Update: Refinements on the syslog input plugin

plugins/inputs/syslog/README.md

@@ -46,7 +46,8 @@ To configure this plugin as per RFC5426 give it the following configuration:
 Other available configurations are:
 
 - `keep_alive_period`, `max_connections` for stream sockets
-- `best_effort` to tell the parser to work until it is able to do and extract partial but valid info
+- `read_timeout`
+- `best_effort` to tell the parser to work until it is able to do and extract partial but valid info (more [here](https://github.com/influxdata/go-syslog#best-effort-mode))
 
 ### Metrics
 
@@ -70,9 +71,9 @@ The name of fields in _italic_ corresponds to their runtime value.
 
 The fields/tags which name is in **bold** will always be present when a valid Syslog message has been received.
 
-### Syslog transport sender
+### RSYSLOG integration
 
-The following instructions illustrate how to configure a syslog transport sender as per RFC5425 - ie., using the octect framing technique.
+The following instructions illustrate how to configure a syslog transport sender as per RFC5425 - ie., using the octect framing technique - via RSYSLOG.
 
 Install `rsyslog`.
 

plugins/inputs/syslog/syslog.go

@@ -49,42 +49,42 @@ type Syslog struct {
 }
 
 var sampleConfig = `
-    ## Specify an ip or hostname with port - eg., localhost:6514, 10.0.0.1:6514
-    ## Address and port to host the syslog receiver.
-    ## If no server is specified, then localhost is used as the host.
-    ## If no port is specified, 6514 is used (RFC5425#section-4.1).
-	server = ":6514"
-	
-	## Protocol (default = tcp)
-	## Should be one of the following values:
-	## tcp, tcp4, tcp6, unix, unixpacket, udp, udp4, udp6, ip, ip4, ip6, unixgram.
-	## Otherwise forced to the default.
-	# protocol = "tcp"
-
-    ## TLS Config
-    # tls_allowed_cacerts = ["/etc/telegraf/ca.pem"]
-    # tls_cert = "/etc/telegraf/cert.pem"
-    # tls_key = "/etc/telegraf/key.pem"
-	
-	## Period between keep alive probes.
-	## 0 disables keep alive probes.
-	## Defaults to the OS configuration.
-	## Only applies to stream sockets (e.g. TCP).
-	# keep_alive_period = "5m"
-
-	## Maximum number of concurrent connections (default = 0).
-	## 0 means unlimited.
-	## Only applies to stream sockets (e.g. TCP).
-	# max_connections = 1024
-
-	## Read timeout (default = 500ms).
-	## 0 means unlimited.
-	## Only applies to stream sockets (e.g. TCP).
-	read_timeout = 500ms
-
-	## Whether to parse in best effort mode or not (default = false).
-	## By default best effort parsing is off.
-	# best_effort = false
+  ## Specify an ip or hostname with port - eg., localhost:6514, 10.0.0.1:6514
+  ## Address and port to host the syslog receiver.
+  ## If no server is specified, then localhost is used as the host.
+  ## If no port is specified, 6514 is used (RFC5425#section-4.1).
+  server = ":6514"
+
+  ## Protocol (default = tcp)
+  ## Should be one of the following values:
+  ## tcp, tcp4, tcp6, unix, unixpacket, udp, udp4, udp6, ip, ip4, ip6, unixgram.
+  ## Otherwise forced to the default.
+  # protocol = "tcp"
+
+  ## TLS Config
+  # tls_allowed_cacerts = ["/etc/telegraf/ca.pem"]
+  # tls_cert = "/etc/telegraf/cert.pem"
+  # tls_key = "/etc/telegraf/key.pem"
+
+  ## Period between keep alive probes.
+  ## 0 disables keep alive probes.
+  ## Defaults to the OS configuration.
+  ## Only applies to stream sockets (e.g. TCP).
+  # keep_alive_period = "5m"
+
+  ## Maximum number of concurrent connections (default = 0).
+  ## 0 means unlimited.
+  ## Only applies to stream sockets (e.g. TCP).
+  # max_connections = 1024
+
+  ## Read timeout (default = 500ms).
+  ## 0 means unlimited.
+  ## Only applies to stream sockets (e.g. TCP).
+  # read_timeout = 500ms
+
+  ## Whether to parse in best effort mode or not (default = false).
+  ## By default best effort parsing is off.
+  # best_effort = false
 `
 
 // SampleConfig returns sample configuration message
@@ -94,7 +94,7 @@ func (s *Syslog) SampleConfig() string {
 
 // Description returns the plugin description
 func (s *Syslog) Description() string {
-	return "Influx syslog receiver as per RFC5425"
+	return "Accepts syslog messages per RFC5425"
 }
 
 // Gather ...
@@ -107,10 +107,6 @@ func (s *Syslog) Start(acc telegraf.Accumulator) error {
 	s.mu.Lock()
 	defer s.mu.Unlock()
 
-	// tags := map[string]string{
-	// 	"address": s.Address,
-	// }
-
 	switch s.Protocol {
 	case "tcp", "tcp4", "tcp6", "unix", "unixpacket":
 		s.isTCP = true
@@ -132,8 +128,9 @@ func (s *Syslog) Start(acc telegraf.Accumulator) error {
 		}
 		s.Closer = l
 		s.tcpListener = l
-		if tlsConfig, _ := s.TLSConfig(); tlsConfig != nil {
-			s.tlsConfig = tlsConfig
+		s.tlsConfig, err = s.TLSConfig()
+		if err != nil {
+			return err
 		}
 
 		s.wg.Add(1)
@@ -167,8 +164,6 @@ func (s *Syslog) Stop() {
 		s.Close()
 	}
 	s.wg.Wait()
-
-	log.Printf("I! Stopped syslog receiver at %s\n", s.Address)
 }
 
 func (s *Syslog) listenPacket(acc telegraf.Accumulator) {
@@ -178,7 +173,6 @@ func (s *Syslog) listenPacket(acc telegraf.Accumulator) {
 		n, _, err := s.udpListener.ReadFrom(b)
 		if err != nil {
 			if !strings.HasSuffix(err.Error(), ": use of closed network connection") {
-				log.Println(err)
 				acc.AddError(err)
 			}
 			break
@@ -189,9 +183,9 @@ func (s *Syslog) listenPacket(acc telegraf.Accumulator) {
 		}
 
 		p := rfc5424.NewParser()
-		mex, err := p.Parse(b[:n], &s.BestEffort)
-		if mex != nil {
-			acc.AddFields("syslog", fields(mex), tags(mex), s.now())
+		message, err := p.Parse(b[:n], &s.BestEffort)
+		if message != nil {
+			acc.AddFields("syslog", fields(message), tags(message), s.now())
 		}
 		if err != nil {
 			acc.AddError(err)
@@ -208,7 +202,6 @@ func (s *Syslog) listenStream(acc telegraf.Accumulator) {
 		conn, err := s.tcpListener.Accept()
 		if err != nil {
 			if !strings.HasSuffix(err.Error(), ": use of closed network connection") {
-				log.Println(err)
 				acc.AddError(err)
 			}
 			break
@@ -248,8 +241,10 @@ func (s *Syslog) removeConnection(c net.Conn) {
 }
 
 func (s *Syslog) handle(conn net.Conn, acc telegraf.Accumulator) {
-	defer s.removeConnection(conn)
-	defer conn.Close()
+	defer func() {
+		s.removeConnection(conn)
+		conn.Close()
+	}()
 
 	if s.ReadTimeout != nil && s.ReadTimeout.Duration > 0 {
 		conn.SetReadDeadline(time.Now().Add(s.ReadTimeout.Duration))

plugins/inputs/syslog/syslog_test.go

@@ -10,17 +10,14 @@ import (
 )
 
 var defaultTime = time.Unix(0, 0)
-
-var (
-	maxP        uint8
-	maxV        uint16
-	maxTS       string
-	maxH        string
-	maxA        string
-	maxPID      string
-	maxMID      string
-	message7681 string
-)
+var maxP = uint8(191)
+var maxV = uint16(999)
+var maxTS = "2017-12-31T23:59:59.999999+00:00"
+var maxH = "abcdefghilmnopqrstuvzabcdefghilmnopqrstuvzabcdefghilmnopqrstuvzabcdefghilmnopqrstuvzabcdefghilmnopqrstuvzabcdefghilmnopqrstuvzabcdefghilmnopqrstuvzabcdefghilmnopqrstuvzabcdefghilmnopqrstuvzabcdefghilmnopqrstuvzabcdefghilmnopqrstuvzabcdefghilmnopqrstuvzabc"
+var maxA = "abcdefghilmnopqrstuvzabcdefghilmnopqrstuvzabcdef"
+var maxPID = "abcdefghilmnopqrstuvzabcdefghilmnopqrstuvzabcdefghilmnopqrstuvzabcdefghilmnopqrstuvzabcdefghilmnopqrstuvzabcdefghilmnopqrstuvzab"
+var maxMID = "abcdefghilmnopqrstuvzabcdefghilm"
+var message7681 = getRandomString(7681)
 
 func TestListenError(t *testing.T) {
 	receiver := &Syslog{
@@ -54,14 +51,3 @@ func getRandomString(n int) string {
 
 	return string(b)
 }
-
-func init() {
-	maxP = uint8(191)
-	maxV = uint16(999)
-	maxTS = "2017-12-31T23:59:59.999999+00:00"
-	maxH = "abcdefghilmnopqrstuvzabcdefghilmnopqrstuvzabcdefghilmnopqrstuvzabcdefghilmnopqrstuvzabcdefghilmnopqrstuvzabcdefghilmnopqrstuvzabcdefghilmnopqrstuvzabcdefghilmnopqrstuvzabcdefghilmnopqrstuvzabcdefghilmnopqrstuvzabcdefghilmnopqrstuvzabcdefghilmnopqrstuvzabc"
-	maxA = "abcdefghilmnopqrstuvzabcdefghilmnopqrstuvzabcdef"
-	maxPID = "abcdefghilmnopqrstuvzabcdefghilmnopqrstuvzabcdefghilmnopqrstuvzabcdefghilmnopqrstuvzabcdefghilmnopqrstuvzabcdefghilmnopqrstuvzab"
-	maxMID = "abcdefghilmnopqrstuvzabcdefghilm"
-	message7681 = getRandomString(7681)
-}