syslogparser

package module
v0.0.0-...-0937073 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 5, 2019 License: BSD-2-Clause Imports: 4 Imported by: 0

README

Syslogparser

This is a syslog parser for the Go programming language.

Installing

go get github.com/jeromer/syslogparser

Supported RFCs

Not all features described in RFCs above are supported but only the most part of it. For exaple SDIDs are not supported in RFC 5424 and STRUCTURED-DATA are parsed as a whole string.

This parser should solve 80% of use cases. If your use cases are in the 20% remaining ones I would recommend you to fully test what you want to achieve and provide a patch if you want.

Parsing an RFC 3164 syslog message

b := "<34>Oct 11 22:14:15 mymachine su: 'su root' failed for lonvick on /dev/pts/8"
buff := []byte(b)

p := rfc3164.NewParser(buff)
err := p.Parse()
if err != nil {
	panic(err)
}

for k, v := range p.Dump() {
	fmt.Println(k, ":", v)
}

You should see

timestamp : 2013-10-11 22:14:15 +0000 UTC
hostname  : mymachine
tag       : su
content   : 'su root' failed for lonvick on /dev/pts/8
priority  : 34
facility  : 4
severity  : 2

Parsing an RFC 5424 syslog message

b := `<165>1 2003-10-11T22:14:15.003Z mymachine.example.com evntslog - ID47 [exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"] An application event log entry...`
buff := []byte(b)

p := rfc5424.NewParser(buff)
err := p.Parse()
if err != nil {
	panic(err)
}

for k, v := range p.Dump() {
	fmt.Println(k, ":", v)
}

You should see

version : 1
timestamp : 2003-10-11 22:14:15.003 +0000 UTC
app_name : evntslog
msg_id : ID47
message : An application event log entry...
priority : 165
facility : 20
severity : 5
hostname : mymachine.example.com
proc_id : -
structured_data : [exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"]

Detecting message format

You can use the WhichRFC() function. Like this:

b := []byte(`<165>1 2003-10-11T22:14:15.003Z ...`)
rfc, err := syslogparser.DetectRFC(b)
if err != nil {
	panic(err)
}

switch rfc {
case RFC_UNKNOWN:
	fmt.Println("unknown")
case RFC_3164:
	fmt.Println("3164")
case RFC_5424:
	fmt.Println("5424")
}

Running tests

Run make tests

Running benchmarks

Run make benchmarks

CommonTestSuite.BenchmarkParsePriority   20000000  85.9 ns/op
CommonTestSuite.BenchmarkParseVersion    500000000 4.59 ns/op
Rfc3164TestSuite.BenchmarkParseFull      10000000  187 ns/op
Rfc3164TestSuite.BenchmarkParseHeader    5000000   686 ns/op
Rfc3164TestSuite.BenchmarkParseHostname  50000000  43.4 ns/op
Rfc3164TestSuite.BenchmarkParseTag       50000000  63.5 ns/op
Rfc3164TestSuite.BenchmarkParseTimestamp 5000000   616 ns/op
Rfc3164TestSuite.BenchmarkParsemessage   10000000  187 ns/op
Rfc5424TestSuite.BenchmarkParseFull      1000000   1345 ns/op
Rfc5424TestSuite.BenchmarkParseHeader    1000000   1353 ns/op
Rfc5424TestSuite.BenchmarkParseTimestamp 1000000   2045 ns/op

Documentation

Index

Constants

View Source 
const (
	PRI_PART_START = '<'
	PRI_PART_END   = '>'

	NO_VERSION = -1
)
View Source 
const (
	RFC_UNKNOWN = iota
	RFC_3164
	RFC_5424
)

Variables

View Source 
var (
	ErrEOL     = &ParserError{"End of log line"}
	ErrNoSpace = &ParserError{"No space found"}

	ErrPriorityNoStart  = &ParserError{"No start char found for priority"}
	ErrPriorityEmpty    = &ParserError{"Priority field empty"}
	ErrPriorityNoEnd    = &ParserError{"No end char found for priority"}
	ErrPriorityTooShort = &ParserError{"Priority field too short"}
	ErrPriorityTooLong  = &ParserError{"Priority field too long"}
	ErrPriorityNonDigit = &ParserError{"Non digit found in priority"}

	ErrVersionNotFound = &ParserError{"Can not find version"}

	ErrTimestampUnknownFormat = &ParserError{"Timestamp format unknown"}
)

Functions

func FindNextSpace 

func FindNextSpace(buff []byte, from int, l int) (int, error)

func IsDigit 

func IsDigit(c byte) bool

func Parse2Digits 

func Parse2Digits(buff []byte, cursor *int, l int, min int, max int, e error) (int, error)

func ParseHostname 

func ParseHostname(buff []byte, cursor *int, l int) (string, error)

func ParseVersion 

func ParseVersion(buff []byte, cursor *int, l int) (int, error)

https://tools.ietf.org/html/rfc5424#section-6.2.2

func ShowCursorPos 

func ShowCursorPos(buff []byte, cursor int)

Types

type Facility 

type Facility struct {
	Value int
}

type LogParser 

type LogParser interface {
	Parse() error
	Dump() LogParts
	Location(*time.Location)
}

type LogParts 

type LogParts map[string]interface{}

type ParserError 

type ParserError struct {
	ErrorString string
}

func (*ParserError) Error 

func (err *ParserError) Error() string

type Priority 

type Priority struct {
	P int
	F Facility
	S Severity
}

func ParsePriority 

func ParsePriority(buff []byte, cursor *int, l int) (Priority, error)

https://tools.ietf.org/html/rfc3164#section-4.1

type RFC 

type RFC uint8

func DetectRFC 

func DetectRFC(buff []byte) (RFC, error)

type Severity 

type Severity struct {
	Value int
}

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.