Repository: nifi Updated Branches: refs/heads/master de67e5f7d -> 9ad780228
NIFI-1939 - Correct issue where ParseSyslog was unable to parse RFC3164 messages containg an IPv6 address as source NIFI-1939 - Fix typo and adjust ListenSyslog as per PR feedback This closes #1639. Signed-off-by: Bryan Bende <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/nifi/repo Commit: http://git-wip-us.apache.org/repos/asf/nifi/commit/9ad78022 Tree: http://git-wip-us.apache.org/repos/asf/nifi/tree/9ad78022 Diff: http://git-wip-us.apache.org/repos/asf/nifi/diff/9ad78022 Branch: refs/heads/master Commit: 9ad7802284e2688f8682869f62bbd3605dde357c Parents: de67e5f Author: Andre F de Miranda <[email protected]> Authored: Sat Apr 1 01:57:50 2017 +1100 Committer: Bryan Bende <[email protected]> Committed: Mon May 1 10:00:33 2017 -0400 ---------------------------------------------------------------------- .../nifi/processors/standard/ListenSyslog.java | 2 +- .../nifi/processors/standard/ParseSyslog.java | 8 +++-- .../standard/syslog/SyslogParser.java | 2 +- .../processors/standard/TestParseSyslog.java | 36 ++++++++++++++++++++ 4 files changed, 44 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/nifi/blob/9ad78022/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ListenSyslog.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ListenSyslog.java b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ListenSyslog.java index 76d5cbf..54d516f 100644 --- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ListenSyslog.java +++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ListenSyslog.java @@ -91,7 +91,7 @@ import org.apache.nifi.ssl.SSLContextService; @WritesAttribute(attribute="syslog.facility", description="The facility of the Syslog message derived from the priority."), @WritesAttribute(attribute="syslog.version", description="The optional version from the Syslog message."), @WritesAttribute(attribute="syslog.timestamp", description="The timestamp of the Syslog message."), - @WritesAttribute(attribute="syslog.hostname", description="The hostname of the Syslog message."), + @WritesAttribute(attribute="syslog.hostname", description="The hostname or IP address of the Syslog message."), @WritesAttribute(attribute="syslog.sender", description="The hostname of the Syslog server that sent the message."), @WritesAttribute(attribute="syslog.body", description="The body of the Syslog message, everything after the hostname."), @WritesAttribute(attribute="syslog.valid", description="An indicator of whether this message matched the expected formats. " + http://git-wip-us.apache.org/repos/asf/nifi/blob/9ad78022/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ParseSyslog.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ParseSyslog.java b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ParseSyslog.java index ae08b22..31691eb 100644 --- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ParseSyslog.java +++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ParseSyslog.java @@ -56,13 +56,17 @@ import org.apache.nifi.stream.io.StreamUtils; @SupportsBatching @InputRequirement(Requirement.INPUT_REQUIRED) @Tags({"logs", "syslog", "attributes", "system", "event", "message"}) -@CapabilityDescription("Parses the contents of a Syslog message and adds attributes to the FlowFile for each of the parts of the Syslog message") +@CapabilityDescription("Attempts to parses the contents of a Syslog message in accordance to RFC5424 and RFC3164 " + + "formats and adds attributes to the FlowFile for each of the parts of the Syslog message." + + "Note: Be mindfull that RFC3164 is informational and a wide range of different implementations are present in" + + " the wild. If messages fail parsing, considering using RFC5424 or using a generic parsing processors such as " + + "ExtractGrok.") @WritesAttributes({@WritesAttribute(attribute = "syslog.priority", description = "The priority of the Syslog message."), @WritesAttribute(attribute = "syslog.severity", description = "The severity of the Syslog message derived from the priority."), @WritesAttribute(attribute = "syslog.facility", description = "The facility of the Syslog message derived from the priority."), @WritesAttribute(attribute = "syslog.version", description = "The optional version from the Syslog message."), @WritesAttribute(attribute = "syslog.timestamp", description = "The timestamp of the Syslog message."), - @WritesAttribute(attribute = "syslog.hostname", description = "The hostname of the Syslog message."), + @WritesAttribute(attribute = "syslog.hostname", description = "The hostname or IP address of the Syslog message."), @WritesAttribute(attribute = "syslog.sender", description = "The hostname of the Syslog server that sent the message."), @WritesAttribute(attribute = "syslog.body", description = "The body of the Syslog message, everything after the hostname.")}) @SeeAlso({ListenSyslog.class, PutSyslog.class}) http://git-wip-us.apache.org/repos/asf/nifi/blob/9ad78022/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/syslog/SyslogParser.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/syslog/SyslogParser.java b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/syslog/SyslogParser.java index 52caedb..8235feb 100644 --- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/syslog/SyslogParser.java +++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/syslog/SyslogParser.java @@ -52,7 +52,7 @@ public class SyslogParser { // stamp MMM d HH:mm:ss, single digit date has two spaces "([A-Z][a-z][a-z]\\s{1,2}\\d{1,2}\\s\\d{2}[:]\\d{2}[:]\\d{2})" + "\\s" + // separator - "([\\w][\\w\\d\\.@-]*)" + // host + "([\\w][\\w\\d(\\.|\\:)@-]*)" + // host "\\s(.*)$"; // body public static final Collection<Pattern> MESSAGE_PATTERNS; http://git-wip-us.apache.org/repos/asf/nifi/blob/9ad78022/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestParseSyslog.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestParseSyslog.java b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestParseSyslog.java index 9e84b37..ff6cc90 100644 --- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestParseSyslog.java +++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestParseSyslog.java @@ -29,13 +29,18 @@ public class TestParseSyslog { static final String FAC = "4"; static final String TIME = "Oct 13 15:43:23"; static final String HOST = "localhost.home"; + static final String IPV6SRC = "fe80::216:3300:eeaa:eeaa"; + static final String IPV4SRC = "8.8.4.4"; static final String BODY = "some message"; static final String VALID_MESSAGE_RFC3164_0 = "<" + PRI + ">" + TIME + " " + HOST + " " + BODY + "\n"; + static final String VALID_MESSAGE_RFC3164_1 = "<" + PRI + ">" + TIME + " " + IPV6SRC + " " + BODY + "\n"; + static final String VALID_MESSAGE_RFC3164_2 = "<" + PRI + ">" + TIME + " " + IPV4SRC + " " + BODY + "\n"; @Test public void testSuccessfulParse3164() { final TestRunner runner = TestRunners.newTestRunner(new ParseSyslog()); + runner.enqueue(VALID_MESSAGE_RFC3164_0.getBytes()); runner.run(); @@ -49,6 +54,37 @@ public class TestParseSyslog { mff.assertAttributeEquals(SyslogAttributes.TIMESTAMP.key(), TIME); } + @Test + public void testValidIPv6Source() { + final TestRunner runner = TestRunners.newTestRunner(new ParseSyslog()); + runner.enqueue(VALID_MESSAGE_RFC3164_1.getBytes()); + runner.run(); + + runner.assertAllFlowFilesTransferred(ParseSyslog.REL_SUCCESS, 1); + final MockFlowFile mff = runner.getFlowFilesForRelationship(ParseSyslog.REL_SUCCESS).get(0); + mff.assertAttributeEquals(SyslogAttributes.BODY.key(), BODY); + mff.assertAttributeEquals(SyslogAttributes.FACILITY.key(), FAC); + mff.assertAttributeEquals(SyslogAttributes.HOSTNAME.key(), IPV6SRC); + mff.assertAttributeEquals(SyslogAttributes.PRIORITY.key(), PRI); + mff.assertAttributeEquals(SyslogAttributes.SEVERITY.key(), SEV); + mff.assertAttributeEquals(SyslogAttributes.TIMESTAMP.key(), TIME); + } + + @Test + public void testValidIPv4Source() { + final TestRunner runner = TestRunners.newTestRunner(new ParseSyslog()); + runner.enqueue(VALID_MESSAGE_RFC3164_2.getBytes()); + runner.run(); + + runner.assertAllFlowFilesTransferred(ParseSyslog.REL_SUCCESS, 1); + final MockFlowFile mff = runner.getFlowFilesForRelationship(ParseSyslog.REL_SUCCESS).get(0); + mff.assertAttributeEquals(SyslogAttributes.BODY.key(), BODY); + mff.assertAttributeEquals(SyslogAttributes.FACILITY.key(), FAC); + mff.assertAttributeEquals(SyslogAttributes.HOSTNAME.key(), IPV4SRC); + mff.assertAttributeEquals(SyslogAttributes.PRIORITY.key(), PRI); + mff.assertAttributeEquals(SyslogAttributes.SEVERITY.key(), SEV); + mff.assertAttributeEquals(SyslogAttributes.TIMESTAMP.key(), TIME); + } @Test public void testInvalidMessage() {
