github-mirrors/logstash
1
0
Fork 0
mirror of https://github.com/elastic/logstash.git synced 2025-04-23 22:27:21 -04:00
Code Issues Projects Releases Packages Wiki Activity

Added more tests without the need for live syslog input

Browse source 
Closes #1593
This commit is contained in:
Suyog Rao 2014-08-26 14:36:27 -07:00
parent bdd69065a4
commit a764ed956e
2 changed files with 24 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

4
lib/logstash/inputs/syslog.rb
View file

@ -56,7 +56,7 @@ class LogStash::Inputs::Syslog < LogStash::Inputs::Base
@grok_filter = LogStash::Filters::Grok.new(
"overwrite" => "message",
"match" => { "message" => "<%{POSINT:priority}>%{SYSLOGLINE}" },
"tag_on_failure" => ["_grokparsefailure_sysloginputplugin"],
"tag_on_failure" => ["_grokparsefailure_sysloginput"],
)
@date_filter = LogStash::Filters::Date.new(
@ -198,7 +198,7 @@ class LogStash::Inputs::Syslog < LogStash::Inputs::Base
def syslog_relay(event)
@grok_filter.filter(event)
if event["tags"].nil? || !event["tags"].include?("_grokparsefailure")
if event["tags"].nil? || !event["tags"].include?(@grok_filter.tag_on_failure)
# Per RFC3164, priority = (facility * 8) + severity
# = (facility << 3) & (severity)
priority = event["priority"].to_i rescue 13

25
spec/inputs/syslog.rb
View file

@ -1,11 +1,13 @@
# coding: utf-8
require "test_utils"
require "socket"
require "logstash/inputs/syslog"
require "logstash/event"
describe "inputs/syslog", :socket => true do
describe "inputs/syslog" do
extend LogStash::RSpec
describe "properly handles priority, severity and facilities" do
it "should properly handle priority, severity and facilities", :socket => true do
port = 5511
event_count = 10
@ -39,7 +41,7 @@ describe "inputs/syslog", :socket => true do
end
end
describe "adds unique tag when grok parsing fails" do
it "should add unique tag when grok parsing fails with live syslog input", :socket => true do
port = 5511
event_count = 10
@ -70,4 +72,21 @@ describe "inputs/syslog", :socket => true do
end
end
end
it "should add unique tag when grok parsing fails" do
input = LogStash::Inputs::Syslog.new({})
input.register
# event which is not syslog should have a new tag
event = LogStash::Event.new({ "message" => "hello world, this is not syslog RFC3164" })
input.syslog_relay(event)
insist { event["tags"] } == ["_grokparsefailure_sysloginput"]
syslog_event = LogStash::Event.new({ "message" => "<164>Oct 26 15:19:25 1.2.3.4 %ASA-4-106023: Deny udp src DRAC:10.1.2.3/43434" })
input.syslog_relay(syslog_event)
insist { syslog_event["priority"] } == 164
insist { syslog_event["severity"] } == 4
insist { syslog_event["tags"] } == nil
end
end