Class: Fluent::Plugin::HerokuSyslogHttpParser

Inherits:

RegexpParser

Object
RegexpParser
Fluent::Plugin::HerokuSyslogHttpParser

show all

Defined in:: lib/fluent/plugin/parser_heroku_syslog_http.rb

Constant Summary collapse

SYSLOG_HTTP_REGEXP =

%r{^\<(?<syslog.pri>[0-9]+)\>([0-9]+) (?<syslog.timestamp>[^ ]+) (?<syslog.hostname>[^ ]+) (?<syslog.appname>[^ ]+) (?<syslog.procid>[^ ]+) - *(?<message>.*)$}m

FACILITY_MAP =

{
  0   => 'kern',
  1   => 'user',
  2   => 'mail',
  3   => 'daemon',
  4   => 'auth',
  5   => 'syslog',
  6   => 'lpr',
  7   => 'news',
  8   => 'uucp',
  9   => 'cron',
  10  => 'authpriv',
  11  => 'ftp',
  12  => 'ntp',
  13  => 'audit',
  14  => 'alert',
  15  => 'at',
  16  => 'local0',
  17  => 'local1',
  18  => 'local2',
  19  => 'local3',
  20  => 'local4',
  21  => 'local5',
  22  => 'local6',
  23  => 'local7'
}.freeze

SEVERITY_MAP =

{
  0  => 'emerg',
  1  => 'alert',
  2  => 'crit',
  3  => 'err',
  4  => 'warn',
  5  => 'notice',
  6  => 'info',
  7  => 'debug'
}.freeze

Instance Method Summary collapse

#parse(text) ⇒ Object
#parse_prival(record) ⇒ Object

Instance Method Details

#parse(text) ⇒ `Object`

# File 'lib/fluent/plugin/parser_heroku_syslog_http.rb', line 64

def parse(text)
  super(text) do |time, record|
    yield time, parse_prival(record)
  end
end

#parse_prival(record) ⇒ `Object`

# File 'lib/fluent/plugin/parser_heroku_syslog_http.rb', line 55

def parse_prival(record)
  if record && record['syslog.pri']
    pri = record['syslog.pri'].to_i
    record['syslog.facility'] = FACILITY_MAP[pri >> 3]
    record['syslog.severity'] = SEVERITY_MAP[pri & 0b111]
  end
  record
end

Class: Fluent::Plugin::HerokuSyslogHttpParser

Constant Summary collapse

Instance Method Summary collapse

Instance Method Details

#parse(text) ⇒ Object

#parse_prival(record) ⇒ Object

#parse(text) ⇒ `Object`

#parse_prival(record) ⇒ `Object`