forked from jeromer/syslogparser
-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathsyslogparser.go
More file actions
61 lines (48 loc) · 1.01 KB
/
syslogparser.go
File metadata and controls
61 lines (48 loc) · 1.01 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
// Package syslogparser implements functions to parsing RFC3164 or RFC5424 syslog messages.
// syslogparser provides one subpackage per RFC with an example usage for which RFC.
package syslogparser
import (
"bytes"
"errors"
"time"
"github.com/gravwell/syslogparser/parsercommon"
)
type RFC uint8
const (
RFC_UNKNOWN = iota
RFC_3164
RFC_5424
)
var (
errNoHeader = errors.New("no syslog header")
)
type LogParts map[string]interface{}
type LogParser interface {
Parse() error
Dump() LogParts
WithTimestampFormat(string)
WithLocation(*time.Location)
WithHostname(string)
WithTag(string)
}
func DetectRFC(buff []byte) (RFC, error) {
max := 10
var v int
var err error
if max > len(buff) {
max = len(buff)
}
idx := bytes.IndexByte(buff, '>')
if idx == -1 || idx >= max {
return RFC_UNKNOWN, errNoHeader
}
idx = idx + 1
v, err = parsercommon.ParseVersion(buff, &idx, max)
if err != nil {
return RFC_UNKNOWN, err
}
if v == parsercommon.NO_VERSION {
return RFC_3164, nil
}
return RFC_5424, nil
}