Examples with StructuredSyslogServerEvent org.graylog2.syslog4j.server.impl.event.structured.StructuredSyslogServerEvent used on opensource projects

Example 1 with StructuredSyslogServerEvent

use of org.graylog2.syslog4j.server.impl.event.structured.StructuredSyslogServerEvent in project graylog2-server by Graylog2.

the class SyslogCodec method parseAdditionalData.

private Map<String, Object> parseAdditionalData(SyslogServerEventIF msg, boolean expand) {
    // Structured syslog has more data we can parse.
    if (msg instanceof StructuredSyslogServerEvent) {
        final StructuredSyslogServerEvent sMsg = (StructuredSyslogServerEvent) msg;
        final Map<String, Object> structuredData = new HashMap<>(extractFields(sMsg, expand));
        if (!isNullOrEmpty(sMsg.getApplicationName())) {
            structuredData.put("application_name", sMsg.getApplicationName());
        }
        if (!isNullOrEmpty(sMsg.getProcessId())) {
            structuredData.put("process_id", sMsg.getProcessId());
        }
        return structuredData;
    } else {
        return Collections.emptyMap();
    }
}

Example 2 with StructuredSyslogServerEvent

use of org.graylog2.syslog4j.server.impl.event.structured.StructuredSyslogServerEvent in project graylog2-server by Graylog2.

the class SyslogCodec method parse.

private Message parse(String msg, InetAddress remoteAddress, DateTime receivedTimestamp) {
    /*
         * ZOMG funny 80s neckbeard protocols. We are now deciding if to parse
         * structured (RFC5424) or unstructured (classic BSD, RFC3164) syslog
         * by checking if there is a VERSION after the PRI. Sorry.
         *
         *                            ._.                                  _
         *    R-O-F-L-R-O-F-L-R-O-F-L-IOI-R-O-F-L-R-O-F-L-R-O-F-L         / l
         *                ___________/LOL\____                           /: ]
         *            .__/°         °\___/°   \                         / ::\
         *           /^^ \            °  °     \_______.__________.____/: OO:\
         *      .__./     j      ________             _________________ ::OO::|
         *    ./ ^^ j____/°     [\______/]      .____/                 \__:__/
         *  ._|____/°    °       <{(OMG{<       /                         ::
         * /  °    °              (OMFG{       /
         * |°  loooooooooooooooooooooooooooooooool
         *         °L|                   L|
         *          ()                   ()
         *
         *
         *  http://open.spotify.com/track/2ZtQKBB8wDTtPPqDZhy7xZ
         *
         */
    final SyslogServerEventIF e;
    if (STRUCTURED_SYSLOG_PATTERN.matcher(msg).matches()) {
        e = new StructuredSyslogServerEvent(msg, remoteAddress);
    } else {
        e = new SyslogServerEvent(msg, remoteAddress);
    }
    // If the message is a structured one, we do not want the message ID and the structured data in the
    // message string. See: https://github.com/Graylog2/graylog2-server/issues/845#issuecomment-69499719
    final String syslogMessage;
    if (e instanceof StructuredSyslogServerEvent) {
        final String structMessage = ((StructuredSyslogServerEvent) e).getStructuredMessage().getMessage();
        syslogMessage = isNullOrEmpty(structMessage) ? e.getMessage() : structMessage;
    } else {
        syslogMessage = e.getMessage();
    }
    final Message m = new Message(syslogMessage, parseHost(e, remoteAddress), parseDate(e, receivedTimestamp));
    m.addField("facility", Tools.syslogFacilityToReadable(e.getFacility()));
    m.addField("level", e.getLevel());
    // Store full message if configured.
    if (configuration.getBoolean(CK_STORE_FULL_MESSAGE)) {
        m.addField("full_message", new String(e.getRaw(), StandardCharsets.UTF_8));
    }
    final boolean expandStructuredData = configuration.getBoolean(CK_EXPAND_STRUCTURED_DATA);
    m.addFields(parseAdditionalData(e, expandStructuredData));
    return m;
}