Module: LogPorter::Protocol::Syslog3164

Included in:
Server::Connection
Defined in:
lib/logporter/protocol/syslog3164.rb

Overview

class TimeParser

Instance Method Summary collapse

Instance Method Details

#parse_rfc3164(line, event, opts) ⇒ Object 



91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
 
# File 'lib/logporter/protocol/syslog3164.rb', line 91

def parse_rfc3164(line, event, opts)
  syslog3164_init if !@syslog3164_re
  m = @syslog3164_re.match(line)
  if m
    # RFC3164 section 4.3.3 No PRI or Unidentifiable PRI
    event.pri = m[1] || "13"

    if opts[:parse_time] 
      event.timestamp = TimeParser.strptime(m[2], "%b %d %H:%M:%S")
    else
      event.timestamp = Time.now
    end
    event.hostname = m[3]
    event.message = m[4]
    return true
  end
  return false
end

#syslog3164_initObject 



60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
 
# File 'lib/logporter/protocol/syslog3164.rb', line 60

def syslog3164_init
  pri = "(?:<(?<pri>[0-9]{1,3})>)?"
  month = "(?:Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec)"
  day = "(?: [1-9]|[12][0-9]|3[01])"
  hour = "(?:[01][0-9]|2[0-4])"
  minute = "(?:[0-5][0-9])"
  second = "(?:[0-5][0-9])"

  #pri = "(?:<(?<pri>[0-9]{1,3})>)?"
  #month = "(?:[A-z]{3})"
  #day = "[ 1-9][0-9]"
  #hour = "[0-9]{2}"
  #minute = "[0-9]{2}"
  #second = "[0-9]{2}"

  time = [hour, minute, second].join(":")

  timestamp = "(?<timestamp>#{month} #{day} #{time})"
  hostname = "(?<hostname>[A-Za-z0-9_.:]+)"
  header = timestamp + " " + hostname
  message = "(?<message>[ -~]+)"  # ascii 32 to 126
  re = "^#{pri}#{header} #{message}$"

  if RUBY_VERSION =~ /^1\.8/
    # Ruby 1.8 doesn't support named captures
    # replace (?<foo> with (
    re = re.gsub(/\(\?<[^>]+>/, "(")
  end
  @syslog3164_re = Regexp.new(re)
end