This repository was archived by the owner on Oct 28, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathsyslog_symfony2_decoder.lua
More file actions
121 lines (102 loc) · 5.01 KB
/
syslog_symfony2_decoder.lua
File metadata and controls
121 lines (102 loc) · 5.01 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
-- http://rsyslog-5-8-6-doc.neocities.org/rsyslog_conf_templates.html
-- https://github.com/Seldaek/monolog/blob/master/doc/usage.md
--
-- context is filled like this: $logger->addInfo('Adding a new user', array('username' => 'Seldaek'));
--
-- extra is filled using monolog processor plugins
--
--
-- syslog part monolog part
-- --------------------------------------- ------------------------------------------------------------------------
--
-- May 29 17:05:51 app-myapi myapi[22771]: app.WARNING: My message logged with monolog [] {"token":"5568804fb7570"}
--
-- +-------------- +-------- +---- +---- +-- ------+ -----------------------------+ -+ ------------------------+
-- | | | | | | | | |
-- | | | | | +- the monolog log level | | |
-- | | | | | | | |
-- | | | | +- the monolog channel | | |
-- | | | | | | |
-- | | | +- the pid of the process that logged | | |
-- | | | | | |
-- | | +- the name of the process that logged | | |
-- | | | | |
-- | +- the hostname of the machine that logged | | |
-- | | | |
-- +- the date of the log message | | |
-- | | |
-- the actual message logged with monolog -+ | |
-- | |
-- the monolog `context` field is a valid json object -+ |
-- |
-- the monolog `extra` is a valid json object -+
require "string"
require "cjson"
local syslog = require "syslog"
local template = read_config("template")
local msg_type = read_config("type")
local hostname_keep = read_config("hostname_keep")
local msg = {
Timestamp = nil,
Type = msg_type,
Hostname = nil,
Payload = nil,
Pid = nil,
Severity = nil,
Fields = nil
}
local grammar = syslog.build_rsyslog_grammar(template)
function table_concat(...)
local t = {}
for i = 1, arg.n do
local array = arg[i]
if (type(array) == "table") then
for key, val in next, array do
if key then t[key] = val end
end
end
end
return t
end
function process_message ()
local log = read_message("Payload")
local fields = grammar:match(log)
if not fields then return -1 end
if fields.timestamp then
msg.Timestamp = fields.timestamp
fields.timestamp = nil
end
if fields.pri then
msg.Severity = fields.pri.severity
fields.syslogfacility = fields.pri.facility
fields.pri = nil
else
msg.Severity = fields.syslogseverity or fields["syslogseverity-text"]
or fields.syslogpriority or fields["syslogpriority-text"]
fields.syslogseverity = nil
fields["syslogseverity-text"] = nil
fields.syslogpriority = nil
fields["syslogpriority-text"] = nil
end
if fields.syslogtag then
fields.programname = fields.syslogtag.programname
msg.Pid = fields.syslogtag.pid
fields.syslogtag = nil
end
if not hostname_keep then
msg.Hostname = fields.hostname or fields.source
fields.hostname = nil
fields.source = nil
end
-- Parse symfony2 style monolog messages.
local regex = "^(%a+)%.(%a+): (.+) ([{%[].*[}%]]) ([{%[].*[}%]])$"
_, _, fields.channel, fields.levelname, msg.Payload, context, extra = string.find(fields.msg, regex)
fields.msg = nil
-- context and extra are valid json datastructures.
local json_context = cjson.decode(context)
local json_extra = cjson.decode(extra)
-- Merge the key/value pairs into the message fields.
msg.Fields = table_concat(fields, json_extra, json_context)
if not pcall(inject_message, msg) then return -1 end
return 0
end