nellemann/syslogd
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases 3 Wiki Activity

Fix syslog message parsing error resulting in messages being cut at first whitespace.
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/tag Build is passing
Details

Browse source
This commit is contained in:
Mark Nellemann 2023-01-25 08:47:31 +01:00
parent c47f682c34
commit d3589faf9e
9 changed files with 28 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
doc/aix-errlogger.md
View file

@ -39,7 +39,7 @@ refresh -s syslogd
### Forward errlogger to the local syslog ### Forward errlogger to the local syslog
We configure the errloger to forward messages to the local syslog service. We configure the AIX [error logger](https://www.ibm.com/docs/en/aix/7.3?topic=concepts-error-logging-overview) to forward messages to the local syslog service.
Create an odm errnotify logging template file: Create an odm errnotify logging template file:

10
doc/readme-service.md
View file

@ -1,11 +1,11 @@
# Syslogd as a System Service # Syslogd as a system service
## Systemd ## For systemd
Edit the **syslogd.service** and configure required options. To install as a systemd service, copy the [syslogd.service](syslogd.service)
file into */etc/systemd/system/*, edit the file and configure your required options.
To install as a systemd service, copy the **syslogd.service** Enable and start the service:
file into */etc/systemd/system/* and enable the service:
```shell ```shell
systemctl daemon-reload systemctl daemon-reload

2
gradle.properties
View file

@ -1,5 +1,5 @@
id = syslogd id = syslogd
name = syslogd name = syslogd
group = biz.nellemann.syslogd group = biz.nellemann.syslogd
version = 1.3.2 version = 1.3.3
description = "Syslog Director" description = "Syslog Director"

9
settings.gradle
View file

@ -1,10 +1 @@
/*
* This file was generated by the Gradle 'init' task.
*
* The settings file is used to specify which projects to include in your build.
*
* Detailed information about configuring a multi-project build in Gradle can be found
* in the user manual at https://docs.gradle.org/6.6.1/userguide/multi_project_builds.html
*/
rootProject.name = 'syslogd' rootProject.name = 'syslogd'

2
src/main/java/biz/nellemann/syslogd/parser/SyslogParserRfc3164.java
View file

@ -31,7 +31,7 @@ public class SyslogParserRfc3164 extends SyslogParser {
private final static Logger log = LoggerFactory.getLogger(SyslogParserRfc3164.class); private final static Logger log = LoggerFactory.getLogger(SyslogParserRfc3164.class);
private final Pattern pattern = Pattern.compile("^<(\\d{1,3})>(\\D{3}\\s+\\d{1,2} \\d{2}:\\d{2}:\\d{2})\\s+(Message forwarded from \\S+:|\\S+)\\s+([^\\s:]+):?\\s+(.*)", Pattern.CASE_INSENSITIVE); private final Pattern pattern = Pattern.compile("^<(\\d{1,3})>(\\D{3}\\s+\\d{1,2} \\d{2}:\\d{2}:\\d{2})\\s+(Message forwarded from \\S+:|\\S+:?)\\s+([^\\s:]+):?\\s+(.*)", Pattern.CASE_INSENSITIVE);
private final DateTimeFormatter dateTimeFormatter = DateTimeFormatter.ofPattern("yyyy MMM [ ]d HH:mm:ss").withZone(ZoneId.systemDefault()); private final DateTimeFormatter dateTimeFormatter = DateTimeFormatter.ofPattern("yyyy MMM [ ]d HH:mm:ss").withZone(ZoneId.systemDefault());
/** /**

2
src/main/java/biz/nellemann/syslogd/parser/SyslogParserRfc5424.java
View file

@ -33,7 +33,7 @@ public class SyslogParserRfc5424 extends SyslogParser {
private final static Logger log = LoggerFactory.getLogger(SyslogParserRfc5424.class); private final static Logger log = LoggerFactory.getLogger(SyslogParserRfc5424.class);
private final Pattern pattern = Pattern.compile("^<(\\d{1,3})>(\\d+)\\s+(\\S+)\\s+(\\S+)\\s+(\\S+)\\s+(\\S+)\\s+(\\S+)\\s+(\\[.*\\]|-)\\s+(\\S+)", Pattern.CASE_INSENSITIVE); private final Pattern pattern = Pattern.compile("^<(\\d{1,3})>(\\d+)\\s+(\\S+)\\s+(\\S+)\\s+(\\S+)\\s+(\\S+)\\s+(\\S+)\\s+(\\[.*\\]|-)\\s+(.*)", Pattern.CASE_INSENSITIVE);
/** /**
* Parses [rfc5424](https://tools.ietf.org/html/rfc5424) syslog messages. * Parses [rfc5424](https://tools.ietf.org/html/rfc5424) syslog messages.

4
src/test/groovy/biz/nellemann/syslogd/SyslogParserRfc3164Test.groovy
View file

@ -50,13 +50,13 @@ class SyslogParserRfc3164Test extends Specification {
void "test rfc3164 normal message"() { void "test rfc3164 normal message"() {
setup: setup:
def input = "<13>Sep 23 08:53:28 xps13 mark: adfdfdf3432434" def input = "<13>Sep 23 08:53:28 xps13 mark: adfdfdf3432434 abcdefghijklmnopqrstuvwxyz"
when: when:
SyslogMessage msg = syslogParser.parse(input) SyslogMessage msg = syslogParser.parse(input)
then: then:
msg.message == "adfdfdf3432434" msg.message == "adfdfdf3432434 abcdefghijklmnopqrstuvwxyz"
msg.hostname == "xps13" msg.hostname == "xps13"
msg.application == "mark" msg.application == "mark"
} }

1
src/test/groovy/biz/nellemann/syslogd/SyslogParserRfc5424Test.groovy
View file

@ -40,6 +40,7 @@ class SyslogParserRfc5424Test extends Specification {
msg.application == "su" msg.application == "su"
msg.messageId == "ID47" msg.messageId == "ID47"
msg.processId == null msg.processId == null
msg.message == "BOM'su root' failed for lonvick on /dev/pts/8"
} }
void "test rfc5424 example2 message"() { void "test rfc5424 example2 message"() {

19
src/test/groovy/biz/nellemann/syslogd/SyslogPrinterTest.groovy
View file

@ -10,10 +10,23 @@ class SyslogPrinterTest extends Specification {
void setup() { void setup() {
} }
void "to plain"() {
setup:
SyslogParser syslogParser = new SyslogParserRfc5424();
String input = '<13>1 2020-09-23T08:57:30.950699+02:00 xps13 mark - - [exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"] adfdfdf3432434565656 abcdefghijklmnopqrstuvwxyz'
SyslogMessage msg = syslogParser.parse(input)
when:
String output = SyslogPrinter.toString(msg)
then:
output.endsWith("abcdefghijklmnopqrstuvwxyz")
}
void "test toGelf"() { void "test toGelf"() {
setup: setup:
SyslogParser syslogParser = new SyslogParserRfc5424(); SyslogParser syslogParser = new SyslogParserRfc5424();
String input = '<13>1 2020-09-23T08:57:30.950699+02:00 xps13 mark - - [exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"] adfdfdf3432434565656' String input = '<13>1 2020-09-23T08:57:30.950699+02:00 xps13 mark - - [exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"] adfdfdf3432434565656 abcdefghijklmnopqrstuvwxyz'
SyslogMessage msg = syslogParser.parse(input) SyslogMessage msg = syslogParser.parse(input)
when: when:
@ -26,14 +39,14 @@ class SyslogPrinterTest extends Specification {
void "test toLoki"() { void "test toLoki"() {
setup: setup:
SyslogParser syslogParser = new SyslogParserRfc5424(); SyslogParser syslogParser = new SyslogParserRfc5424();
String input = '<13>1 2020-09-23T08:57:30.950699+02:00 xps13 mark - - [exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"] adfdfdf3432434565656' String input = '<13>1 2020-09-23T08:57:30.950699+02:00 xps13 mark - - [exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"] adfdfdf3432434565656 abcdefghijklmnopqrstuvwxyz'
SyslogMessage msg = syslogParser.parse(input) SyslogMessage msg = syslogParser.parse(input)
when: when:
String output = SyslogPrinter.toLoki(msg) String output = SyslogPrinter.toLoki(msg)
then: then:
output == '{ "streams": [ { "stream": { "hostname": "xps13", "facility": "user", "level": "notice", "application": "mark"}, "values": [ [ "1600845200000000000", "[user.notice] xps13 mark adfdfdf3432434565656" ] ] } ] }' output == '{ "streams": [ { "stream": { "hostname": "xps13", "facility": "user", "level": "notice", "application": "mark"}, "values": [ [ "1600845200000000000", "[user.notice] xps13 mark adfdfdf3432434565656 abcdefghijklmnopqrstuvwxyz" ] ] } ] }'
} }
} }