Non-transparent transport of syslog messages

Gopkg.toml

@@ -72,7 +72,7 @@
 
 [[constraint]]
   name = "github.com/influxdata/go-syslog"
-  version = "1.0.1"
+  branch = "feature/rfc6587"
 
 [[constraint]]
   name = "github.com/influxdata/tail"

plugins/inputs/syslog/README.md

@@ -2,7 +2,8 @@
 
 The syslog plugin listens for syslog messages transmitted over
 [UDP](https://tools.ietf.org/html/rfc5426) or
-[TCP](https://tools.ietf.org/html/rfc5425).
+[TCP](https://tools.ietf.org/html/rfc6587) or
+[TLS](https://tools.ietf.org/html/rfc5425), with or without the octet counting framing.
 
 Syslog messages should be formatted according to
 [RFC 5424](https://tools.ietf.org/html/rfc5424).
@@ -37,6 +38,15 @@ Syslog messages should be formatted according to
   ## 0 means unlimited.
   # read_timeout = "5s"
 
+  ## Whether the messages come using the transparent framing or not (default = false).
+  ## When false messages come using non-transparent framing technique (RFC6587#section-3.4.2).
+  ## True means messages come using octect-counting framing technique (RFC5425#section-4.3.1 and RFC6587#section-3.4.1).
+  # transparent_framing = false
+
+  ## The trailer to be expected in case of non-trasparent framing (default = "LF").
+  ## Must be one of "LF", or "NUL".
+  # trailer = "LF"
+
   ## Whether to parse in best effort mode or not (default = false).
   ## By default best effort parsing is off.
   # best_effort = false
@@ -49,11 +59,18 @@ Syslog messages should be formatted according to
   # sdparam_separator = "_"
 ```
 
-#### Best Effort
+#### Message transport
+
+The `transparent_framing` option only applies to streams. It governs the way we expect to receive messages within the stream.
+With the [octet counting](https://tools.ietf.org/html/rfc5425#section-4.3) technique or with the [non-transparent](https://tools.ietf.org/html/rfc6587#section-3.4.2) framing.
+
+The `trailer` option only applies when `transparent_framing` is `false` - ie., non-transparent transport.
+
+#### Best effort
 
 The [`best_effort`](https://github.com/influxdata/go-syslog#best-effort-mode)
 option instructs the parser to extract partial but valid info from syslog
-messages.  If unset only full messages will be collected.
+messages. If unset only full messages will be collected.
 
 #### Rsyslog Integration
 

plugins/inputs/syslog/commons_test.go

@@ -0,0 +1,62 @@
+package syslog
+
+import (
+	"github.com/influxdata/telegraf/internal"
+	"github.com/influxdata/telegraf/testutil"
+	"time"
+)
+
+var (
+	pki = testutil.NewPKI("../../../testutil/pki")
+)
+
+type testCasePacket struct {
+	name           string
+	data           []byte
+	wantBestEffort *testutil.Metric
+	wantStrict     *testutil.Metric
+	werr           bool
+}
+
+type testCaseStream struct {
+	name           string
+	data           []byte
+	wantBestEffort []testutil.Metric
+	wantStrict     []testutil.Metric
+	werr           int // how many errors we expect in the strict mode?
+}
+
+func newUDPSyslogReceiver(address string, bestEffort bool) *Syslog {
+	return &Syslog{
+		Address: address,
+		now: func() time.Time {
+			return defaultTime
+		},
+		BestEffort: bestEffort,
+		Separator:  "_",
+	}
+}
+
+func newTCPSyslogReceiver(address string, keepAlive *internal.Duration, maxConn int, bestEffort bool, transparent bool) *Syslog {
+	d := &internal.Duration{
+		Duration: defaultReadTimeout,
+	}
+	s := &Syslog{
+		Address: address,
+		now: func() time.Time {
+			return defaultTime
+		},
+		TransparentFraming: transparent,
+		ReadTimeout:        d,
+		BestEffort:         bestEffort,
+		Separator:          "_",
+	}
+	if keepAlive != nil {
+		s.KeepAlivePeriod = keepAlive
+	}
+	if maxConn > 0 {
+		s.MaxConnections = maxConn
+	}
+
+	return s
+}