Add option to forward in GELF JSON format.
This commit is contained in:
parent
cf14736d1a
commit
3313713f36
19
README.md
19
README.md
|
@ -1,8 +1,8 @@
|
||||||
# Simple Syslog Server
|
# Syslog Server
|
||||||
|
|
||||||
All received messages are written to *stdout* and optionally forwarded to another syslog server.
|
All received messages are written to *stdout* and/or forwarded to another syslog server.
|
||||||
|
|
||||||
The syslog server is able to listen on UDP and/or TCP and parses syslog messages in either RFC5424 or RFC3164 (BSD) format.
|
The syslog server is able to listen on both UDP and TCP and parses syslog messages in either RFC5424 or RFC3164 (BSD) format.
|
||||||
|
|
||||||
The default syslog port (514) requires you to run syslogd as root / administrator.
|
The default syslog port (514) requires you to run syslogd as root / administrator.
|
||||||
If you do not wish to do so, you can choose a port number (with the *-p* or *--port* flag) above 1024.
|
If you do not wish to do so, you can choose a port number (with the *-p* or *--port* flag) above 1024.
|
||||||
|
@ -13,11 +13,12 @@ If you do not wish to do so, you can choose a port number (with the *-p* or *--p
|
||||||
- Run *bin/syslogd*, use the *-h* option for help :)
|
- Run *bin/syslogd*, use the *-h* option for help :)
|
||||||
|
|
||||||
````
|
````
|
||||||
Usage: syslogd [-dhV] [--[no-]ansi] [--[no-]stdout] [--[no-]tcp] [--[no-]udp]
|
Usage: syslogd [-dghV] [--[no-]ansi] [--[no-]stdout] [--[no-]tcp] [--[no-]udp]
|
||||||
[--rfc5424] [-f=<host>] [-p=<port>]
|
[--rfc5424] [-f=<host>] [-p=<port>]
|
||||||
Simple Syslog Server
|
Syslog Server
|
||||||
-d, --debug Enable debugging [default: 'false'].
|
-d, --debug Enable debugging [default: 'false'].
|
||||||
-f, --forward=<host> Forward to UDP host[:port] (RFC-5424).
|
-f, --forward=<host> Forward to UDP host[:port] (RFC-5424).
|
||||||
|
-g, --gelf Forward in Graylog (GELF) JSON format.
|
||||||
-h, --help Show this help message and exit.
|
-h, --help Show this help message and exit.
|
||||||
--[no-]ansi Output ANSI colors [default: true].
|
--[no-]ansi Output ANSI colors [default: true].
|
||||||
--[no-]stdout Output messages to stdout [default: true].
|
--[no-]stdout Output messages to stdout [default: true].
|
||||||
|
@ -26,7 +27,6 @@ Simple Syslog Server
|
||||||
-p, --port=<port> Listening port [default: 514].
|
-p, --port=<port> Listening port [default: 514].
|
||||||
--rfc5424 Parse RFC-5424 messages [default: RFC-3164].
|
--rfc5424 Parse RFC-5424 messages [default: RFC-3164].
|
||||||
-V, --version Print version information and exit.
|
-V, --version Print version information and exit.
|
||||||
|
|
||||||
````
|
````
|
||||||
|
|
||||||
### Examples
|
### Examples
|
||||||
|
@ -49,6 +49,13 @@ Listening on the standard syslog port (requires root privileges) and forwarding
|
||||||
java -jar /path/to/syslogd-x.y.z-all.jar --forward remotehost:1514
|
java -jar /path/to/syslogd-x.y.z-all.jar --forward remotehost:1514
|
||||||
```
|
```
|
||||||
|
|
||||||
|
Forwarding to a Graylog server in GELF format.
|
||||||
|
|
||||||
|
```
|
||||||
|
java -jar /path/to/syslogd-x.y.z-all.jar --forward remotehost:12201 --gelf
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
If you don't want any output locally (only forwarding), you can use the ```--no-stdout``` flag.
|
If you don't want any output locally (only forwarding), you can use the ```--no-stdout``` flag.
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,3 +1,3 @@
|
||||||
id = syslogd
|
id = syslogd
|
||||||
group = biz.nellemann.syslogd
|
group = biz.nellemann.syslogd
|
||||||
version = 1.0.10
|
version = 1.0.11
|
||||||
|
|
|
@ -1,2 +0,0 @@
|
||||||
[SyslogServer] [DEBUG] SyslogParser - getFacility() - 68 => 8
|
|
||||||
[SyslogServer] [DEBUG] SyslogParser - getSeverity() - 68 => 4
|
|
|
@ -34,7 +34,7 @@ import java.util.regex.Pattern;
|
||||||
|
|
||||||
@Command(name = "syslogd",
|
@Command(name = "syslogd",
|
||||||
mixinStandardHelpOptions = true,
|
mixinStandardHelpOptions = true,
|
||||||
description = "Simple Syslog Server",
|
description = "Syslog Server",
|
||||||
versionProvider = biz.nellemann.syslogd.VersionProvider.class)
|
versionProvider = biz.nellemann.syslogd.VersionProvider.class)
|
||||||
public class Application implements Callable<Integer>, LogListener {
|
public class Application implements Callable<Integer>, LogListener {
|
||||||
|
|
||||||
|
@ -64,6 +64,9 @@ public class Application implements Callable<Integer>, LogListener {
|
||||||
@CommandLine.Option(names = { "-f", "--forward"}, description = "Forward to UDP host[:port] (RFC-5424).", paramLabel = "<host>")
|
@CommandLine.Option(names = { "-f", "--forward"}, description = "Forward to UDP host[:port] (RFC-5424).", paramLabel = "<host>")
|
||||||
private String forward;
|
private String forward;
|
||||||
|
|
||||||
|
@CommandLine.Option(names = { "-g", "--gelf"}, description = "Forward in Graylog (GELF) JSON format.", defaultValue = "false")
|
||||||
|
private boolean gelf;
|
||||||
|
|
||||||
@CommandLine.Option(names = { "-d", "--debug" }, description = "Enable debugging [default: 'false'].")
|
@CommandLine.Option(names = { "-d", "--debug" }, description = "Enable debugging [default: 'false'].")
|
||||||
private boolean enableDebug = false;
|
private boolean enableDebug = false;
|
||||||
|
|
||||||
|
@ -141,7 +144,11 @@ public class Application implements Callable<Integer>, LogListener {
|
||||||
|
|
||||||
if(doForward) {
|
if(doForward) {
|
||||||
try {
|
try {
|
||||||
udpClient.send(SyslogPrinter.toRfc5424(msg));
|
if(gelf) {
|
||||||
|
udpClient.send(SyslogPrinter.toGelf(msg));
|
||||||
|
} else {
|
||||||
|
udpClient.send(SyslogPrinter.toRfc5424(msg));
|
||||||
|
}
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
e.printStackTrace();
|
e.printStackTrace();
|
||||||
}
|
}
|
||||||
|
|
|
@ -12,6 +12,7 @@ public class SyslogPrinter {
|
||||||
|
|
||||||
private final static char SPACE = ' ';
|
private final static char SPACE = ' ';
|
||||||
|
|
||||||
|
|
||||||
public static String toString(SyslogMessage msg) {
|
public static String toString(SyslogMessage msg) {
|
||||||
StringBuilder sb = new StringBuilder(msg.timestamp.toString());
|
StringBuilder sb = new StringBuilder(msg.timestamp.toString());
|
||||||
sb.append(String.format(" [%8.8s.%-6.6s] ", msg.facility, msg.severity));
|
sb.append(String.format(" [%8.8s.%-6.6s] ", msg.facility, msg.severity));
|
||||||
|
@ -42,7 +43,11 @@ public class SyslogPrinter {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
// <13>Sep 23 08:53:28 xps13 mark: adfdfdf3432434
|
/**
|
||||||
|
* Return a RFC-3164 formatted string of the SyslogMessage.
|
||||||
|
* @param msg
|
||||||
|
* @return
|
||||||
|
*/
|
||||||
public static String toRfc3164(SyslogMessage msg) {
|
public static String toRfc3164(SyslogMessage msg) {
|
||||||
StringBuilder sb = new StringBuilder();
|
StringBuilder sb = new StringBuilder();
|
||||||
sb.append(getPri(msg.facility, msg.severity));
|
sb.append(getPri(msg.facility, msg.severity));
|
||||||
|
@ -55,8 +60,11 @@ public class SyslogPrinter {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
// <13>1 2020-09-23T08:57:30.950699+02:00 xps13 mark - - [timeQuality tzKnown="1" isSynced="1" syncAccuracy="125500"] adfdfdf3432434565656
|
/**
|
||||||
// <34>1 2003-10-11T22:14:15.003Z mymachine.example.com su - ID47 - BOM'su root' failed for lonvick on /dev/pts/8
|
* Return a RFC-5424 formatted string of the SyslogMessage.
|
||||||
|
* @param msg
|
||||||
|
* @return
|
||||||
|
*/
|
||||||
public static String toRfc5424(SyslogMessage msg) {
|
public static String toRfc5424(SyslogMessage msg) {
|
||||||
StringBuilder sb = new StringBuilder();
|
StringBuilder sb = new StringBuilder();
|
||||||
sb.append(getPri(msg.facility, msg.severity)).append("1");
|
sb.append(getPri(msg.facility, msg.severity)).append("1");
|
||||||
|
@ -72,6 +80,26 @@ public class SyslogPrinter {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Return a GELF formatted string of the SyslogMessage.
|
||||||
|
* https://www.graylog.org/features/gelf
|
||||||
|
* @param msg
|
||||||
|
* @return
|
||||||
|
*/
|
||||||
|
public static String toGelf(SyslogMessage msg) {
|
||||||
|
StringBuilder sb = new StringBuilder("{ \"version\": \"1.1\",");
|
||||||
|
sb.append(String.format("\"host\": \"%s\",", msg.hostname));
|
||||||
|
sb.append(String.format("\"short_message\": \"%s\",", msg.message));
|
||||||
|
//sb.append(String.format("\"full_message\": \"%s\",", msg.message));
|
||||||
|
sb.append(String.format("\"timestamp\": %d,", msg.timestamp.getEpochSecond()));
|
||||||
|
sb.append(String.format("\"level\": %d,", msg.severity.toNumber()));
|
||||||
|
sb.append(String.format("\"_facility\": \"%s\",", msg.facility));
|
||||||
|
sb.append(String.format("\"_severity\": \"%s\",", msg.severity));
|
||||||
|
sb.append("}");
|
||||||
|
return sb.toString();
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
static private String getPri(Facility facility, Severity severity) {
|
static private String getPri(Facility facility, Severity severity) {
|
||||||
int pri = (facility.toNumber() * 8) + severity.toNumber();
|
int pri = (facility.toNumber() * 8) + severity.toNumber();
|
||||||
return String.format("%c%d%c", '<', pri, '>');
|
return String.format("%c%d%c", '<', pri, '>');
|
||||||
|
|
Loading…
Reference in a new issue