Add more fields to GELF output.

2021-02-05 10:41:04 +01:00 · 2021-02-05 10:41:04 +01:00 · c7fc3a594c
parent 586848e1cc
commit c7fc3a594c
6 changed files with 45 additions and 14 deletions
--- a/gradle.properties
+++ b/gradle.properties
@ -1,3 +1,3 @@
 id            = syslogd
 group         = biz.nellemann.syslogd
-version       = 1.0.11
+version       = 1.0.12
--- a/src/main/java/biz/nellemann/syslogd/SyslogPrinter.java
+++ b/src/main/java/biz/nellemann/syslogd/SyslogPrinter.java
@ -71,9 +71,9 @@ public class SyslogPrinter {
        sb.append(SPACE).append(new java.text.SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSS'Z'").format(new java.util.Date(msg.timestamp.toEpochMilli())));
        sb.append(SPACE).append(msg.hostname);
        sb.append(SPACE).append(msg.application);
-        sb.append(SPACE).append(msg.processId);
-        sb.append(SPACE).append(msg.messageId);
-        sb.append(SPACE).append(msg.structuredData);
+        sb.append(SPACE).append(msg.processId != null ? msg.processId : "-");
+        sb.append(SPACE).append(msg.messageId != null ? msg.messageId : "-");
+        sb.append(SPACE).append(msg.structuredData != null ? msg.structuredData : "-");
        sb.append(SPACE).append(msg.message);
        log.debug(sb.toString());
        return sb.toString();
@ -95,6 +95,10 @@ public class SyslogPrinter {
        sb.append(String.format("\"level\": %d,", msg.severity.toNumber()));
        sb.append(String.format("\"_facility\": \"%s\",", msg.facility));
        sb.append(String.format("\"_severity\": \"%s\",", msg.severity));
+        sb.append(String.format("\"_application\": \"%s\",", msg.application));
+        if(msg.processId != null) { sb.append(String.format("\"_process-id\": \"%s\",", msg.processId)); }
+        if(msg.messageId != null) { sb.append(String.format("\"_message-id\": \"%s\",", msg.messageId)); }
+        if(msg.structuredData != null) { sb.append(String.format("\"_structured-data\": \"%s\",", msg.structuredData)); }
        sb.append("}");
        return sb.toString();
    }
--- a/src/main/java/biz/nellemann/syslogd/msg/SyslogMessage.java
+++ b/src/main/java/biz/nellemann/syslogd/msg/SyslogMessage.java
@ -32,16 +32,16 @@ public class SyslogMessage {
    public String hostname;

    // The APP-NAME field SHOULD identify the device or application that originated the message.
-    public String application = "-";
+    public String application;

    // The PROCID field is often used to provide the process name or process ID associated with a syslog system.
-    public String processId = "-";
+    public String processId;

    // The MSGID SHOULD identify the type of message.
-    public String messageId = "-";
+    public String messageId;

    // STRUCTURED-DATA provides a mechanism to express information in a well defined, easily parseable and interpretable data format.
-    public String structuredData = "-";
+    public String structuredData;

    // The MSG part contains a free-form message that provides information about the event.
    public final String message;
--- a/src/main/java/biz/nellemann/syslogd/parser/SyslogParserRfc5424.java
+++ b/src/main/java/biz/nellemann/syslogd/parser/SyslogParserRfc5424.java
@ -121,7 +121,7 @@ public class SyslogParserRfc5424 extends SyslogParser {
                return new SimpleDateFormat(formatString).parse(dateString).toInstant();
            }
            catch (ParseException e) {
-                log.debug("parseTimestamp()", e);
+                log.debug("parseTimestamp() " + e.getMessage());
            }
        }

--- a/src/test/groovy/biz/nellemann/syslogd/SyslogParserRfc5424Test.groovy
+++ b/src/test/groovy/biz/nellemann/syslogd/SyslogParserRfc5424Test.groovy
@ -24,7 +24,7 @@ class SyslogParserRfc5424Test extends Specification {

        then:
        msg.message == "adfdfdf3432434565656"
-        msg.processId == "-"
+        msg.structuredData == "[exampleSDID@32473 iut=\"3\" eventSource=\"Application\" eventID=\"1011\"]"
    }

    void "test rfc5424 example message"() {
@ -38,9 +38,8 @@ class SyslogParserRfc5424Test extends Specification {
        then:
        msg.hostname == "mymachine.example.com"
        msg.application == "su"
-        msg.processId == "-"
        msg.messageId == "ID47"
-        msg.structuredData == "-"
+        msg.processId == null
    }

    void "test rfc5424 example2 message"() {
@ -55,8 +54,7 @@ class SyslogParserRfc5424Test extends Specification {
        msg.hostname == "192.0.2.1"
        msg.application == "myproc"
        msg.processId == "8710"
-        msg.messageId == "-"
-        msg.structuredData == "-"
+        msg.structuredData == null
    }

    void "test parseRfc5424Timestamp ex1"() {
--- a/src/test/groovy/biz/nellemann/syslogd/SyslogPrinterTest.groovy
+++ b/src/test/groovy/biz/nellemann/syslogd/SyslogPrinterTest.groovy
@ -0,0 +1,29 @@
+package biz.nellemann.syslogd
+
+import biz.nellemann.syslogd.msg.SyslogMessage
+import biz.nellemann.syslogd.parser.SyslogParser
+import biz.nellemann.syslogd.parser.SyslogParserRfc5424
+import spock.lang.Specification
+
+class SyslogPrinterTest extends Specification {
+
+
+    void setup() {
+    }
+
+    void "test toGelf"() {
+        setup:
+        SyslogParser syslogParser = new SyslogParserRfc5424();
+        String input = '<13>1 2020-09-23T08:57:30.950699+02:00 xps13 mark - - [exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"] adfdfdf3432434565656'
+        SyslogMessage msg = syslogParser.parse(input)
+
+        when:
+        String output = SyslogPrinter.toGelf(msg)
+
+        then:
+        output.contains("_structured-data")
+    }
+
+}
+
+