Improve rfc3164 parser.
This commit is contained in:
parent
75b9be0a31
commit
5d63f66fee
|
|
@ -37,30 +37,29 @@ public class SyslogParser {
|
||||||
|
|
||||||
public static SyslogMessage parseRfc3164(final String input) throws NumberFormatException {
|
public static SyslogMessage parseRfc3164(final String input) throws NumberFormatException {
|
||||||
|
|
||||||
Pattern pattern = Pattern.compile("^<(\\d{1,3})>(\\D{3}\\s+\\d{1,2} \\d{2}:\\d{2}:\\d{2})\\s+(?:Message forwarded from )?([^\\s:]+):?\\s+(\\S+): (.*)", Pattern.CASE_INSENSITIVE);
|
Pattern pattern = Pattern.compile("^<(\\d{1,3})>(\\D{3}\\s+\\d{1,2} \\d{2}:\\d{2}:\\d{2})\\s+(Message forwarded from \\S+:|\\S+)\\s+(\\S+): (.*)", Pattern.CASE_INSENSITIVE);
|
||||||
Matcher matcher = pattern.matcher(input);
|
Matcher matcher = pattern.matcher(input);
|
||||||
boolean matchFound = matcher.find();
|
boolean matchFound = matcher.find();
|
||||||
if(!matchFound) {
|
if(!matchFound) {
|
||||||
log.warn("parseRfc3164() - Match not found in: " + input);
|
//log.warn("parseRfc3164() - Match not found in: ");
|
||||||
|
System.err.println("!" + input);
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
final String pri = matcher.group(1);
|
String pri = matcher.group(1);
|
||||||
final String date = matcher.group(2);
|
String date = matcher.group(2);
|
||||||
final String hostname = matcher.group(3);
|
String hostname = matcher.group(3);
|
||||||
final String application = matcher.group(4);
|
String application = matcher.group(4);
|
||||||
final String message = matcher.group(5);
|
String message = matcher.group(5);
|
||||||
|
|
||||||
log.debug("PRI: " + pri);
|
if(hostname.endsWith(":")) {
|
||||||
log.debug("DATE: " + date);
|
String[] tmp = hostname.split(" ");
|
||||||
log.debug("HOST: " + hostname);
|
hostname = tmp[tmp.length-1];
|
||||||
log.debug("APP: " + application);
|
hostname = hostname.substring(0, hostname.length()-1);
|
||||||
log.debug("MSG: " + message);
|
}
|
||||||
|
|
||||||
Integer facility = getFacility(pri);
|
Integer facility = getFacility(pri);
|
||||||
Integer severity = getSeverity(pri);
|
Integer severity = getSeverity(pri);
|
||||||
log.debug("facility: " + facility);
|
|
||||||
log.debug("severity: " + severity);
|
|
||||||
|
|
||||||
SyslogMessage syslogMessage = new SyslogMessage(message.trim());
|
SyslogMessage syslogMessage = new SyslogMessage(message.trim());
|
||||||
syslogMessage.facility = Facility.getByNumber(facility);
|
syslogMessage.facility = Facility.getByNumber(facility);
|
||||||
|
|
@ -79,7 +78,8 @@ public class SyslogParser {
|
||||||
Matcher matcher = pattern.matcher(input);
|
Matcher matcher = pattern.matcher(input);
|
||||||
boolean matchFound = matcher.find();
|
boolean matchFound = matcher.find();
|
||||||
if(!matchFound) {
|
if(!matchFound) {
|
||||||
log.warn("parseRfc5424() - Match not found in: " + input);
|
//log.warn("parseRfc5424() - Match not found in: " + input);
|
||||||
|
System.err.println("!" + input);
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -93,20 +93,8 @@ public class SyslogParser {
|
||||||
final String data = matcher.group(8);
|
final String data = matcher.group(8);
|
||||||
final String msg = matcher.group(9);
|
final String msg = matcher.group(9);
|
||||||
|
|
||||||
log.debug("PRI: " + pri);
|
|
||||||
log.debug("VER: " + ver);
|
|
||||||
log.debug("DATE: " + date);
|
|
||||||
log.debug("HOST: " + host);
|
|
||||||
log.debug("APP: " + app);
|
|
||||||
log.debug("PROCID: " + procId);
|
|
||||||
log.debug("MSGID: " + msgId);
|
|
||||||
log.debug("DATA: " + data);
|
|
||||||
log.debug("MSG: " + msg);
|
|
||||||
|
|
||||||
Integer facility = getFacility(pri);
|
Integer facility = getFacility(pri);
|
||||||
Integer severity = getSeverity(pri);
|
Integer severity = getSeverity(pri);
|
||||||
log.debug("facility: " + facility);
|
|
||||||
log.debug("severity: " + severity);
|
|
||||||
|
|
||||||
SyslogMessage syslogMessage = new SyslogMessage(msg.trim());
|
SyslogMessage syslogMessage = new SyslogMessage(msg.trim());
|
||||||
syslogMessage.facility = Facility.getByNumber(facility);
|
syslogMessage.facility = Facility.getByNumber(facility);
|
||||||
|
|
|
||||||
|
|
@ -2,8 +2,6 @@ package biz.nellemann.syslogd
|
||||||
|
|
||||||
import spock.lang.Specification
|
import spock.lang.Specification
|
||||||
import java.time.Instant
|
import java.time.Instant
|
||||||
import java.time.OffsetDateTime;
|
|
||||||
|
|
||||||
class SyslogParserTest extends Specification {
|
class SyslogParserTest extends Specification {
|
||||||
|
|
||||||
void "test rfc5424 message"() {
|
void "test rfc5424 message"() {
|
||||||
|
|
@ -59,6 +57,20 @@ class SyslogParserTest extends Specification {
|
||||||
msg.message == "mark : TTY=pts/1 ; PWD=/etc/rsyslog.d ; USER=root ; COMMAND=/usr/sbin/service rsyslog restart"
|
msg.message == "mark : TTY=pts/1 ; PWD=/etc/rsyslog.d ; USER=root ; COMMAND=/usr/sbin/service rsyslog restart"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
void "test gdm-session message"() {
|
||||||
|
setup:
|
||||||
|
String input = "<12>Oct 5 18:31:01 xps13 /usr/lib/gdm3/gdm-x-session[1921]: (EE) event5 - CUST0001:00 06CB:76AF Touchpad: kernel bug: Touch jump detected and discarded."
|
||||||
|
|
||||||
|
when:
|
||||||
|
SyslogMessage msg = SyslogParser.parseRfc3164(input)
|
||||||
|
|
||||||
|
then:
|
||||||
|
msg.application == "/usr/lib/gdm3/gdm-x-session[1921]"
|
||||||
|
msg.message == "(EE) event5 - CUST0001:00 06CB:76AF Touchpad: kernel bug: Touch jump detected and discarded."
|
||||||
|
}*/
|
||||||
|
|
||||||
|
|
||||||
void "test parseRfc3164Timestamp"() {
|
void "test parseRfc3164Timestamp"() {
|
||||||
|
|
||||||
setup:
|
setup:
|
||||||
|
|
@ -87,3 +99,5 @@ class SyslogParserTest extends Specification {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
import java.time.OffsetDateTime;
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue