public SyslogEvent build() { return new SyslogEvent(this); } }
public Syslog5424Event build() { return new Syslog5424Event(this); } }
/** * Parses a Syslog5424Event from a {@code byte array}. * * @param bytes a {@code byte array} containing a syslog message * @param sender the hostname of the syslog server that sent the message * @return a Syslog5424Event parsed from the {@code byte array} */ public Syslog5424Event parseEvent(final byte[] bytes, final String sender) { if (bytes == null || bytes.length == 0) { return null; } // remove trailing new line before parsing int length = bytes.length; if (bytes[length - 1] == '\n') { length = length - 1; } final String message = new String(bytes, 0, length, charset); final Syslog5424Event.Builder builder = new Syslog5424Event.Builder() .valid(false).fullMessage(message).rawMessage(bytes).sender(sender); try { parser.parseLine(message, builder::fieldMap); builder.valid(true); } catch (Exception e) { // this is not a valid 5424 message builder.valid(false); builder.exception(e); } // either invalid w/original msg, or fully parsed event return builder.build(); }
@Override public Record nextRecord(boolean coerceTypes, boolean dropUnknownFields) throws IOException, MalformedRecordException { String line = reader.readLine(); if (line == null) { // a null return from readLine() signals the end of the stream return null; } if (StringUtils.isBlank(line)) { // while an empty string is an error throw new MalformedRecordException("Encountered a blank message!"); } final MalformedRecordException malformedRecordException; SyslogEvent event = parser.parseEvent(ByteBuffer.wrap(line.getBytes(parser.getCharsetName()))); if (!event.isValid()) { malformedRecordException = new MalformedRecordException( String.format("Failed to parse %s as a Syslog message: it does not conform to any of the RFC" + " formats supported", line)); throw malformedRecordException; } final Map<String, Object> syslogMap = new HashMap<>(8); syslogMap.put(SyslogAttributes.PRIORITY.key(), event.getPriority()); syslogMap.put(SyslogAttributes.SEVERITY.key(), event.getSeverity()); syslogMap.put(SyslogAttributes.FACILITY.key(), event.getFacility()); syslogMap.put(SyslogAttributes.VERSION.key(), event.getVersion()); syslogMap.put(SyslogAttributes.TIMESTAMP.key(), event.getTimeStamp()); syslogMap.put(SyslogAttributes.HOSTNAME.key(), event.getHostName()); syslogMap.put(SyslogAttributes.BODY.key(), event.getMsgBody()); return new MapRecord(schema, syslogMap); }
final SyslogEvent.Builder builder = new SyslogEvent.Builder() .valid(false).fullMessage(message).rawMessage(bytes).sender(sender); String value = res.group(grp); if (grp == SYSLOG_TIMESTAMP_POS) { builder.timestamp(value); } else if (grp == SYSLOG_HOSTNAME_POS) { builder.hostname(value); } else if (grp == SYSLOG_PRIORITY_POS) { int pri = Integer.parseInt(value); int sev = pri % 8; int facility = pri / 8; builder.priority(value); builder.severity(String.valueOf(sev)); builder.facility(String.valueOf(facility)); } else if (grp == SYSLOG_VERSION_POS) { builder.version(value); } else if (grp == SYSLOG_BODY_POS) { builder.msgBody(value); builder.valid(true); break; return builder.build();
if (syslogEvent == null || !syslogEvent.isValid()) { getLogger().error("Failed to parse {} as a Syslog message: it does not conform to any of the RFC formats supported; routing to failure", new Object[] {flowFile}); session.transfer(flowFile, REL_FAILURE); return; Map<String,String> attributeMap = convertMap(syslogEvent.getFieldMap()); if (!includeBody) { attributeMap.remove(SyslogAttributes.SYSLOG_BODY.key());
@Override public Record nextRecord(boolean coerceTypes, boolean dropUnknownFields) throws IOException, MalformedRecordException { String line = reader.readLine(); if ( line == null ) { // a null return from readLine() signals the end of the stream return null; } if (StringUtils.isBlank(line)) { // while an empty string is an error throw new MalformedRecordException("Encountered a blank message!"); } final MalformedRecordException malformedRecordException; Syslog5424Event event = parser.parseEvent(ByteBuffer.wrap(line.getBytes(parser.getCharsetName()))); if (!event.isValid()) { if (event.getException() != null) { malformedRecordException = new MalformedRecordException( String.format("Failed to parse %s as a Syslog message: it does not conform to any of the RFC "+ "formats supported", line), event.getException()); } else { malformedRecordException = new MalformedRecordException( String.format("Failed to parse %s as a Syslog message: it does not conform to any of the RFC" + " formats supported", line)); } throw malformedRecordException; } Map<String,Object> modifiedMap = new HashMap<>(event.getFieldMap()); modifiedMap.put(SyslogAttributes.TIMESTAMP.key(),convertTimeStamp((String)event.getFieldMap().get(SyslogAttributes.TIMESTAMP.key()))); return new MapRecord(schema,modifiedMap); }
if (event == null || !event.isValid()) { getLogger().error("Failed to parse {} as a Syslog message: it does not conform to any of the RFC formats supported; routing to failure", new Object[] {flowFile}); session.transfer(flowFile, REL_FAILURE); attributes.put(SyslogAttributes.SYSLOG_PRIORITY.key(), event.getPriority()); attributes.put(SyslogAttributes.SYSLOG_SEVERITY.key(), event.getSeverity()); attributes.put(SyslogAttributes.SYSLOG_FACILITY.key(), event.getFacility()); attributes.put(SyslogAttributes.SYSLOG_VERSION.key(), event.getVersion()); attributes.put(SyslogAttributes.SYSLOG_TIMESTAMP.key(), event.getTimeStamp()); attributes.put(SyslogAttributes.SYSLOG_HOSTNAME.key(), event.getHostName()); attributes.put(SyslogAttributes.SYSLOG_BODY.key(), event.getMsgBody());
if (syslogEvent == null || !syslogEvent.isValid()) { getLogger().error("Failed to parse {} as a Syslog message: it does not conform to any of the RFC formats supported; routing to failure", new Object[] {flowFile}); session.transfer(flowFile, REL_FAILURE); return; Map<String,String> attributeMap = convertMap(syslogEvent.getFieldMap()); if (!includeBody) { attributeMap.remove(SyslogAttributes.SYSLOG_BODY.key());
if (!valid || event == null || !event.isValid()) { FlowFile invalidFlowFile = session.create(); invalidFlowFile = session.putAllAttributes(invalidFlowFile, defaultAttributes); getLogger().trace(event.getFullMessage()); attributes.put(SyslogAttributes.SYSLOG_PRIORITY.key(), event.getPriority()); attributes.put(SyslogAttributes.SYSLOG_SEVERITY.key(), event.getSeverity()); attributes.put(SyslogAttributes.SYSLOG_FACILITY.key(), event.getFacility()); attributes.put(SyslogAttributes.SYSLOG_VERSION.key(), event.getVersion()); attributes.put(SyslogAttributes.SYSLOG_TIMESTAMP.key(), event.getTimeStamp()); attributes.put(SyslogAttributes.SYSLOG_HOSTNAME.key(), event.getHostName()); attributes.put(SyslogAttributes.SYSLOG_BODY.key(), event.getMsgBody()); attributes.put(SyslogAttributes.SYSLOG_VALID.key(), String.valueOf(event.isValid())); final byte[] rawMessage = (event == null) ? rawSyslogEvent.getData() : event.getRawMessage(); flowFile = session.append(flowFile, new OutputStreamCallback() { @Override
if (event == null || !event.isValid()) { getLogger().error("Failed to parse {} as a Syslog message: it does not conform to any of the RFC formats supported; routing to failure", new Object[] {flowFile}); session.transfer(flowFile, REL_FAILURE); attributes.put(SyslogAttributes.SYSLOG_PRIORITY.key(), event.getPriority()); attributes.put(SyslogAttributes.SYSLOG_SEVERITY.key(), event.getSeverity()); attributes.put(SyslogAttributes.SYSLOG_FACILITY.key(), event.getFacility()); attributes.put(SyslogAttributes.SYSLOG_VERSION.key(), event.getVersion()); attributes.put(SyslogAttributes.SYSLOG_TIMESTAMP.key(), event.getTimeStamp()); attributes.put(SyslogAttributes.SYSLOG_HOSTNAME.key(), event.getHostName()); attributes.put(SyslogAttributes.SYSLOG_BODY.key(), event.getMsgBody());
if (!valid || event == null || !event.isValid()) { FlowFile invalidFlowFile = session.create(); invalidFlowFile = session.putAllAttributes(invalidFlowFile, defaultAttributes); getLogger().trace(event.getFullMessage()); attributes.put(SyslogAttributes.SYSLOG_PRIORITY.key(), event.getPriority()); attributes.put(SyslogAttributes.SYSLOG_SEVERITY.key(), event.getSeverity()); attributes.put(SyslogAttributes.SYSLOG_FACILITY.key(), event.getFacility()); attributes.put(SyslogAttributes.SYSLOG_VERSION.key(), event.getVersion()); attributes.put(SyslogAttributes.SYSLOG_TIMESTAMP.key(), event.getTimeStamp()); attributes.put(SyslogAttributes.SYSLOG_HOSTNAME.key(), event.getHostName()); attributes.put(SyslogAttributes.SYSLOG_BODY.key(), event.getMsgBody()); attributes.put(SyslogAttributes.SYSLOG_VALID.key(), String.valueOf(event.isValid())); final byte[] rawMessage = (event == null) ? rawSyslogEvent.getData() : event.getRawMessage(); flowFile = session.append(flowFile, new OutputStreamCallback() { @Override