diff --git a/Godeps b/Godeps index 82c56a0e1e1fd..70e6e7966c059 100644 --- a/Godeps +++ b/Godeps @@ -32,7 +32,7 @@ github.com/go-redis/redis 73b70592cdaa9e6abdfcfbf97b4a90d80728c836 github.com/go-sql-driver/mysql 2e00b5cd70399450106cec6431c2e2ce3cae5034 github.com/hailocab/go-hostpool e80d13ce29ede4452c43dea11e79b9bc8a15b478 github.com/hashicorp/consul 5174058f0d2bda63fa5198ab96c33d9a909c58ed -github.com/influxdata/go-syslog dcd9920f1eea047ffa10928fd2b7fbad6c7abe83 +github.com/influxdata/go-syslog 84f3b60009444d298f97454feb1f20cf91d1fa6e github.com/influxdata/tail c43482518d410361b6c383d7aebce33d0471d7bc github.com/influxdata/toml 5d1d907f22ead1cd47adde17ceec5bda9cacaf8f github.com/influxdata/wlog 7c63b0a71ef8300adc255344d275e10e5c3a71ec diff --git a/plugins/inputs/syslog/README.md b/plugins/inputs/syslog/README.md index 759538b237e07..c24b1bcf3d761 100644 --- a/plugins/inputs/syslog/README.md +++ b/plugins/inputs/syslog/README.md @@ -8,14 +8,44 @@ This plugin listens for syslog messages following RFC5424 format. When received ### Configuration: -To configure it as a TLS syslog receiver as recommended by RFC5425 give it the following configuration: - ```toml [[inputs.syslog]] - address = ":6514" - tls_cacert = "/etc/telegraf/ca.pem" - tls_cert = "/etc/telegraf/cert.pem" - tls_key = "/etc/telegraf/key.pem" + ## Specify an ip or hostname with port - eg., localhost:6514, 10.0.0.1:6514 + ## Address and port to host the syslog receiver. + ## If no server is specified, then localhost is used as the host. + ## If no port is specified, 6514 is used (RFC5425#section-4.1). + server = ":6514" + + ## Protocol (default = tcp) + ## Should be one of the following values: + ## tcp, tcp4, tcp6, unix, unixpacket, udp, udp4, udp6, ip, ip4, ip6, unixgram. + ## Otherwise forced to the default. + # protocol = "tcp" + + ## TLS Config + # tls_allowed_cacerts = ["/etc/telegraf/ca.pem"] + # tls_cert = "/etc/telegraf/cert.pem" + # tls_key = "/etc/telegraf/key.pem" + + ## Period between keep alive probes. + ## 0 disables keep alive probes. + ## Defaults to the OS configuration. + ## Only applies to stream sockets (e.g. TCP). + # keep_alive_period = "5m" + + ## Maximum number of concurrent connections (default = 0). + ## 0 means unlimited. + ## Only applies to stream sockets (e.g. TCP). + # max_connections = 1024 + + ## Read timeout (default = 500ms). + ## 0 means unlimited. + ## Only applies to stream sockets (e.g. TCP). + # read_timeout = 500ms + + ## Whether to parse in best effort mode or not (default = false). + ## By default best effort parsing is off. + # best_effort = false ``` #### Other configs diff --git a/plugins/inputs/syslog/rfc5425_test.go b/plugins/inputs/syslog/rfc5425_test.go index c344a996db501..5e2768d8ad26d 100644 --- a/plugins/inputs/syslog/rfc5425_test.go +++ b/plugins/inputs/syslog/rfc5425_test.go @@ -46,14 +46,14 @@ func getTestCasesForRFC5425() []testCase5425 { "origin": true, "meta sequence": "14125553", "meta service": "someservice", + "severity_code": 5, + "facility_code": 3, }, Tags: map[string]string{ - "severity": "5", - "severity_level": "notice", - "facility": "3", - "facility_message": "system daemons", - "hostname": "web1", - "appname": "someservice", + "severity": "notice", + "facility": "daemon", + "hostname": "web1", + "appname": "someservice", }, Time: defaultTime, }, @@ -70,14 +70,14 @@ func getTestCasesForRFC5425() []testCase5425 { "origin": true, "meta sequence": "14125553", "meta service": "someservice", + "severity_code": 5, + "facility_code": 3, }, Tags: map[string]string{ - "severity": "5", - "severity_level": "notice", - "facility": "3", - "facility_message": "system daemons", - "hostname": "web1", - "appname": "someservice", + "severity": "notice", + "facility": "daemon", + "hostname": "web1", + "appname": "someservice", }, Time: defaultTime, }, @@ -90,26 +90,26 @@ func getTestCasesForRFC5425() []testCase5425 { testutil.Metric{ Measurement: "syslog", Fields: map[string]interface{}{ - "version": uint16(2), + "version": uint16(2), + "severity_code": 1, + "facility_code": 0, }, Tags: map[string]string{ - "severity": "1", - "severity_level": "alert", - "facility": "0", - "facility_message": "kernel messages", + "severity": "alert", + "facility": "kern", }, Time: defaultTime, }, testutil.Metric{ Measurement: "syslog", Fields: map[string]interface{}{ - "version": uint16(11), + "version": uint16(11), + "severity_code": 4, + "facility_code": 0, }, Tags: map[string]string{ - "severity": "4", - "severity_level": "warning", - "facility": "0", - "facility_message": "kernel messages", + "severity": "warning", + "facility": "kern", }, Time: defaultTime, }, @@ -118,26 +118,26 @@ func getTestCasesForRFC5425() []testCase5425 { testutil.Metric{ Measurement: "syslog", Fields: map[string]interface{}{ - "version": uint16(2), + "version": uint16(2), + "severity_code": 1, + "facility_code": 0, }, Tags: map[string]string{ - "severity": "1", - "severity_level": "alert", - "facility": "0", - "facility_message": "kernel messages", + "severity": "alert", + "facility": "kern", }, Time: defaultTime, }, testutil.Metric{ Measurement: "syslog", Fields: map[string]interface{}{ - "version": uint16(11), + "version": uint16(11), + "severity_code": 4, + "facility_code": 0, }, Tags: map[string]string{ - "severity": "4", - "severity_level": "warning", - "facility": "0", - "facility_message": "kernel messages", + "severity": "warning", + "facility": "kern", }, Time: defaultTime, }, @@ -150,14 +150,14 @@ func getTestCasesForRFC5425() []testCase5425 { testutil.Metric{ Measurement: "syslog", Fields: map[string]interface{}{ - "version": uint16(1), - "message": "hellø", + "version": uint16(1), + "message": "hellø", + "severity_code": 1, + "facility_code": 0, }, Tags: map[string]string{ - "severity": "1", - "severity_level": "alert", - "facility": "0", - "facility_message": "kernel messages", + "severity": "alert", + "facility": "kern", }, Time: defaultTime, }, @@ -166,14 +166,14 @@ func getTestCasesForRFC5425() []testCase5425 { testutil.Metric{ Measurement: "syslog", Fields: map[string]interface{}{ - "version": uint16(1), - "message": "hellø", + "version": uint16(1), + "message": "hellø", + "severity_code": 1, + "facility_code": 0, }, Tags: map[string]string{ - "severity": "1", - "severity_level": "alert", - "facility": "0", - "facility_message": "kernel messages", + "severity": "alert", + "facility": "kern", }, Time: defaultTime, }, @@ -186,14 +186,14 @@ func getTestCasesForRFC5425() []testCase5425 { testutil.Metric{ Measurement: "syslog", Fields: map[string]interface{}{ - "version": uint16(3), - "message": "hello\nworld", + "version": uint16(3), + "message": "hello\nworld", + "severity_code": 1, + "facility_code": 0, }, Tags: map[string]string{ - "severity": "1", - "severity_level": "alert", - "facility": "0", - "facility_message": "kernel messages", + "severity": "alert", + "facility": "kern", }, Time: defaultTime, }, @@ -202,14 +202,14 @@ func getTestCasesForRFC5425() []testCase5425 { testutil.Metric{ Measurement: "syslog", Fields: map[string]interface{}{ - "version": uint16(3), - "message": "hello\nworld", + "version": uint16(3), + "message": "hello\nworld", + "severity_code": 1, + "facility_code": 0, }, Tags: map[string]string{ - "severity": "1", - "severity_level": "alert", - "facility": "0", - "facility_message": "kernel messages", + "severity": "alert", + "facility": "kern", }, Time: defaultTime, }, @@ -223,13 +223,13 @@ func getTestCasesForRFC5425() []testCase5425 { testutil.Metric{ Measurement: "syslog", Fields: map[string]interface{}{ - "version": uint16(2), + "version": uint16(2), + "severity_code": 1, + "facility_code": 0, }, Tags: map[string]string{ - "severity": "1", - "severity_level": "alert", - "facility": "0", - "facility_message": "kernel messages", + "severity": "alert", + "facility": "kern", }, Time: defaultTime, }, @@ -243,13 +243,13 @@ func getTestCasesForRFC5425() []testCase5425 { testutil.Metric{ Measurement: "syslog", Fields: map[string]interface{}{ - "version": uint16(1), + "version": uint16(1), + "severity_code": 1, + "facility_code": 0, }, Tags: map[string]string{ - "severity": "1", - "severity_level": "alert", - "facility": "0", - "facility_message": "kernel messages", + "severity": "alert", + "facility": "kern", }, Time: defaultTime, }, @@ -258,13 +258,13 @@ func getTestCasesForRFC5425() []testCase5425 { testutil.Metric{ Measurement: "syslog", Fields: map[string]interface{}{ - "version": uint16(1), + "version": uint16(1), + "severity_code": 1, + "facility_code": 0, }, Tags: map[string]string{ - "severity": "1", - "severity_level": "alert", - "facility": "0", - "facility_message": "kernel messages", + "severity": "alert", + "facility": "kern", }, Time: defaultTime, }, @@ -278,13 +278,13 @@ func getTestCasesForRFC5425() []testCase5425 { testutil.Metric{ Measurement: "syslog", Fields: map[string]interface{}{ - "version": uint16(217), + "version": uint16(217), + "severity_code": 1, + "facility_code": 0, }, Tags: map[string]string{ - "severity": "1", - "severity_level": "alert", - "facility": "0", - "facility_message": "kernel messages", + "severity": "alert", + "facility": "kern", }, Time: defaultTime, }, @@ -303,19 +303,19 @@ func getTestCasesForRFC5425() []testCase5425 { testutil.Metric{ Measurement: "syslog", Fields: map[string]interface{}{ - "version": maxV, - "timestamp": time.Unix(1514764799, 999999000).UTC(), - "message": message7681, - "procid": maxPID, - "msgid": maxMID, + "version": maxV, + "timestamp": time.Unix(1514764799, 999999000).UTC(), + "message": message7681, + "procid": maxPID, + "msgid": maxMID, + "facility_code": 23, + "severity_code": 7, }, Tags: map[string]string{ - "severity": "7", - "severity_level": "debug", - "facility": "23", - "facility_message": "local use 7 (local7)", - "hostname": maxH, - "appname": maxA, + "severity": "debug", + "facility": "local7", + "hostname": maxH, + "appname": maxA, }, Time: defaultTime, }, @@ -324,19 +324,19 @@ func getTestCasesForRFC5425() []testCase5425 { testutil.Metric{ Measurement: "syslog", Fields: map[string]interface{}{ - "version": maxV, - "timestamp": time.Unix(1514764799, 999999000).UTC(), - "message": message7681, - "procid": maxPID, - "msgid": maxMID, + "version": maxV, + "timestamp": time.Unix(1514764799, 999999000).UTC(), + "message": message7681, + "procid": maxPID, + "msgid": maxMID, + "facility_code": 23, + "severity_code": 7, }, Tags: map[string]string{ - "severity": "7", - "severity_level": "debug", - "facility": "23", - "facility_message": "local use 7 (local7)", - "hostname": maxH, - "appname": maxA, + "severity": "debug", + "facility": "local7", + "hostname": maxH, + "appname": maxA, }, Time: defaultTime, }, diff --git a/plugins/inputs/syslog/rfc5426_test.go b/plugins/inputs/syslog/rfc5426_test.go index 65023e66ffa15..f2be36d8d9db4 100644 --- a/plugins/inputs/syslog/rfc5426_test.go +++ b/plugins/inputs/syslog/rfc5426_test.go @@ -32,28 +32,28 @@ func getTestCasesForRFC5426() []testCase5426 { wantBestEffort: &testutil.Metric{ Measurement: "syslog", Fields: map[string]interface{}{ - "version": uint16(1), - "message": "A", + "version": uint16(1), + "message": "A", + "facility_code": 0, + "severity_code": 1, }, Tags: map[string]string{ - "severity": "1", - "severity_level": "alert", - "facility": "0", - "facility_message": "kernel messages", + "severity": "alert", + "facility": "kern", }, Time: defaultTime, }, wantStrict: &testutil.Metric{ Measurement: "syslog", Fields: map[string]interface{}{ - "version": uint16(1), - "message": "A", + "version": uint16(1), + "message": "A", + "facility_code": 0, + "severity_code": 1, }, Tags: map[string]string{ - "severity": "1", - "severity_level": "alert", - "facility": "0", - "facility_message": "kernel messages", + "severity": "alert", + "facility": "kern", }, Time: defaultTime, }, @@ -64,28 +64,28 @@ func getTestCasesForRFC5426() []testCase5426 { wantBestEffort: &testutil.Metric{ Measurement: "syslog", Fields: map[string]interface{}{ - "version": uint16(3), - "message": "A<1>4 - - - - - - B", + "version": uint16(3), + "message": "A<1>4 - - - - - - B", + "severity_code": 1, + "facility_code": 0, }, Tags: map[string]string{ - "severity": "1", - "severity_level": "alert", - "facility": "0", - "facility_message": "kernel messages", + "severity": "alert", + "facility": "kern", }, Time: defaultTime, }, wantStrict: &testutil.Metric{ Measurement: "syslog", Fields: map[string]interface{}{ - "version": uint16(3), - "message": "A<1>4 - - - - - - B", + "version": uint16(3), + "message": "A<1>4 - - - - - - B", + "severity_code": 1, + "facility_code": 0, }, Tags: map[string]string{ - "severity": "1", - "severity_level": "alert", - "facility": "0", - "facility_message": "kernel messages", + "severity": "alert", + "facility": "kern", }, Time: defaultTime, }, @@ -104,14 +104,14 @@ func getTestCasesForRFC5426() []testCase5426 { "origin": true, "meta sequence": "14125553", "meta service": "someservice", + "severity_code": 5, + "facility_code": 3, }, Tags: map[string]string{ - "severity": "5", - "severity_level": "notice", - "facility": "3", - "facility_message": "system daemons", - "hostname": "web1", - "appname": "someservice", + "severity": "notice", + "facility": "daemon", + "hostname": "web1", + "appname": "someservice", }, Time: defaultTime, }, @@ -126,14 +126,14 @@ func getTestCasesForRFC5426() []testCase5426 { "origin": true, "meta sequence": "14125553", "meta service": "someservice", + "severity_code": 5, + "facility_code": 3, }, Tags: map[string]string{ - "severity": "5", - "severity_level": "notice", - "facility": "3", - "facility_message": "system daemons", - "hostname": "web1", - "appname": "someservice", + "severity": "notice", + "facility": "daemon", + "hostname": "web1", + "appname": "someservice", }, Time: defaultTime, }, @@ -144,38 +144,38 @@ func getTestCasesForRFC5426() []testCase5426 { wantBestEffort: &testutil.Metric{ Measurement: "syslog", Fields: map[string]interface{}{ - "version": maxV, - "timestamp": time.Unix(1514764799, 999999000).UTC(), - "message": message7681, - "procid": maxPID, - "msgid": maxMID, + "version": maxV, + "timestamp": time.Unix(1514764799, 999999000).UTC(), + "message": message7681, + "procid": maxPID, + "msgid": maxMID, + "severity_code": 7, + "facility_code": 23, }, Tags: map[string]string{ - "severity": "7", - "severity_level": "debug", - "facility": "23", - "facility_message": "local use 7 (local7)", - "hostname": maxH, - "appname": maxA, + "severity": "debug", + "facility": "local7", + "hostname": maxH, + "appname": maxA, }, Time: defaultTime, }, wantStrict: &testutil.Metric{ Measurement: "syslog", Fields: map[string]interface{}{ - "version": maxV, - "timestamp": time.Unix(1514764799, 999999000).UTC(), - "message": message7681, - "procid": maxPID, - "msgid": maxMID, + "version": maxV, + "timestamp": time.Unix(1514764799, 999999000).UTC(), + "message": message7681, + "procid": maxPID, + "msgid": maxMID, + "severity_code": 7, + "facility_code": 23, }, Tags: map[string]string{ - "severity": "7", - "severity_level": "debug", - "facility": "23", - "facility_message": "local use 7 (local7)", - "hostname": maxH, - "appname": maxA, + "severity": "debug", + "facility": "local7", + "hostname": maxH, + "appname": maxA, }, Time: defaultTime, }, @@ -186,13 +186,13 @@ func getTestCasesForRFC5426() []testCase5426 { wantBestEffort: &testutil.Metric{ Measurement: "syslog", Fields: map[string]interface{}{ - "version": uint16(2), + "version": uint16(2), + "facility_code": 0, + "severity_code": 1, }, Tags: map[string]string{ - "severity": "1", - "severity_level": "alert", - "facility": "0", - "facility_message": "kernel messages", + "severity": "alert", + "facility": "kern", }, Time: defaultTime, }, diff --git a/plugins/inputs/syslog/syslog.go b/plugins/inputs/syslog/syslog.go index ec145bc148bc7..7d985c191ce8b 100644 --- a/plugins/inputs/syslog/syslog.go +++ b/plugins/inputs/syslog/syslog.go @@ -6,7 +6,6 @@ import ( "io" "net" "os" - "strconv" "strings" "sync" "time" @@ -183,7 +182,7 @@ func (s *Syslog) listenPacket(acc telegraf.Accumulator) { message, err := p.Parse(b[:n], &s.BestEffort) if message != nil { - acc.AddFields("syslog", fields(message), tags(message), s.now()) + acc.AddFields("syslog", fields(*message), tags(*message), s.now()) } if err != nil { acc.AddError(err) @@ -282,21 +281,17 @@ func (s *Syslog) store(res rfc5425.Result, acc telegraf.Accumulator) { acc.AddError(res.MessageError) } if res.Message != nil { - acc.AddFields("syslog", fields(res.Message), tags(res.Message), s.now()) + msg := *res.Message + acc.AddFields("syslog", fields(msg), tags(msg), s.now()) } } -func tags(msg *rfc5424.SyslogMessage) map[string]string { +func tags(msg rfc5424.SyslogMessage) map[string]string { ts := map[string]string{} - if lvl := msg.SeverityLevel(); lvl != nil { - ts["severity"] = strconv.Itoa(int(*msg.Severity())) - ts["severity_level"] = *lvl - } - if f := msg.FacilityMessage(); f != nil { - ts["facility"] = strconv.Itoa(int(*msg.Facility())) - ts["facility_message"] = *f - } + // Not checking assuming a minimally valid message + ts["severity"] = *msg.SeverityShortLevel() + ts["facility"] = *msg.FacilityLevel() if msg.Hostname() != nil { ts["hostname"] = *msg.Hostname() @@ -309,10 +304,13 @@ func tags(msg *rfc5424.SyslogMessage) map[string]string { return ts } -func fields(msg *rfc5424.SyslogMessage) map[string]interface{} { +func fields(msg rfc5424.SyslogMessage) map[string]interface{} { + // Not checking assuming a minimally valid message flds := map[string]interface{}{ "version": msg.Version(), } + flds["severity_code"] = int(*msg.Severity()) + flds["facility_code"] = int(*msg.Facility()) if msg.Timestamp() != nil { flds["timestamp"] = *msg.Timestamp()