Improve date parsing in rfc3164 messages

Change default from rfc5424 to rfc3164
Enable dynamic version information
This commit is contained in:
Mark Nellemann 2020-10-05 17:59:31 +02:00
parent 8ae2ec7573
commit 75b9be0a31
6 changed files with 27 additions and 13 deletions

View file

@ -17,7 +17,7 @@ pipelines:
- gradle
name: Build and Release
script:
- ./gradlew clean build shadowJar startShadowScripts buildRpm buildDeb
- ./gradlew clean build shadowJar buildRpm buildDeb
- shopt -s nullglob ; for file in ${BITBUCKET_CLONE_DIR}/build/libs/*-all.jar ; do curl -X POST --user "${BB_AUTH_STRING}" "https://api.bitbucket.org/2.0/repositories/${BITBUCKET_REPO_OWNER}/${BITBUCKET_REPO_SLUG}/downloads" --form files=@"${file}" ; done
- shopt -s nullglob ; for file in ${BITBUCKET_CLONE_DIR}/build/distributions/*.rpm ; do curl -X POST --user "${BB_AUTH_STRING}" "https://api.bitbucket.org/2.0/repositories/${BITBUCKET_REPO_OWNER}/${BITBUCKET_REPO_SLUG}/downloads" --form files=@"${file}" ; done
- shopt -s nullglob ; for file in ${BITBUCKET_CLONE_DIR}/build/distributions/*.deb ; do curl -X POST --user "${BB_AUTH_STRING}" "https://api.bitbucket.org/2.0/repositories/${BITBUCKET_REPO_OWNER}/${BITBUCKET_REPO_SLUG}/downloads" --form files=@"${file}" ; done

View file

@ -1,3 +1,3 @@
id = syslogd
group = biz.nellemann.syslogd
version = 1.0.1
version = 1.0.2

View file

@ -37,7 +37,7 @@ public class SyslogParser {
public static SyslogMessage parseRfc3164(final String input) throws NumberFormatException {
Pattern pattern = Pattern.compile("^<(\\d{1,3})>(\\D{3} \\d{2} \\d{2}:\\d{2}:\\d{2})\\s+(?:Message forwarded from )?([^\\s:]+):?\\s+(\\S+): (.*)", Pattern.CASE_INSENSITIVE);
Pattern pattern = Pattern.compile("^<(\\d{1,3})>(\\D{3}\\s+\\d{1,2} \\d{2}:\\d{2}:\\d{2})\\s+(?:Message forwarded from )?([^\\s:]+):?\\s+(\\S+): (.*)", Pattern.CASE_INSENSITIVE);
Matcher matcher = pattern.matcher(input);
boolean matchFound = matcher.find();
if(!matchFound) {
@ -62,7 +62,7 @@ public class SyslogParser {
log.debug("facility: " + facility);
log.debug("severity: " + severity);
SyslogMessage syslogMessage = new SyslogMessage(message);
SyslogMessage syslogMessage = new SyslogMessage(message.trim());
syslogMessage.facility = Facility.getByNumber(facility);
syslogMessage.severity = Severity.getByNumber(severity);
syslogMessage.timestamp = parseRfc3164Timestamp(date);
@ -108,7 +108,7 @@ public class SyslogParser {
log.debug("facility: " + facility);
log.debug("severity: " + severity);
SyslogMessage syslogMessage = new SyslogMessage(msg);
SyslogMessage syslogMessage = new SyslogMessage(msg.trim());
syslogMessage.facility = Facility.getByNumber(facility);
syslogMessage.severity = Severity.getByNumber(severity);
syslogMessage.version = Integer.parseInt(ver);
@ -134,7 +134,7 @@ public class SyslogParser {
// Date: Mmm dd hh:mm:ss
Instant instant = null;
try {
DateTimeFormatter dateTimeFormatter = DateTimeFormatter.ofPattern("yyyy MMM dd HH:mm:ss").withZone(ZoneOffset.UTC);
DateTimeFormatter dateTimeFormatter = DateTimeFormatter.ofPattern("yyyy MMM [ ]d HH:mm:ss").withZone(ZoneOffset.UTC);
instant = Instant.from(dateTimeFormatter.parse(odt.getYear() + " " + dateString));
} catch(DateTimeParseException e) {
log.error("parseDate()", e);

View file

@ -41,10 +41,10 @@ public class SyslogServer implements Callable<Integer>, LogListener {
@CommandLine.Option(names = "--no-tcp", negatable = true, description = "Listen on TCP [default: true]")
boolean tcpServer = true;
@CommandLine.Option(names = "--rfc3164", negatable = false, description = "Parse RFC3164 messages [default: RFC5424]")
boolean rfc3164 = false;
@CommandLine.Option(names = "--rfc5424", negatable = false, description = "Parse RFC5424 messages [default: RFC3164]")
boolean rfc5424 = false;
@CommandLine.Option(names = "--no-ansi", negatable = true, description = "ANSI in output [default: true]")
@CommandLine.Option(names = "--no-ansi", negatable = true, description = "Output ANSI colors [default: true]")
boolean ansiOutput = true;
@CommandLine.Option(names = {"-f", "--file"}, description = "Write output to file [default: STDOUT]")
@ -96,10 +96,10 @@ public class SyslogServer implements Callable<Integer>, LogListener {
String message = event.getMessage();
SyslogMessage msg = null;
try {
if(rfc3164) {
msg = SyslogParser.parseRfc3164(message);
} else {
if(rfc5424) {
msg = SyslogParser.parseRfc5424(message);
} else {
msg = SyslogParser.parseRfc3164(message);
}
} catch(Exception e) {
log.error("Problem parsing message: ", e);

View file

@ -12,7 +12,7 @@ class VersionProvider implements CommandLine.IVersionProvider {
URL url = getClass().getResource("/version.properties");
if (url == null) {
return new String[] { "No version.txt file found in the classpath." };
return new String[] { "No version information available." };
}
Properties properties = new Properties();
properties.load(url.openStream());

View file

@ -36,6 +36,7 @@ class SyslogParserTest extends Specification {
setup:
def input = "<13>Sep 23 08:53:28 xps13 mark: adfdfdf3432434"
//def input = "<13>Sep 3 08:53:28 xps13 mark: adfdfdf3432434"
when:
SyslogMessage msg = SyslogParser.parseRfc3164(input)
@ -46,6 +47,18 @@ class SyslogParserTest extends Specification {
msg.application == "mark"
}
void "test rsyslogd sudo message"() {
setup:
String input = "<85>Oct 5 17:13:41 xps13 sudo: mark : TTY=pts/1 ; PWD=/etc/rsyslog.d ; USER=root ; COMMAND=/usr/sbin/service rsyslog restart"
when:
SyslogMessage msg = SyslogParser.parseRfc3164(input)
then:
msg.application == "sudo"
msg.message == "mark : TTY=pts/1 ; PWD=/etc/rsyslog.d ; USER=root ; COMMAND=/usr/sbin/service rsyslog restart"
}
void "test parseRfc3164Timestamp"() {
setup:
@ -73,3 +86,4 @@ class SyslogParserTest extends Specification {
}
}