Add more fields to GELF output.

gradle.properties

@@ -1,3 +1,3 @@
 id            = syslogd
 group         = biz.nellemann.syslogd
-version       = 1.0.11
+version       = 1.0.12

src/main/java/biz/nellemann/syslogd/SyslogPrinter.java

@@ -71,9 +71,9 @@ public class SyslogPrinter {
         sb.append(SPACE).append(new java.text.SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSS'Z'").format(new java.util.Date(msg.timestamp.toEpochMilli())));
         sb.append(SPACE).append(msg.hostname);
         sb.append(SPACE).append(msg.application);
-        sb.append(SPACE).append(msg.processId);
+        sb.append(SPACE).append(msg.processId != null ? msg.processId : "-");
-        sb.append(SPACE).append(msg.messageId);
+        sb.append(SPACE).append(msg.messageId != null ? msg.messageId : "-");
-        sb.append(SPACE).append(msg.structuredData);
+        sb.append(SPACE).append(msg.structuredData != null ? msg.structuredData : "-");
         sb.append(SPACE).append(msg.message);
         log.debug(sb.toString());
         return sb.toString();
@@ -95,6 +95,10 @@ public class SyslogPrinter {
         sb.append(String.format("\"level\": %d,", msg.severity.toNumber()));
         sb.append(String.format("\"_facility\": \"%s\",", msg.facility));
         sb.append(String.format("\"_severity\": \"%s\",", msg.severity));
+        sb.append(String.format("\"_application\": \"%s\",", msg.application));
+        if(msg.processId != null) { sb.append(String.format("\"_process-id\": \"%s\",", msg.processId)); }
+        if(msg.messageId != null) { sb.append(String.format("\"_message-id\": \"%s\",", msg.messageId)); }
+        if(msg.structuredData != null) { sb.append(String.format("\"_structured-data\": \"%s\",", msg.structuredData)); }
         sb.append("}");
         return sb.toString();
     }

src/main/java/biz/nellemann/syslogd/msg/SyslogMessage.java

@@ -32,16 +32,16 @@ public class SyslogMessage {
     public String hostname;
 
     // The APP-NAME field SHOULD identify the device or application that originated the message.
-    public String application = "-";
+    public String application;
 
     // The PROCID field is often used to provide the process name or process ID associated with a syslog system.
-    public String processId = "-";
+    public String processId;
 
     // The MSGID SHOULD identify the type of message.
-    public String messageId = "-";
+    public String messageId;
 
     // STRUCTURED-DATA provides a mechanism to express information in a well defined, easily parseable and interpretable data format.
-    public String structuredData = "-";
+    public String structuredData;
 
     // The MSG part contains a free-form message that provides information about the event.
     public final String message;

src/main/java/biz/nellemann/syslogd/parser/SyslogParserRfc5424.java

@@ -121,7 +121,7 @@ public class SyslogParserRfc5424 extends SyslogParser {
                 return new SimpleDateFormat(formatString).parse(dateString).toInstant();
             }
             catch (ParseException e) {
-                log.debug("parseTimestamp()", e);
+                log.debug("parseTimestamp() " + e.getMessage());
             }
         }
 

src/test/groovy/biz/nellemann/syslogd/SyslogParserRfc5424Test.groovy

@@ -24,7 +24,7 @@ class SyslogParserRfc5424Test extends Specification {
 
         then:
         msg.message == "adfdfdf3432434565656"
-        msg.processId == "-"
+        msg.structuredData == "[exampleSDID@32473 iut=\"3\" eventSource=\"Application\" eventID=\"1011\"]"
     }
 
     void "test rfc5424 example message"() {
@@ -38,9 +38,8 @@ class SyslogParserRfc5424Test extends Specification {
         then:
         msg.hostname == "mymachine.example.com"
         msg.application == "su"
-        msg.processId == "-"
         msg.messageId == "ID47"
-        msg.structuredData == "-"
+        msg.processId == null
     }
 
     void "test rfc5424 example2 message"() {
@@ -55,8 +54,7 @@ class SyslogParserRfc5424Test extends Specification {
         msg.hostname == "192.0.2.1"
         msg.application == "myproc"
         msg.processId == "8710"
-        msg.messageId == "-"
+        msg.structuredData == null
-        msg.structuredData == "-"
     }
 
     void "test parseRfc5424Timestamp ex1"() {

src/test/groovy/biz/nellemann/syslogd/SyslogPrinterTest.groovy

@@ -0,0 +1,29 @@
+package biz.nellemann.syslogd
+
+import biz.nellemann.syslogd.msg.SyslogMessage
+import biz.nellemann.syslogd.parser.SyslogParser
+import biz.nellemann.syslogd.parser.SyslogParserRfc5424
+import spock.lang.Specification
+
+class SyslogPrinterTest extends Specification {
+
+
+    void setup() {
+    }
+
+    void "test toGelf"() {
+        setup:
+        SyslogParser syslogParser = new SyslogParserRfc5424();
+        String input = '<13>1 2020-09-23T08:57:30.950699+02:00 xps13 mark - - [exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"] adfdfdf3432434565656'
+        SyslogMessage msg = syslogParser.parse(input)
+
+        when:
+        String output = SyslogPrinter.toGelf(msg)
+
+        then:
+        output.contains("_structured-data")
+    }
+
+}
+
+