/syslogparser

A Syslog parser for the Go programming language
  1. Go 98.9%
  2. Makefile 1.1%
Go Makefile
Clone or download

Clone with HTTPS

Use Git or checkout with SVN using the web URL.

Open in Desktop Download ZIP
Find file
Switch branches/tags
Nothing to show
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
rfc3164
rfc5424
.gitignore
LICENSE
Makefile
README
dependencies.txt
syslogparser.go
syslogparser_test.go

README 

Syslogparser
============

This is a syslog parser for the Go programming language.


Installing
----------

go get github.com/jeromer/syslogparser


Supported RFCs
--------------

RFC 3164 : https://tools.ietf.org/html/rfc3164
RFC 5424 : https://tools.ietf.org/html/rfc5424

Not all features described in RFCs above are supported but only the most part of
it. For exaple SDIDs are not supported in RFC5424 and STRUCTURED-DATA are
parsed as a whole string.

This parser should solve 80% of use cases. If your use cases are in the 20%
remaining ones I would recommend you to fully test what you want to achieve and
provide a patch if you want.

Parsing an RFC 3164 syslog message
----------------------------------

	b := "<34>Oct 11 22:14:15 mymachine su: 'su root' failed for lonvick on /dev/pts/8"
	buff := []byte(b)

	p := rfc3164.NewParser(buff)
	err := p.Parse()
	if err != nil {
		panic(err)
	}

	for k, v := range p.Dump() {
		fmt.Println(k, ":", v)
	}

You should see

    timestamp : 2013-10-11 22:14:15 +0000 UTC
    hostname  : mymachine
    tag       : su
    content   : 'su root' failed for lonvick on /dev/pts/8
    priority  : 34
    facility  : 4
    severity  : 2

Parsing an RFC 5424 syslog message
----------------------------------

	b := `<165>1 2003-10-11T22:14:15.003Z mymachine.example.com evntslog - ID47 [exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"] An application event log entry...`
	buff := []byte(b)

	p := rfc5424.NewParser(buff)
	err := p.Parse()
	if err != nil {
		panic(err)
	}

	for k, v := range p.Dump() {
		fmt.Println(k, ":", v)
	}

You should see

    version : 1
    timestamp : 2003-10-11 22:14:15.003 +0000 UTC
    app_name : evntslog
    msg_id : ID47
    message : An application event log entry...
    priority : 165
    facility : 20
    severity : 5
    hostname : mymachine.example.com
    proc_id : -
    structured_data : [exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"]


Running tests
-------------

make tests


Running benchmarks
------------------

make benchmarks