github-mirrors/logstash
1
0
Fork 0
mirror of https://github.com/elastic/logstash.git synced 2025-04-24 14:47:19 -04:00
Code Issues Projects Releases Packages Wiki Activity

Changes wrt. @jordansissel's comments on [my pull request](https://github.com/logstash/logstash/pull/415).

Browse source
This commit is contained in:
Alexander Papaspyrou 2013-03-22 20:04:15 +01:00
parent e332f52c48
commit c0937c5cb3
2 changed files with 13 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

6
patterns/linux-syslog
View file

@ -7,7 +7,7 @@ CRONLOG %{SYSLOGBASE} \(%{USER:user}\) %{CRON_ACTION:action} \(%{DATA:message}\)
SYSLOGLINE %{SYSLOGBASE2} %{GREEDYDATA:message}
# IETF 5424 syslog(8) format (see http://www.rfc-editor.org/info/rfc5424)
IETF_SYSLOG_PRI (?:\<%{NONNEGINT<192}\>)
IETF_SYSLOG_SD (?:\[%{DATA}\]+|-)
SYSLOG5424PRI (?:\<%{NONNEGINT}\>)
SYSLOG5424SD (?:\[%{DATA}\]+|-)
IETF_SYSLOG_LINE %{IETF_SYSLOG_PRI:ietf_syslog_pri}%{NONNEGINT:ietf_syslog_ver} (%{TIMESTAMP_ISO8601:ietf_syslog_ts}|-) (%{HOSTNAME:ietf_syslog_host}|-) (%{WORD:ietf_syslog_app}|-) (%{WORD:ietf_syslog_proc}|-) (%{WORD:ietf_syslog_msgid}|-) %{IETF_SYSLOG_SD:ietf_syslog_sd} %{GREEDYDATA:ietf_syslog_msg}
SYSLOG5424LINE %{SYSLOG5424PRI:ietf_syslog_pri}%{NONNEGINT:syslog5424_ver} (%{TIMESTAMP_ISO8601:syslog5424_ts}|-) (%{HOSTNAME:syslog5424_host}|-) (%{WORD:syslog5424_app}|-) (%{WORD:syslog5424_proc}|-) (%{WORD:syslog5424_msgid}|-) %{SYSLOG5424SD:syslog5424_sd} %{GREEDYDATA:ietf_syslog_msg}

20
spec/filters/grok.rb
View file

@ -32,7 +32,7 @@ describe LogStash::Filters::Grok do
config <<-CONFIG
filter {
grok {
pattern => "%{IETF_SYSLOG LINE}"
pattern => "%{SYSLOG5424LINE}"
singles => true
}
}
@ -40,15 +40,15 @@ describe LogStash::Filters::Grok do
sample "<191>1 2009-06-30T18:30:00+02:00 paxton.local grokdebug 4123 - [id1 foo="bar"][id2 baz="something"] Hello, syslog." do
reject { subject["@tags"] }.include?("_grokparsefailure")
insist { subject["ietf_syslog_pri"] } == "<191>"
insist { subject["ietf_syslog_ver"] } == "1"
insist { subject["ietf_syslog_ts"] } == "2009-06-30T18:30:00+02:00"
insist { subject["ietf_syslog_host"] } == "paxton.local"
insist { subject["ietf_syslog_app"] } == "grokdebug"
insist { subject["ietf_syslog_proc"] } == "4123"
insist { subject["ietf_syslog_msgid"] } == null
insist { subject["ietf_syslog_sd"] } == "[id1 foo=\"bar\"][id2 baz=\"something\"]"
insist { subject["ietf_syslog_msg"] } == "Hello, syslog."
insist { subject["syslog5424_pri"] } == "<191>"
insist { subject["syslog5424_ver"] } == "1"
insist { subject["syslog5424_ts"] } == "2009-06-30T18:30:00+02:00"
insist { subject["syslog5424_host"] } == "paxton.local"
insist { subject["syslog5424_app"] } == "grokdebug"
insist { subject["syslog5424_proc"] } == "4123"
insist { subject["syslog5424_msgid"] } == nil
insist { subject["syslog5424_sd"] } == "[id1 foo=\"bar\"][id2 baz=\"something\"]"
insist { subject["syslog5424_msg"] } == "Hello, syslog."
end
end