[jira] [Commented] (NIFI-5325) Need a Syslog Parser that fully supports the 5424 Spec

Wed, 20 Jun 2018 13:22:23 -0700 


    [ 
https://issues.apache.org/jira/browse/NIFI-5325?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16518555#comment-16518555
 ] 

ASF GitHub Bot commented on NIFI-5325:
--------------------------------------

Github user ottobackwards commented on a diff in the pull request:

    https://github.com/apache/nifi/pull/2805#discussion_r196929192
  
    --- Diff: 
nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ParseSyslog5424.java
 ---
    @@ -0,0 +1,174 @@
    +/*
    + * Licensed to the Apache Software Foundation (ASF) under one or more
    + * contributor license agreements.  See the NOTICE file distributed with
    + * this work for additional information regarding copyright ownership.
    + * The ASF licenses this file to You under the Apache License, Version 2.0
    + * (the "License"); you may not use this file except in compliance with
    + * the License.  You may obtain a copy of the License at
    + *
    + *     http://www.apache.org/licenses/LICENSE-2.0
    + *
    + * Unless required by applicable law or agreed to in writing, software
    + * distributed under the License is distributed on an "AS IS" BASIS,
    + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    + * See the License for the specific language governing permissions and
    + * limitations under the License.
    + */
    +
    +package org.apache.nifi.processors.standard;
    +
    +import com.github.palindromicity.syslog.NilPolicy;
    +import org.apache.nifi.annotation.behavior.EventDriven;
    +import org.apache.nifi.annotation.behavior.InputRequirement;
    +import org.apache.nifi.annotation.behavior.InputRequirement.Requirement;
    +import org.apache.nifi.annotation.behavior.SideEffectFree;
    +import org.apache.nifi.annotation.behavior.SupportsBatching;
    +import org.apache.nifi.annotation.behavior.WritesAttribute;
    +import org.apache.nifi.annotation.behavior.WritesAttributes;
    +import org.apache.nifi.annotation.documentation.CapabilityDescription;
    +import org.apache.nifi.annotation.documentation.SeeAlso;
    +import org.apache.nifi.annotation.documentation.Tags;
    +import org.apache.nifi.components.AllowableValue;
    +import org.apache.nifi.components.PropertyDescriptor;
    +import org.apache.nifi.expression.ExpressionLanguageScope;
    +import org.apache.nifi.flowfile.FlowFile;
    +import org.apache.nifi.processor.AbstractProcessor;
    +import org.apache.nifi.processor.ProcessContext;
    +import org.apache.nifi.processor.ProcessSession;
    +import org.apache.nifi.processor.Relationship;
    +import org.apache.nifi.processor.exception.ProcessException;
    +import org.apache.nifi.processor.io.InputStreamCallback;
    +import org.apache.nifi.processor.util.StandardValidators;
    +import org.apache.nifi.processors.standard.syslog.StrictSyslog5424Parser;
    +import org.apache.nifi.processors.standard.syslog.Syslog5424Event;
    +import org.apache.nifi.stream.io.StreamUtils;
    +
    +import java.io.IOException;
    +import java.io.InputStream;
    +import java.nio.charset.Charset;
    +import java.util.ArrayList;
    +import java.util.HashSet;
    +import java.util.List;
    +import java.util.Set;
    +
    +
    +@EventDriven
    +@SideEffectFree
    +@SupportsBatching
    +@InputRequirement(Requirement.INPUT_REQUIRED)
    +@Tags({"logs", "syslog", "syslog5424", "attributes", "system", "event", 
"message"})
    +@CapabilityDescription("Attempts to parse the contents of a well formed 
Syslog message in accordance to RFC5424 " +
    +        "format and adds attributes to the FlowFile for each of the parts 
of the Syslog message, including Structured Data." +
    +        "Structured Data will be written to attributes as on attribute per 
item id + parameter "+
    +        "see https://tools.ietf.org/html/rfc5424."; +
    +        "Note: ParseSyslog5424 follows the specification more closely than 
ParseSyslog.  If your Syslog producer " +
    +        "does not follow the spec closely, with regards to using '-' for 
missing header entries for example, those logs " +
    +        "will fail with this parser, where they would not fail with 
ParseSyslog.")
    +@WritesAttributes({@WritesAttribute(attribute = "syslog.priority", 
description = "The priority of the Syslog message."),
    +    @WritesAttribute(attribute = "syslog.severity", description = "The 
severity of the Syslog message derived from the priority."),
    +    @WritesAttribute(attribute = "syslog.facility", description = "The 
facility of the Syslog message derived from the priority."),
    +    @WritesAttribute(attribute = "syslog.version", description = "The 
optional version from the Syslog message."),
    +    @WritesAttribute(attribute = "syslog.timestamp", description = "The 
timestamp of the Syslog message."),
    +    @WritesAttribute(attribute = "syslog.hostname", description = "The 
hostname or IP address of the Syslog message."),
    +    @WritesAttribute(attribute = "syslog.appname", description = "The 
appname of the Syslog message."),
    +    @WritesAttribute(attribute = "syslog.procid", description = "The 
procid of the Syslog message."),
    +    @WritesAttribute(attribute = "syslog.messageid", description = "The 
messageid the Syslog message."),
    +    @WritesAttribute(attribute = "syslog.structuredData", description = 
"Multiple entries per structuredData of the Syslog message."),
    +    @WritesAttribute(attribute = "syslog.sender", description = "The 
hostname of the Syslog server that sent the message."),
    +    @WritesAttribute(attribute = "syslog.body", description = "The body of 
the Syslog message, everything after the hostname.")})
    --- End diff --
    
    Another option would be to put the attributes in, and write the body AS the 
flowfile
    Kind of separating syslog the transport from the message fmt.
    
    I think this is a good idea, anyone else we can bounce this off of?


> Need a Syslog Parser that fully supports the 5424 Spec
> ------------------------------------------------------
>
>                 Key: NIFI-5325
>                 URL: https://issues.apache.org/jira/browse/NIFI-5325
>             Project: Apache NiFi
>          Issue Type: New Feature
>            Reporter: Otto Fowler
>            Assignee: Otto Fowler
>            Priority: Major
>
> from NIFI-5139
> "The Structured Data as described in 
> [https://tools.ietf.org/html/rfc5424#section-6.3] are not read by Nifi.
>  
> I suggest the SD to be put in attributes, prefixed by the ID:
> [exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"]
> to become 3 attributes
>  * exampleSID@32473-iut = 3
>  * exampleSID@32473-eventSource=Application
>  * exampleSID@32473-eventID=1011
>  
> This could be useful to preprocess RFC5424 message, prioritize or route them."
>  
> Nifi should a have a parser to fully support the spec and structured data.
> Since integrating it, and special casing the existing parser would 
> simnifically complicate that processor and move it from it's least common 
> denominator goal, it should be a new parser
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to