From c7fc3a594c8d496f97eb5c2640c66d5bda11c68f Mon Sep 17 00:00:00 2001
From: Mark Nellemann <mark.nellemann@gmail.com>
Date: Fri, 5 Feb 2021 10:41:04 +0100
Subject: [PATCH] Add more fields to GELF output.

---
 gradle.properties                             |  2 +-
 .../biz/nellemann/syslogd/SyslogPrinter.java  | 10 +++++--
 .../nellemann/syslogd/msg/SyslogMessage.java  |  8 ++---
 .../syslogd/parser/SyslogParserRfc5424.java   |  2 +-
 .../syslogd/SyslogParserRfc5424Test.groovy    |  8 ++---
 .../syslogd/SyslogPrinterTest.groovy          | 29 +++++++++++++++++++
 6 files changed, 45 insertions(+), 14 deletions(-)
 create mode 100644 src/test/groovy/biz/nellemann/syslogd/SyslogPrinterTest.groovy

diff --git a/gradle.properties b/gradle.properties
index df0de26..04d4ace 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -1,3 +1,3 @@
 id            = syslogd
 group         = biz.nellemann.syslogd
-version       = 1.0.11
+version       = 1.0.12
diff --git a/src/main/java/biz/nellemann/syslogd/SyslogPrinter.java b/src/main/java/biz/nellemann/syslogd/SyslogPrinter.java
index b40b998..6c2d148 100644
--- a/src/main/java/biz/nellemann/syslogd/SyslogPrinter.java
+++ b/src/main/java/biz/nellemann/syslogd/SyslogPrinter.java
@@ -71,9 +71,9 @@ public class SyslogPrinter {
         sb.append(SPACE).append(new java.text.SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSS'Z'").format(new java.util.Date(msg.timestamp.toEpochMilli())));
         sb.append(SPACE).append(msg.hostname);
         sb.append(SPACE).append(msg.application);
-        sb.append(SPACE).append(msg.processId);
-        sb.append(SPACE).append(msg.messageId);
-        sb.append(SPACE).append(msg.structuredData);
+        sb.append(SPACE).append(msg.processId != null ? msg.processId : "-");
+        sb.append(SPACE).append(msg.messageId != null ? msg.messageId : "-");
+        sb.append(SPACE).append(msg.structuredData != null ? msg.structuredData : "-");
         sb.append(SPACE).append(msg.message);
         log.debug(sb.toString());
         return sb.toString();
@@ -95,6 +95,10 @@ public class SyslogPrinter {
         sb.append(String.format("\"level\": %d,", msg.severity.toNumber()));
         sb.append(String.format("\"_facility\": \"%s\",", msg.facility));
         sb.append(String.format("\"_severity\": \"%s\",", msg.severity));
+        sb.append(String.format("\"_application\": \"%s\",", msg.application));
+        if(msg.processId != null) { sb.append(String.format("\"_process-id\": \"%s\",", msg.processId)); }
+        if(msg.messageId != null) { sb.append(String.format("\"_message-id\": \"%s\",", msg.messageId)); }
+        if(msg.structuredData != null) { sb.append(String.format("\"_structured-data\": \"%s\",", msg.structuredData)); }
         sb.append("}");
         return sb.toString();
     }
diff --git a/src/main/java/biz/nellemann/syslogd/msg/SyslogMessage.java b/src/main/java/biz/nellemann/syslogd/msg/SyslogMessage.java
index 7326f64..b6e4aa9 100644
--- a/src/main/java/biz/nellemann/syslogd/msg/SyslogMessage.java
+++ b/src/main/java/biz/nellemann/syslogd/msg/SyslogMessage.java
@@ -32,16 +32,16 @@ public class SyslogMessage {
     public String hostname;
 
     // The APP-NAME field SHOULD identify the device or application that originated the message.
-    public String application = "-";
+    public String application;
 
     // The PROCID field is often used to provide the process name or process ID associated with a syslog system.
-    public String processId = "-";
+    public String processId;
 
     // The MSGID SHOULD identify the type of message.
-    public String messageId = "-";
+    public String messageId;
 
     // STRUCTURED-DATA provides a mechanism to express information in a well defined, easily parseable and interpretable data format.
-    public String structuredData = "-";
+    public String structuredData;
 
     // The MSG part contains a free-form message that provides information about the event.
     public final String message;
diff --git a/src/main/java/biz/nellemann/syslogd/parser/SyslogParserRfc5424.java b/src/main/java/biz/nellemann/syslogd/parser/SyslogParserRfc5424.java
index aed8108..d547aa8 100644
--- a/src/main/java/biz/nellemann/syslogd/parser/SyslogParserRfc5424.java
+++ b/src/main/java/biz/nellemann/syslogd/parser/SyslogParserRfc5424.java
@@ -121,7 +121,7 @@ public class SyslogParserRfc5424 extends SyslogParser {
                 return new SimpleDateFormat(formatString).parse(dateString).toInstant();
             }
             catch (ParseException e) {
-                log.debug("parseTimestamp()", e);
+                log.debug("parseTimestamp() " + e.getMessage());
             }
         }
 
diff --git a/src/test/groovy/biz/nellemann/syslogd/SyslogParserRfc5424Test.groovy b/src/test/groovy/biz/nellemann/syslogd/SyslogParserRfc5424Test.groovy
index 624c6df..13e7f65 100644
--- a/src/test/groovy/biz/nellemann/syslogd/SyslogParserRfc5424Test.groovy
+++ b/src/test/groovy/biz/nellemann/syslogd/SyslogParserRfc5424Test.groovy
@@ -24,7 +24,7 @@ class SyslogParserRfc5424Test extends Specification {
 
         then:
         msg.message == "adfdfdf3432434565656"
-        msg.processId == "-"
+        msg.structuredData == "[exampleSDID@32473 iut=\"3\" eventSource=\"Application\" eventID=\"1011\"]"
     }
 
     void "test rfc5424 example message"() {
@@ -38,9 +38,8 @@ class SyslogParserRfc5424Test extends Specification {
         then:
         msg.hostname == "mymachine.example.com"
         msg.application == "su"
-        msg.processId == "-"
         msg.messageId == "ID47"
-        msg.structuredData == "-"
+        msg.processId == null
     }
 
     void "test rfc5424 example2 message"() {
@@ -55,8 +54,7 @@ class SyslogParserRfc5424Test extends Specification {
         msg.hostname == "192.0.2.1"
         msg.application == "myproc"
         msg.processId == "8710"
-        msg.messageId == "-"
-        msg.structuredData == "-"
+        msg.structuredData == null
     }
 
     void "test parseRfc5424Timestamp ex1"() {
diff --git a/src/test/groovy/biz/nellemann/syslogd/SyslogPrinterTest.groovy b/src/test/groovy/biz/nellemann/syslogd/SyslogPrinterTest.groovy
new file mode 100644
index 0000000..0b16366
--- /dev/null
+++ b/src/test/groovy/biz/nellemann/syslogd/SyslogPrinterTest.groovy
@@ -0,0 +1,29 @@
+package biz.nellemann.syslogd
+
+import biz.nellemann.syslogd.msg.SyslogMessage
+import biz.nellemann.syslogd.parser.SyslogParser
+import biz.nellemann.syslogd.parser.SyslogParserRfc5424
+import spock.lang.Specification
+
+class SyslogPrinterTest extends Specification {
+
+
+    void setup() {
+    }
+
+    void "test toGelf"() {
+        setup:
+        SyslogParser syslogParser = new SyslogParserRfc5424();
+        String input = '<13>1 2020-09-23T08:57:30.950699+02:00 xps13 mark - - [exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"] adfdfdf3432434565656'
+        SyslogMessage msg = syslogParser.parse(input)
+
+        when:
+        String output = SyslogPrinter.toGelf(msg)
+
+        then:
+        output.contains("_structured-data")
+    }
+
+}
+
+