Update: Syslog input handling of severity and facility values

influxdata · May 23, 2018 · 09f869b · 09f869b
1 parent 1c27f07
commit 09f869b
Show file tree

Hide file tree

Showing 5 changed files with 209 additions and 181 deletions.
diff --git a/Godeps b/Godeps
@@ -32,7 +32,7 @@ github.com/go-redis/redis 73b70592cdaa9e6abdfcfbf97b4a90d80728c836
 github.com/go-sql-driver/mysql 2e00b5cd70399450106cec6431c2e2ce3cae5034
 github.com/hailocab/go-hostpool e80d13ce29ede4452c43dea11e79b9bc8a15b478
 github.com/hashicorp/consul 5174058f0d2bda63fa5198ab96c33d9a909c58ed
-github.com/influxdata/go-syslog dcd9920f1eea047ffa10928fd2b7fbad6c7abe83
+github.com/influxdata/go-syslog 84f3b60009444d298f97454feb1f20cf91d1fa6e
 github.com/influxdata/tail c43482518d410361b6c383d7aebce33d0471d7bc
 github.com/influxdata/toml 5d1d907f22ead1cd47adde17ceec5bda9cacaf8f
 github.com/influxdata/wlog 7c63b0a71ef8300adc255344d275e10e5c3a71ec

diff --git a/plugins/inputs/syslog/README.md b/plugins/inputs/syslog/README.md
@@ -8,14 +8,44 @@ This plugin listens for syslog messages following RFC5424 format. When received
 
 ### Configuration:
 
-To configure it as a TLS syslog receiver as recommended by RFC5425 give it the following configuration:
-
 ```toml
 [[inputs.syslog]]
-  address = ":6514"
-  tls_cacert = "/etc/telegraf/ca.pem"
-  tls_cert = "/etc/telegraf/cert.pem"
-  tls_key = "/etc/telegraf/key.pem"
+  ## Specify an ip or hostname with port - eg., localhost:6514, 10.0.0.1:6514
+  ## Address and port to host the syslog receiver.
+  ## If no server is specified, then localhost is used as the host.
+  ## If no port is specified, 6514 is used (RFC5425#section-4.1).
+  server = ":6514"
+
+  ## Protocol (default = tcp)
+  ## Should be one of the following values:
+  ## tcp, tcp4, tcp6, unix, unixpacket, udp, udp4, udp6, ip, ip4, ip6, unixgram.
+  ## Otherwise forced to the default.
+  # protocol = "tcp"
+
+  ## TLS Config
+  # tls_allowed_cacerts = ["/etc/telegraf/ca.pem"]
+  # tls_cert = "/etc/telegraf/cert.pem"
+  # tls_key = "/etc/telegraf/key.pem"
+
+  ## Period between keep alive probes.
+  ## 0 disables keep alive probes.
+  ## Defaults to the OS configuration.
+  ## Only applies to stream sockets (e.g. TCP).
+  # keep_alive_period = "5m"
+
+  ## Maximum number of concurrent connections (default = 0).
+  ## 0 means unlimited.
+  ## Only applies to stream sockets (e.g. TCP).
+  # max_connections = 1024
+
+  ## Read timeout (default = 500ms).
+  ## 0 means unlimited.
+  ## Only applies to stream sockets (e.g. TCP).
+  # read_timeout = 500ms
+
+  ## Whether to parse in best effort mode or not (default = false).
+  ## By default best effort parsing is off.
+  # best_effort = false
 ```
 
 #### Other configs

diff --git a/plugins/inputs/syslog/rfc5425_test.go b/plugins/inputs/syslog/rfc5425_test.go
@@ -46,14 +46,14 @@ func getTestCasesForRFC5425() []testCase5425 {
 						"origin":        true,
 						"meta sequence": "14125553",
 						"meta service":  "someservice",
+						"severity_code": 5,
+						"facility_code": 3,
 					},
 					Tags: map[string]string{
-						"severity":         "5",
-						"severity_level":   "notice",
-						"facility":         "3",
-						"facility_message": "system daemons",
-						"hostname":         "web1",
-						"appname":          "someservice",
+						"severity": "notice",
+						"facility": "daemon",
+						"hostname": "web1",
+						"appname":  "someservice",
 					},
 					Time: defaultTime,
 				},
@@ -70,14 +70,14 @@ func getTestCasesForRFC5425() []testCase5425 {
 						"origin":        true,
 						"meta sequence": "14125553",
 						"meta service":  "someservice",
+						"severity_code": 5,
+						"facility_code": 3,
 					},
 					Tags: map[string]string{
-						"severity":         "5",
-						"severity_level":   "notice",
-						"facility":         "3",
-						"facility_message": "system daemons",
-						"hostname":         "web1",
-						"appname":          "someservice",
+						"severity": "notice",
+						"facility": "daemon",
+						"hostname": "web1",
+						"appname":  "someservice",
 					},
 					Time: defaultTime,
 				},
@@ -90,26 +90,26 @@ func getTestCasesForRFC5425() []testCase5425 {
 				testutil.Metric{
 					Measurement: "syslog",
 					Fields: map[string]interface{}{
-						"version": uint16(2),
+						"version":       uint16(2),
+						"severity_code": 1,
+						"facility_code": 0,
 					},
 					Tags: map[string]string{
-						"severity":         "1",
-						"severity_level":   "alert",
-						"facility":         "0",
-						"facility_message": "kernel messages",
+						"severity": "alert",
+						"facility": "kern",
 					},
 					Time: defaultTime,
 				},
 				testutil.Metric{
 					Measurement: "syslog",
 					Fields: map[string]interface{}{
-						"version": uint16(11),
+						"version":       uint16(11),
+						"severity_code": 4,
+						"facility_code": 0,
 					},
 					Tags: map[string]string{
-						"severity":         "4",
-						"severity_level":   "warning",
-						"facility":         "0",
-						"facility_message": "kernel messages",
+						"severity": "warning",
+						"facility": "kern",
 					},
 					Time: defaultTime,
 				},
@@ -118,26 +118,26 @@ func getTestCasesForRFC5425() []testCase5425 {
 				testutil.Metric{
 					Measurement: "syslog",
 					Fields: map[string]interface{}{
-						"version": uint16(2),
+						"version":       uint16(2),
+						"severity_code": 1,
+						"facility_code": 0,
 					},
 					Tags: map[string]string{
-						"severity":         "1",
-						"severity_level":   "alert",
-						"facility":         "0",
-						"facility_message": "kernel messages",
+						"severity": "alert",
+						"facility": "kern",
 					},
 					Time: defaultTime,
 				},
 				testutil.Metric{
 					Measurement: "syslog",
 					Fields: map[string]interface{}{
-						"version": uint16(11),
+						"version":       uint16(11),
+						"severity_code": 4,
+						"facility_code": 0,
 					},
 					Tags: map[string]string{
-						"severity":         "4",
-						"severity_level":   "warning",
-						"facility":         "0",
-						"facility_message": "kernel messages",
+						"severity": "warning",
+						"facility": "kern",
 					},
 					Time: defaultTime,
 				},
@@ -150,14 +150,14 @@ func getTestCasesForRFC5425() []testCase5425 {
 				testutil.Metric{
 					Measurement: "syslog",
 					Fields: map[string]interface{}{
-						"version": uint16(1),
-						"message": "hellø",
+						"version":       uint16(1),
+						"message":       "hellø",
+						"severity_code": 1,
+						"facility_code": 0,
 					},
 					Tags: map[string]string{
-						"severity":         "1",
-						"severity_level":   "alert",
-						"facility":         "0",
-						"facility_message": "kernel messages",
+						"severity": "alert",
+						"facility": "kern",
 					},
 					Time: defaultTime,
 				},
@@ -166,14 +166,14 @@ func getTestCasesForRFC5425() []testCase5425 {
 				testutil.Metric{
 					Measurement: "syslog",
 					Fields: map[string]interface{}{
-						"version": uint16(1),
-						"message": "hellø",
+						"version":       uint16(1),
+						"message":       "hellø",
+						"severity_code": 1,
+						"facility_code": 0,
 					},
 					Tags: map[string]string{
-						"severity":         "1",
-						"severity_level":   "alert",
-						"facility":         "0",
-						"facility_message": "kernel messages",
+						"severity": "alert",
+						"facility": "kern",
 					},
 					Time: defaultTime,
 				},
@@ -186,14 +186,14 @@ func getTestCasesForRFC5425() []testCase5425 {
 				testutil.Metric{
 					Measurement: "syslog",
 					Fields: map[string]interface{}{
-						"version": uint16(3),
-						"message": "hello\nworld",
+						"version":       uint16(3),
+						"message":       "hello\nworld",
+						"severity_code": 1,
+						"facility_code": 0,
 					},
 					Tags: map[string]string{
-						"severity":         "1",
-						"severity_level":   "alert",
-						"facility":         "0",
-						"facility_message": "kernel messages",
+						"severity": "alert",
+						"facility": "kern",
 					},
 					Time: defaultTime,
 				},
@@ -202,14 +202,14 @@ func getTestCasesForRFC5425() []testCase5425 {
 				testutil.Metric{
 					Measurement: "syslog",
 					Fields: map[string]interface{}{
-						"version": uint16(3),
-						"message": "hello\nworld",
+						"version":       uint16(3),
+						"message":       "hello\nworld",
+						"severity_code": 1,
+						"facility_code": 0,
 					},
 					Tags: map[string]string{
-						"severity":         "1",
-						"severity_level":   "alert",
-						"facility":         "0",
-						"facility_message": "kernel messages",
+						"severity": "alert",
+						"facility": "kern",
 					},
 					Time: defaultTime,
 				},
@@ -223,13 +223,13 @@ func getTestCasesForRFC5425() []testCase5425 {
 				testutil.Metric{
 					Measurement: "syslog",
 					Fields: map[string]interface{}{
-						"version": uint16(2),
+						"version":       uint16(2),
+						"severity_code": 1,
+						"facility_code": 0,
 					},
 					Tags: map[string]string{
-						"severity":         "1",
-						"severity_level":   "alert",
-						"facility":         "0",
-						"facility_message": "kernel messages",
+						"severity": "alert",
+						"facility": "kern",
 					},
 					Time: defaultTime,
 				},
@@ -243,13 +243,13 @@ func getTestCasesForRFC5425() []testCase5425 {
 				testutil.Metric{
 					Measurement: "syslog",
 					Fields: map[string]interface{}{
-						"version": uint16(1),
+						"version":       uint16(1),
+						"severity_code": 1,
+						"facility_code": 0,
 					},
 					Tags: map[string]string{
-						"severity":         "1",
-						"severity_level":   "alert",
-						"facility":         "0",
-						"facility_message": "kernel messages",
+						"severity": "alert",
+						"facility": "kern",
 					},
 					Time: defaultTime,
 				},
@@ -258,13 +258,13 @@ func getTestCasesForRFC5425() []testCase5425 {
 				testutil.Metric{
 					Measurement: "syslog",
 					Fields: map[string]interface{}{
-						"version": uint16(1),
+						"version":       uint16(1),
+						"severity_code": 1,
+						"facility_code": 0,
 					},
 					Tags: map[string]string{
-						"severity":         "1",
-						"severity_level":   "alert",
-						"facility":         "0",
-						"facility_message": "kernel messages",
+						"severity": "alert",
+						"facility": "kern",
 					},
 					Time: defaultTime,
 				},
@@ -278,13 +278,13 @@ func getTestCasesForRFC5425() []testCase5425 {
 				testutil.Metric{
 					Measurement: "syslog",
 					Fields: map[string]interface{}{
-						"version": uint16(217),
+						"version":       uint16(217),
+						"severity_code": 1,
+						"facility_code": 0,
 					},
 					Tags: map[string]string{
-						"severity":         "1",
-						"severity_level":   "alert",
-						"facility":         "0",
-						"facility_message": "kernel messages",
+						"severity": "alert",
+						"facility": "kern",
 					},
 					Time: defaultTime,
 				},
@@ -303,19 +303,19 @@ func getTestCasesForRFC5425() []testCase5425 {
 				testutil.Metric{
 					Measurement: "syslog",
 					Fields: map[string]interface{}{
-						"version":   maxV,
-						"timestamp": time.Unix(1514764799, 999999000).UTC(),
-						"message":   message7681,
-						"procid":    maxPID,
-						"msgid":     maxMID,
+						"version":       maxV,
+						"timestamp":     time.Unix(1514764799, 999999000).UTC(),
+						"message":       message7681,
+						"procid":        maxPID,
+						"msgid":         maxMID,
+						"facility_code": 23,
+						"severity_code": 7,
 					},
 					Tags: map[string]string{
-						"severity":         "7",
-						"severity_level":   "debug",
-						"facility":         "23",
-						"facility_message": "local use 7 (local7)",
-						"hostname":         maxH,
-						"appname":          maxA,
+						"severity": "debug",
+						"facility": "local7",
+						"hostname": maxH,
+						"appname":  maxA,
 					},
 					Time: defaultTime,
 				},
@@ -324,19 +324,19 @@ func getTestCasesForRFC5425() []testCase5425 {
 				testutil.Metric{
 					Measurement: "syslog",
 					Fields: map[string]interface{}{
-						"version":   maxV,
-						"timestamp": time.Unix(1514764799, 999999000).UTC(),
-						"message":   message7681,
-						"procid":    maxPID,
-						"msgid":     maxMID,
+						"version":       maxV,
+						"timestamp":     time.Unix(1514764799, 999999000).UTC(),
+						"message":       message7681,
+						"procid":        maxPID,
+						"msgid":         maxMID,
+						"facility_code": 23,
+						"severity_code": 7,
 					},
 					Tags: map[string]string{
-						"severity":         "7",
-						"severity_level":   "debug",
-						"facility":         "23",
-						"facility_message": "local use 7 (local7)",
-						"hostname":         maxH,
-						"appname":          maxA,
+						"severity": "debug",
+						"facility": "local7",
+						"hostname": maxH,
+						"appname":  maxA,
 					},
 					Time: defaultTime,
 				},