Class: Fluent::Plugin::HerokuSyslogHttpParser
- Inherits:
-
RegexpParser
- Object
- RegexpParser
- Fluent::Plugin::HerokuSyslogHttpParser
- Defined in:
- lib/fluent/plugin/parser_heroku_syslog_http.rb
Constant Summary collapse
- SYSLOG_HTTP_REGEXP =
%r{^\<(?<syslog.pri>[0-9]+)\>([0-9]+) (?<syslog.timestamp>[^ ]+) (?<syslog.hostname>[^ ]+) (?<syslog.appname>[^ ]+) (?<syslog.procid>[^ ]+) - *(?<message>.*)$}m
- FACILITY_MAP =
{ 0 => 'kern', 1 => 'user', 2 => 'mail', 3 => 'daemon', 4 => 'auth', 5 => 'syslog', 6 => 'lpr', 7 => 'news', 8 => 'uucp', 9 => 'cron', 10 => 'authpriv', 11 => 'ftp', 12 => 'ntp', 13 => 'audit', 14 => 'alert', 15 => 'at', 16 => 'local0', 17 => 'local1', 18 => 'local2', 19 => 'local3', 20 => 'local4', 21 => 'local5', 22 => 'local6', 23 => 'local7' }.freeze
- SEVERITY_MAP =
{ 0 => 'emerg', 1 => 'alert', 2 => 'crit', 3 => 'err', 4 => 'warn', 5 => 'notice', 6 => 'info', 7 => 'debug' }.freeze
Instance Method Summary collapse
Instance Method Details
#parse(text) ⇒ Object
64 65 66 67 68 |
# File 'lib/fluent/plugin/parser_heroku_syslog_http.rb', line 64 def parse(text) super(text) do |time, record| yield time, parse_prival(record) end end |
#parse_prival(record) ⇒ Object
55 56 57 58 59 60 61 62 |
# File 'lib/fluent/plugin/parser_heroku_syslog_http.rb', line 55 def parse_prival(record) if record && record['syslog.pri'] pri = record['syslog.pri'].to_i record['syslog.facility'] = FACILITY_MAP[pri >> 3] record['syslog.severity'] = SEVERITY_MAP[pri & 0b111] end record end |