Skip to content

Commit

Permalink
Merge pull request #1601 from cosmo0920/add-without-pri-rfc5424-regex…
Browse files Browse the repository at this point in the history 
…-v0.12

Add rfc5424 regex without priority for v0.12
  • Loading branch information
@repeatedly
repeatedly authored Jun 21, 2017
2 parents fe1d332 + 3464eba commit bcd37cf
Show file tree
Hide file tree
Showing 2 changed files with 64 additions and 7 deletions.
7 changes: 4 additions & 3 deletions lib/fluent/parser.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -540,7 +540,8 @@ class SyslogParser < Parser
REGEXP = /^(?<time>[^ ]*\s*[^ ]* [^ ]*) (?<host>[^ ]*) (?<ident>[a-zA-Z0-9_\/\.\-]*)(?:\[(?<pid>[0-9]+)\])?(?:[^\:]*\:)? *(?<message>.*)$/
# From in_syslog default pattern
REGEXP_WITH_PRI = /^\<(?<pri>[0-9]+)\>(?<time>[^ ]* {1,2}[^ ]* [^ ]*) (?<host>[^ ]*) (?<ident>[a-zA-Z0-9_\/\.\-]*)(?:\[(?<pid>[0-9]+)\])?(?:[^\:]*\:)? *(?<message>.*)$/
REGEXP_RFC5424 = /\A^\<(?<pri>[0-9]{1,3})\>[1-9]\d{0,2} (?<time>[^ ]+) (?<host>[^ ]+) (?<ident>[^ ]+) (?<pid>[-0-9]+) (?<msgid>[^ ]+) (?<extradata>(\[(.*)\]|[^ ])) (?<message>.+)$\z/
REGEXP_RFC5424 = /\A^(?<time>[^ ]+) (?<host>[^ ]+) (?<ident>[^ ]+) (?<pid>[-0-9]+) (?<msgid>[^ ]+) (?<extradata>(\[(.*)\]|[^ ])) (?<message>.+)$\z/
REGEXP_RFC5424_WITH_PRI = /\A^\<(?<pri>[0-9]{1,3})\>[1-9]\d{0,2} (?<time>[^ ]+) (?<host>[^ ]+) (?<ident>[^ ]+) (?<pid>[-0-9]+) (?<msgid>[^ ]+) (?<extradata>(\[(.*)\]|[^ ])) (?<message>.+)$\z/
REGEXP_DETECT_RFC5424 = /^\<.*\>[1-9]\d{0,2}/

config_param :time_format, :string, default: "%b %d %H:%M:%S"
Expand Down Expand Up @@ -568,7 +569,7 @@ class << self
alias_method :parse, :parse_plain
end
@time_format = @rfc5424_time_format unless conf.has_key?('time_format')
REGEXP_RFC5424
@with_priority ? REGEXP_RFC5424_WITH_PRI : REGEXP_RFC5424
when :auto
class << self
alias_method :parse, :parse_auto
Expand All @@ -590,7 +591,7 @@ def parse(text)

def parse_auto(text, &block)
if REGEXP_DETECT_RFC5424.match(text)
@regexp = REGEXP_RFC5424
@regexp = @with_priority ? REGEXP_RFC5424_WITH_PRI : REGEXP_RFC5424
@time_parser = @time_parser_rfc5424
else
@regexp = @with_priority ? REGEXP_WITH_PRI : REGEXP
Expand Down
64 changes: 60 additions & 4 deletions test/test_parser.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -379,6 +379,7 @@ def test_parse_with_rfc5424_message
@parser.configure(
'time_format' => '%Y-%m-%dT%H:%M:%S.%L%z',
'message_format' => 'rfc5424',
'with_priority' => true,
)
text = '<16>1 2017-02-06T13:14:15.003Z 192.168.0.1 fluentd - - - Hi, from Fluentd!'
@parser.parse(text) do |time, record|
Expand All @@ -388,11 +389,32 @@ def test_parse_with_rfc5424_message
assert_equal "-", record["extradata"]
assert_equal "Hi, from Fluentd!", record["message"]
end
assert_equal(TextParser::SyslogParser::REGEXP_RFC5424_WITH_PRI,
@parser.instance.patterns['format'])

end

def test_parse_with_rfc5424_message_and_without_priority
@parser.configure(
'time_format' => '%Y-%m-%dT%H:%M:%S.%L%z',
'message_format' => 'rfc5424',
)
text = '2017-02-06T13:14:15.003Z 192.168.0.1 fluentd - - - Hi, from Fluentd!'
@parser.instance.parse(text) do |time, record|
assert_equal(event_time("2017-02-06T13:14:15.003Z", format: '%Y-%m-%dT%H:%M:%S.%L%z'), time)
assert_equal "-", record["pid"]
assert_equal "-", record["msgid"]
assert_equal "-", record["extradata"]
assert_equal "Hi, from Fluentd!", record["message"]
end
assert_equal(TextParser::SyslogParser::REGEXP_RFC5424,
@parser.instance.patterns['format'])
end

def test_parse_with_rfc5424_message_without_time_format
@parser.configure(
'message_format' => 'rfc5424',
'with_priority' => true,
)
text = '<16>1 2017-02-06T13:14:15.003Z 192.168.0.1 fluentd - - - Hi, from Fluentd!'
@parser.instance.parse(text) do |time, record|
Expand All @@ -408,6 +430,7 @@ def test_parse_with_rfc5424_structured_message
@parser.configure(
'time_format' => '%Y-%m-%dT%H:%M:%S.%L%z',
'message_format' => 'rfc5424',
'with_priority' => true,
)
text = '<16>1 2017-02-06T13:14:15.003Z 192.168.0.1 fluentd 11111 ID24224 [exampleSDID@20224 iut="3" eventSource="Application" eventID="11211"] Hi, from Fluentd!'
@parser.parse(text) do |time, record|
Expand Down Expand Up @@ -445,12 +468,15 @@ def test_auto_with_legacy_syslog_priority_message
assert_equal(event_time("Feb 28 12:00:00", format: '%b %d %M:%S:%H'), time)
assert_equal(@expected.merge('pri' => 6), record)
end
assert_equal(TextParser::SyslogParser::REGEXP_WITH_PRI,
@parser.instance.patterns['format'])
end

def test_parse_with_rfc5424_message
@parser.configure(
'time_format' => '%Y-%m-%dT%H:%M:%S.%L%z',
'message_format' => 'auto',
'with_priority' => true,
)
text = '<16>1 2017-02-06T13:14:15.003Z 192.168.0.1 fluentd - - - Hi, from Fluentd!'
@parser.parse(text) do |time, record|
Expand All @@ -460,12 +486,15 @@ def test_parse_with_rfc5424_message
assert_equal "-", record["extradata"]
assert_equal "Hi, from Fluentd!", record["message"]
end
assert_equal(TextParser::SyslogParser::REGEXP_RFC5424_WITH_PRI,
@parser.instance.patterns['format'])
end

def test_parse_with_rfc5424_structured_message
@parser.configure(
'time_format' => '%Y-%m-%dT%H:%M:%S.%L%z',
'message_format' => 'auto',
'with_priority' => true,
)
text = '<16>1 2017-02-06T13:14:15.003Z 192.168.0.1 fluentd 11111 ID24224 [exampleSDID@20224 iut="3" eventSource="Application" eventID="11211"] Hi, from Fluentd!'
@parser.parse(text) do |time, record|
Expand All @@ -476,19 +505,25 @@ def test_parse_with_rfc5424_structured_message
record["extradata"]
assert_equal "Hi, from Fluentd!", record["message"]
end
assert_equal(TextParser::SyslogParser::REGEXP_RFC5424_WITH_PRI,
@parser.instance.patterns['format'])
end

def test_parse_with_both_message_type
@parser.configure(
'time_format' => '%b %d %M:%S:%H',
'rfc5424_time_format' => '%Y-%m-%dT%H:%M:%S.%L%z',
'message_format' => 'auto',
'with_priority' => true,
)
text = 'Feb 28 12:00:00 192.168.0.1 fluentd[11111]: [error] Syslog test'
text = '<1>Feb 28 12:00:00 192.168.0.1 fluentd[11111]: [error] Syslog test'
@parser.parse(text) do |time, record|
assert_equal(event_time("Feb 28 12:00:00", format: '%b %d %M:%S:%H'), time)
assert_equal(@expected, record)
assert_equal(@expected.merge('pri' => 1), record)
end
assert_equal(TextParser::SyslogParser::REGEXP_WITH_PRI,
@parser.instance.patterns['format'])

text = '<16>1 2017-02-06T13:14:15.003Z 192.168.0.1 fluentd 11111 ID24224 [exampleSDID@20224 iut="3" eventSource="Application" eventID="11211"] Hi, from Fluentd!'
@parser.parse(text) do |time, record|
assert_equal(event_time("2017-02-06T13:14:15.003Z", format: '%Y-%m-%dT%H:%M:%S.%L%z'), time)
Expand All @@ -498,11 +533,17 @@ def test_parse_with_both_message_type
record["extradata"]
assert_equal "Hi, from Fluentd!", record["message"]
end
text = 'Feb 28 12:00:02 192.168.0.1 fluentd[11111]: [error] Syslog test'
assert_equal(TextParser::SyslogParser::REGEXP_RFC5424_WITH_PRI,
@parser.instance.patterns['format'])

text = '<1>Feb 28 12:00:02 192.168.0.1 fluentd[11111]: [error] Syslog test'
@parser.parse(text) do |time, record|
assert_equal(event_time("Feb 28 12:00:02", format: '%b %d %M:%S:%H'), time)
assert_equal(@expected, record)
assert_equal(@expected.merge('pri' => 1), record)
end
assert_equal(TextParser::SyslogParser::REGEXP_WITH_PRI,
@parser.instance.patterns['format'])

text = '<16>1 2017-02-06T13:14:15.003Z 192.168.0.1 fluentd - - - Hi, from Fluentd!'
@parser.parse(text) do |time, record|
assert_equal(event_time("2017-02-06T13:14:15.003Z", format: '%Y-%m-%dT%H:%M:%S.%L%z'), time)
Expand All @@ -511,6 +552,9 @@ def test_parse_with_both_message_type
assert_equal "-", record["extradata"]
assert_equal "Hi, from Fluentd!", record["message"]
end
assert_equal(TextParser::SyslogParser::REGEXP_RFC5424_WITH_PRI,
@parser.instance.patterns['format'])

end

def test_parse_with_both_message_type_and_priority
Expand All @@ -525,6 +569,9 @@ def test_parse_with_both_message_type_and_priority
assert_equal(event_time("Feb 28 12:00:00", format: '%b %d %M:%S:%H'), time)
assert_equal(@expected.merge('pri' => 6), record)
end
assert_equal(TextParser::SyslogParser::REGEXP_WITH_PRI,
@parser.instance.patterns['format'])

text = '<16>1 2017-02-06T13:14:15.003Z 192.168.0.1 fluentd 11111 ID24224 [exampleSDID@20224 iut="3" eventSource="Application" eventID="11211"] Hi, from Fluentd!'
@parser.parse(text) do |time, record|
assert_equal(event_time("2017-02-06T13:14:15.003Z", format: '%Y-%m-%dT%H:%M:%S.%L%z'), time)
Expand All @@ -534,11 +581,17 @@ def test_parse_with_both_message_type_and_priority
record["extradata"]
assert_equal "Hi, from Fluentd!", record["message"]
end
assert_equal(TextParser::SyslogParser::REGEXP_RFC5424_WITH_PRI,
@parser.instance.patterns['format'])

text = '<16>Feb 28 12:00:02 192.168.0.1 fluentd[11111]: [error] Syslog test'
@parser.parse(text) do |time, record|
assert_equal(event_time("Feb 28 12:00:02", format: '%b %d %M:%S:%H'), time)
assert_equal(@expected.merge('pri' => 16), record)
end
assert_equal(TextParser::SyslogParser::REGEXP_WITH_PRI,
@parser.instance.patterns['format'])

text = '<16>1 2017-02-06T13:14:15.003Z 192.168.0.1 fluentd - - - Hi, from Fluentd!'
@parser.parse(text) do |time, record|
assert_equal(event_time("2017-02-06T13:14:15.003Z", format: '%Y-%m-%dT%H:%M:%S.%L%z'), time)
Expand All @@ -547,6 +600,9 @@ def test_parse_with_both_message_type_and_priority
assert_equal "-", record["extradata"]
assert_equal "Hi, from Fluentd!", record["message"]
end
assert_equal(TextParser::SyslogParser::REGEXP_RFC5424_WITH_PRI,
@parser.instance.patterns['format'])

end
end
end
Expand Down

0 comments on commit bcd37cf

Please sign in to comment.