use of org.apache.nifi.processors.standard.syslog.SyslogEvent in project nifi by apache.
the class TestSyslogParser method testVariety.
@Test
public void testVariety() {
final List<String> messages = new ArrayList<>();
// supported examples from RFC 3164
messages.add("<34>Oct 11 22:14:15 mymachine su: 'su root' failed for " + "lonvick on /dev/pts/8");
messages.add("<13>Feb 5 17:32:18 10.0.0.99 Use the BFG!");
messages.add("<165>Aug 24 05:34:00 CST 1987 mymachine myproc[10]: %% " + "It's time to make the do-nuts. %% Ingredients: Mix=OK, Jelly=OK # " + "Devices: Mixer=OK, Jelly_Injector=OK, Frier=OK # Transport: " + "Conveyer1=OK, Conveyer2=OK # %%");
messages.add("<0>Oct 22 10:52:12 scapegoat 1990 Oct 22 10:52:01 TZ-6 " + "scapegoat.dmz.example.org 10.1.2.3 sched[0]: That's All Folks!");
// supported examples from RFC 5424
messages.add("<34>1 2003-10-11T22:14:15.003Z mymachine.example.com su - " + "ID47 - BOM'su root' failed for lonvick on /dev/pts/8");
messages.add("<165>1 2003-08-24T05:14:15.000003-07:00 192.0.2.1 myproc " + "8710 - - %% It's time to make the do-nuts.");
// non-standard (but common) messages (RFC3339 dates, no version digit)
messages.add("<13>2003-08-24T05:14:15Z localhost snarf?");
messages.add("<13>2012-08-16T14:34:03-08:00 127.0.0.1 test shnap!");
for (final String message : messages) {
final byte[] bytes = message.getBytes(CHARSET);
final ByteBuffer buffer = ByteBuffer.allocate(bytes.length);
buffer.clear();
buffer.put(bytes);
final SyslogEvent event = parser.parseEvent(buffer);
Assert.assertTrue(event.isValid());
}
}
use of org.apache.nifi.processors.standard.syslog.SyslogEvent in project nifi by apache.
the class ParseSyslog method onTrigger.
@Override
public void onTrigger(final ProcessContext context, final ProcessSession session) throws ProcessException {
FlowFile flowFile = session.get();
if (flowFile == null) {
return;
}
final String charsetName = context.getProperty(CHARSET).getValue();
// If the parser already exists and uses the same charset, it does not need to be re-initialized
if (parser == null || !parser.getCharsetName().equals(charsetName)) {
parser = new SyslogParser(Charset.forName(charsetName));
}
final byte[] buffer = new byte[(int) flowFile.getSize()];
session.read(flowFile, new InputStreamCallback() {
@Override
public void process(final InputStream in) throws IOException {
StreamUtils.fillBuffer(in, buffer);
}
});
final SyslogEvent event;
try {
event = parser.parseEvent(buffer, null);
} catch (final ProcessException pe) {
getLogger().error("Failed to parse {} as a Syslog message due to {}; routing to failure", new Object[] { flowFile, pe });
session.transfer(flowFile, REL_FAILURE);
return;
}
if (event == null || !event.isValid()) {
getLogger().error("Failed to parse {} as a Syslog message: it does not conform to any of the RFC formats supported; routing to failure", new Object[] { flowFile });
session.transfer(flowFile, REL_FAILURE);
return;
}
final Map<String, String> attributes = new HashMap<>(8);
attributes.put(SyslogAttributes.PRIORITY.key(), event.getPriority());
attributes.put(SyslogAttributes.SEVERITY.key(), event.getSeverity());
attributes.put(SyslogAttributes.FACILITY.key(), event.getFacility());
attributes.put(SyslogAttributes.VERSION.key(), event.getVersion());
attributes.put(SyslogAttributes.TIMESTAMP.key(), event.getTimeStamp());
attributes.put(SyslogAttributes.HOSTNAME.key(), event.getHostName());
attributes.put(SyslogAttributes.BODY.key(), event.getMsgBody());
flowFile = session.putAllAttributes(flowFile, attributes);
session.transfer(flowFile, REL_SUCCESS);
}
use of org.apache.nifi.processors.standard.syslog.SyslogEvent in project nifi by apache.
the class TestSyslogParser method testRFC5424WithoutVersion.
@Test
public void testRFC5424WithoutVersion() {
final String pri = "34";
final String stamp = "2003-10-11T22:14:15.003Z";
final String host = "mymachine.example.com";
final String body = "su - ID47 - BOM'su root' failed for lonvick on /dev/pts/8";
final String message = "<" + pri + ">" + stamp + " " + host + " " + body;
final byte[] bytes = message.getBytes(CHARSET);
final ByteBuffer buffer = ByteBuffer.allocate(bytes.length);
buffer.clear();
buffer.put(bytes);
final SyslogEvent event = parser.parseEvent(buffer);
Assert.assertNotNull(event);
Assert.assertEquals(pri, event.getPriority());
Assert.assertEquals("2", event.getSeverity());
Assert.assertEquals("4", event.getFacility());
Assert.assertNull(event.getVersion());
Assert.assertEquals(stamp, event.getTimeStamp());
Assert.assertEquals(host, event.getHostName());
Assert.assertEquals(body, event.getMsgBody());
Assert.assertEquals(message, event.getFullMessage());
Assert.assertTrue(event.isValid());
}
use of org.apache.nifi.processors.standard.syslog.SyslogEvent in project nifi by apache.
the class TestSyslogParser method testTrailingNewLine.
@Test
public void testTrailingNewLine() {
final String message = "<31>Oct 13 15:43:23 localhost.home some message\n";
final byte[] bytes = message.getBytes(CHARSET);
final ByteBuffer buffer = ByteBuffer.allocate(bytes.length);
buffer.clear();
buffer.put(bytes);
final SyslogEvent event = parser.parseEvent(buffer);
Assert.assertNotNull(event);
Assert.assertTrue(event.isValid());
}
use of org.apache.nifi.processors.standard.syslog.SyslogEvent in project nifi by apache.
the class TestSyslogParser method testRFC3164WithVersion.
@Test
public void testRFC3164WithVersion() {
final String pri = "31";
final String version = "1";
final String stamp = "Oct 13 14:14:43";
final String host = "localhost";
final String body = "AppleCameraAssistant[470]: DeviceMessageNotificationCallback: kIOPMMessageSystemPowerEventOccurred: 0x00000000";
final String message = "<" + pri + ">" + version + " " + stamp + " " + host + " " + body;
final byte[] bytes = message.getBytes(CHARSET);
final ByteBuffer buffer = ByteBuffer.allocate(bytes.length);
buffer.clear();
buffer.put(bytes);
final SyslogEvent event = parser.parseEvent(buffer);
Assert.assertNotNull(event);
Assert.assertEquals(pri, event.getPriority());
Assert.assertEquals("7", event.getSeverity());
Assert.assertEquals("3", event.getFacility());
Assert.assertEquals(version, event.getVersion());
Assert.assertEquals(stamp, event.getTimeStamp());
Assert.assertEquals(host, event.getHostName());
Assert.assertEquals(body, event.getMsgBody());
Assert.assertEquals(message, event.getFullMessage());
Assert.assertTrue(event.isValid());
}
Aggregations