Class: Fluent::Plugin::SyslogParser

Inherits:
Parser show all
Defined in:
lib/fluent/plugin/parser_syslog.rb

Direct Known Subclasses

Compat::TextParser::SyslogParser

Constant Summary collapse

REGEXP =

From existence TextParser pattern

/^(?<time>[^ ]*\s*[^ ]* [^ ]*) (?<host>[^ ]*) (?<ident>[^ :\[]*)(?:\[(?<pid>[0-9]+)\])?(?:[^\:]*\:)? *(?<message>.*)$/
REGEXP_WITH_PRI =

From in_syslog default pattern

/^\<(?<pri>[0-9]+)\>(?<time>[^ ]* {1,2}[^ ]* [^ ]*) (?<host>[^ ]*) (?<ident>[^ :\[]*)(?:\[(?<pid>[0-9]+)\])?(?:[^\:]*\:)? *(?<message>.*)$/
REGEXP_RFC5424 = 
/\A^(?<time>[^ ]+) (?<host>[^ ]+) (?<ident>[^ ]+) (?<pid>[-0-9]+) (?<msgid>[^ ]+) (?<extradata>(\[(.*)\]|[^ ])) (?<message>.+)$\z/
REGEXP_RFC5424_WITH_PRI = 
/\A^\<(?<pri>[0-9]{1,3})\>[1-9]\d{0,2} (?<time>[^ ]+) (?<host>[^ ]+) (?<ident>[^ ]+) (?<pid>[-0-9]+) (?<msgid>[^ ]+) (?<extradata>(\[(.*)\]|[^ ])) (?<message>.+)$\z/
REGEXP_DETECT_RFC5424 = 
/^\<.*\>[1-9]\d{0,2}/

Constants inherited from Parser

Parser::AVAILABLE_PARSER_VALUE_TYPES, Parser::PARSER_TYPES, Parser::TRUTHY_VALUES

Constants included from Configurable

Configurable::CONFIG_TYPE_REGISTRY

Instance Attribute Summary

Attributes inherited from Parser

#type_converters

Attributes inherited from Base

#under_plugin_development

Instance Method Summary collapse

Methods inherited from Parser

#build_type_converters, #call, #convert_values, #implement?, #parse_io, #parse_partial_data, #parse_time, #parser_type, #string_like_null

Methods included from TimeMixin::Parser

included, #time_parser_create

Methods included from OwnedByMixin

#log, #owner, #owner=

Methods inherited from Base

#after_shutdown, #after_shutdown?, #after_start, #after_started?, #before_shutdown, #before_shutdown?, #close, #closed?, #configured?, #context_router, #context_router=, #fluentd_worker_id, #has_router?, #inspect, #multi_workers_ready?, #plugin_root_dir, #shutdown, #shutdown?, #start, #started?, #stop, #stopped?, #string_safe_encoding, #terminate, #terminated?

Methods included from SystemConfig::Mixin

#system_config, #system_config_override

Methods included from Configurable

#config, #configure_proxy_generate, #configured_section_create, included, lookup_type, register_type

Constructor Details

#initializeSyslogParser

Returns a new instance of SyslogParser.



39
40
41
42
 
# File 'lib/fluent/plugin/parser_syslog.rb', line 39

def initialize
  super
  @mutex = Mutex.new
end

Instance Method Details

#configure(conf) ⇒ Object 



44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
 
# File 'lib/fluent/plugin/parser_syslog.rb', line 44

def configure(conf)
  super

  @time_parser_rfc3164 = @time_parser_rfc5424 = nil
  @regexp = case @message_format
            when :rfc3164
              class << self
                alias_method :parse, :parse_plain
              end
              @with_priority ? REGEXP_WITH_PRI : REGEXP
            when :rfc5424
              class << self
                alias_method :parse, :parse_plain
              end
              @time_format = @rfc5424_time_format unless conf.has_key?('time_format')
              @with_priority ? REGEXP_RFC5424_WITH_PRI : REGEXP_RFC5424
            when :auto
              class << self
                alias_method :parse, :parse_auto
              end
              @time_parser_rfc3164 = time_parser_create(format: @time_format)
              @time_parser_rfc5424 = time_parser_create(format: @rfc5424_time_format)
              nil
            end
  @time_parser = time_parser_create
end

#parse(text) ⇒ Object 



75
76
77
 
# File 'lib/fluent/plugin/parser_syslog.rb', line 75

def parse(text)
  # This is overwritten in configure
end

#parse_auto(text, &block) ⇒ Object 



79
80
81
82
83
84
85
86
87
88
 
# File 'lib/fluent/plugin/parser_syslog.rb', line 79

def parse_auto(text, &block)
  if REGEXP_DETECT_RFC5424.match(text)
    @regexp = @with_priority ? REGEXP_RFC5424_WITH_PRI : REGEXP_RFC5424
    @time_parser = @time_parser_rfc5424
  else
    @regexp = @with_priority ? REGEXP_WITH_PRI : REGEXP
    @time_parser = @time_parser_rfc3164
  end
  parse_plain(text, &block)
end

#parse_plain(text) {|time, record| ... } ⇒ Object

Yields:

  • (time, record) 


90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
 
# File 'lib/fluent/plugin/parser_syslog.rb', line 90

def parse_plain(text, &block)
  m = @regexp.match(text)
  unless m
    yield nil, nil
    return
  end

  time = nil
  record = {}

  m.names.each { |name|
    if value = m[name]
      case name
      when "pri"
        record['pri'] = value.to_i
      when "time"
        time = @mutex.synchronize { @time_parser.parse(value.gsub(/ +/, ' ')) }
        record[name] = value if @keep_time_key
      else
        record[name] = value
      end
    end
  }

  if @estimate_current_event
    time ||= Fluent::EventTime.now
  end

  yield time, record
end

#patternsObject 



71
72
73
 
# File 'lib/fluent/plugin/parser_syslog.rb', line 71

def patterns
  {'format' => @regexp, 'time_format' => @time_format}
end