nellemann/syslogd
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases 3 Wiki Activity

Improve rfc3164 parser.

Browse source
This commit is contained in:
Mark Nellemann 2020-10-06 05:10:19 +02:00
parent 75b9be0a31
commit 5d63f66fee
2 changed files with 31 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

42
src/main/java/biz/nellemann/syslogd/SyslogParser.java
View file

@ -37,30 +37,29 @@ public class SyslogParser {
public static SyslogMessage parseRfc3164(final String input) throws NumberFormatException {
Pattern pattern = Pattern.compile("^<(\\d{1,3})>(\\D{3}\\s+\\d{1,2} \\d{2}:\\d{2}:\\d{2})\\s+(?:Message forwarded from )?([^\\s:]+):?\\s+(\\S+): (.*)", Pattern.CASE_INSENSITIVE);
Pattern pattern = Pattern.compile("^<(\\d{1,3})>(\\D{3}\\s+\\d{1,2} \\d{2}:\\d{2}:\\d{2})\\s+(Message forwarded from \\S+:|\\S+)\\s+(\\S+): (.*)", Pattern.CASE_INSENSITIVE);
Matcher matcher = pattern.matcher(input);
boolean matchFound = matcher.find();
if(!matchFound) {
log.warn("parseRfc3164() - Match not found in: " + input);
//log.warn("parseRfc3164() - Match not found in: ");
System.err.println("!" + input);
return null;
}
final String pri = matcher.group(1);
final String date = matcher.group(2);
final String hostname = matcher.group(3);
final String application = matcher.group(4);
final String message = matcher.group(5);
String pri = matcher.group(1);
String date = matcher.group(2);
String hostname = matcher.group(3);
String application = matcher.group(4);
String message = matcher.group(5);
log.debug("PRI: " + pri);
log.debug("DATE: " + date);
log.debug("HOST: " + hostname);
log.debug("APP: " + application);
log.debug("MSG: " + message);
if(hostname.endsWith(":")) {
String[] tmp = hostname.split(" ");
hostname = tmp[tmp.length-1];
hostname = hostname.substring(0, hostname.length()-1);
}
Integer facility = getFacility(pri);
Integer severity = getSeverity(pri);
log.debug("facility: " + facility);
log.debug("severity: " + severity);
SyslogMessage syslogMessage = new SyslogMessage(message.trim());
syslogMessage.facility = Facility.getByNumber(facility);
@ -79,7 +78,8 @@ public class SyslogParser {
Matcher matcher = pattern.matcher(input);
boolean matchFound = matcher.find();
if(!matchFound) {
log.warn("parseRfc5424() - Match not found in: " + input);
//log.warn("parseRfc5424() - Match not found in: " + input);
System.err.println("!" + input);
return null;
}
@ -93,20 +93,8 @@ public class SyslogParser {
final String data = matcher.group(8);
final String msg = matcher.group(9);
log.debug("PRI: " + pri);
log.debug("VER: " + ver);
log.debug("DATE: " + date);
log.debug("HOST: " + host);
log.debug("APP: " + app);
log.debug("PROCID: " + procId);
log.debug("MSGID: " + msgId);
log.debug("DATA: " + data);
log.debug("MSG: " + msg);
Integer facility = getFacility(pri);
Integer severity = getSeverity(pri);
log.debug("facility: " + facility);
log.debug("severity: " + severity);
SyslogMessage syslogMessage = new SyslogMessage(msg.trim());
syslogMessage.facility = Facility.getByNumber(facility);

18
src/test/groovy/biz/nellemann/syslogd/SyslogParserTest.groovy
View file

@ -2,8 +2,6 @@ package biz.nellemann.syslogd
import spock.lang.Specification
import java.time.Instant
import java.time.OffsetDateTime;
class SyslogParserTest extends Specification {
void "test rfc5424 message"() {
@ -59,6 +57,20 @@ class SyslogParserTest extends Specification {
msg.message == "mark : TTY=pts/1 ; PWD=/etc/rsyslog.d ; USER=root ; COMMAND=/usr/sbin/service rsyslog restart"
}
/*
void "test gdm-session message"() {
setup:
String input = "<12>Oct 5 18:31:01 xps13 /usr/lib/gdm3/gdm-x-session[1921]: (EE) event5 - CUST0001:00 06CB:76AF Touchpad: kernel bug: Touch jump detected and discarded."
when:
SyslogMessage msg = SyslogParser.parseRfc3164(input)
then:
msg.application == "/usr/lib/gdm3/gdm-x-session[1921]"
msg.message == "(EE) event5 - CUST0001:00 06CB:76AF Touchpad: kernel bug: Touch jump detected and discarded."
}*/
void "test parseRfc3164Timestamp"() {
setup:
@ -87,3 +99,5 @@ class SyslogParserTest extends Specification {
}
import java.time.OffsetDateTime;