdfdf3432434565656
// <34>1 2003-10-11T22:14:15.003Z mymachine.example.com su - ID47 - BOM'su root' failed for lonvick on /dev/pts/8
/**
* Return a RFC-5424 formatted string of the SyslogMessage.
* @param msg
* @return
*/
public static String toRfc5424(SyslogMessage msg) {
StringBuilder sb = new StringBuilder();
sb.append(getPri(msg.facility, msg.severity)).append("1");
@ -72,6 +80,26 @@ public class SyslogPrinter {
}
/**
* Return a GELF formatted string of the SyslogMessage.
* https://www.graylog.org/features/gelf
* @param msg
* @return
*/
public static String toGelf(SyslogMessage msg) {
StringBuilder sb = new StringBuilder("{ \"version\": \"1.1\",");
sb.append(String.format("\"host\": \"%s\",", msg.hostname));
sb.append(String.format("\"short_message\": \"%s\",", msg.message));
//sb.append(String.format("\"full_message\": \"%s\",", msg.message));
sb.append(String.format("\"timestamp\": %d,", msg.timestamp.getEpochSecond()));
sb.append(String.format("\"level\": %d,", msg.severity.toNumber()));
sb.append(String.format("\"_facility\": \"%s\",", msg.facility));
sb.append(String.format("\"_severity\": \"%s\",", msg.severity));
sb.append("}");
return sb.toString();
}
static private String getPri(Facility facility, Severity severity) {
int pri = (facility.toNumber() * 8) + severity.toNumber();
return String.format("%c%d%c", '<', pri, '>');