Syslogparser

This is a syslog parser for the Go programming language.

Installing

go get github.com/jeromer/syslogparser

Supported RFCs

RFC 3164 : https://tools.ietf.org/html/rfc3164 RFC 5424 : https://tools.ietf.org/html/rfc5424

Not all features described in RFCs above are supported but only the most part of it. For exaple SDIDs are not supported in RFC5424 and STRUCTURED-DATA are parsed as a whole string.

This parser should solve 80% of use cases. If your use cases are in the 20% remaining ones I would recommend you to fully test what you want to achieve and provide a patch if you want.

Parsing an RFC 3164 syslog message

b := "<34>Oct 11 22:14:15 mymachine su: 'su root' failed for lonvick on /dev/pts/8"
buff := []byte(b)

p := rfc3164.NewParser(buff)
err := p.Parse()
if err != nil {
	panic(err)
}

for k, v := range p.Dump() {
	fmt.Println(k, ":", v)
}

You should see

timestamp : 2013-10-11 22:14:15 +0000 UTC
hostname  : mymachine
tag       : su
content   : 'su root' failed for lonvick on /dev/pts/8
priority  : 34
facility  : 4
severity  : 2

Parsing an RFC 5424 syslog message

b := `<165>1 2003-10-11T22:14:15.003Z mymachine.example.com evntslog - ID47 [exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"] An application event log entry...`
buff := []byte(b)

p := rfc5424.NewParser(buff)
err := p.Parse()
if err != nil {
	panic(err)
}

for k, v := range p.Dump() {
	fmt.Println(k, ":", v)
}

You should see

version : 1
timestamp : 2003-10-11 22:14:15.003 +0000 UTC
app_name : evntslog
msg_id : ID47
message : An application event log entry...
priority : 165
facility : 20
severity : 5
hostname : mymachine.example.com
proc_id : -
structured_data : [exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"]

Running tests

make tests

Running benchmarks

make benchmarks