Created
June 16, 2015 19:30
-
-
Save gdm85/07fb4e05245a640ae5a4 to your computer and use it in GitHub Desktop.
example plugin by cristi1979 to handle /dev/log
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| local math = require "math" | |
| local dt = require "date_time" | |
| local l = require "lpeg" | |
| l.locale(l) | |
| local hostname = read_config("hostname") | |
| local trim = read_config("trim") or true | |
| local overwrite_timestamp = read_config("overwrite_timestamp") or false | |
| local overwrite_hostname = read_config("overwrite_hostname") or false | |
| local msg = { | |
| --Timestamp = nil, | |
| Hostname = nil, | |
| Payload = nil, | |
| Pid = nil, | |
| Fields = nil | |
| } | |
| local syslog_severity_text = { "emerg", "alert", "crit", "err", | |
| "warning", "notice", "info", "debug" } | |
| local syslog_facility_text = { "kern", "user", "mail", "daemon", "auth", "syslog", "lpr", | |
| "news", "uucp", "cron", "authpriv", "ftp", "ntp", "audit", | |
| "alert", "clock", "local0", "local1", "local2", "local3", | |
| "local4", "local5", "local6", "local7" } | |
| local digit = l.R"09" | |
| local sp = l.P" " | |
| local printusascii = l.R"!~" | |
| local nilvalue = l.P"-" | |
| local function convert_pri(pri) | |
| pri = tonumber(pri) | |
| local facility = math.floor(pri/8) | |
| local severity = pri % 8 | |
| return {facility = facility, severity = severity} | |
| end | |
| local pri = l.Cg(digit^-3 / convert_pri, "pri") | |
| local pri_text = "<" * pri * ">" | |
| local rfc3164 = dt.rfc3164_timestamp | |
| local rfc3339 = l.Ct(dt.rfc3339_full_date * "T" * dt.rfc3339_partial_time) | |
| local timereported = l.Cg((rfc3339 + rfc3164) / dt.time_to_ns, "timereported") | |
| local hostname = sp^-1 * l.Cg(nilvalue + (printusascii - l.S" :[")^-255, "hostname") | |
| local programname = (printusascii - l.S" :[")^0 | |
| local syslogtag = sp^1 * l.Cg(l.Ct(l.Cg(programname, "programname") * ("[" * l.Cg(l.digit^1 / tonumber, "pid") * "]")^-1 * l.P":"^-1), "syslogtag") | |
| local header = (hostname * syslogtag) + syslogtag | |
| local payload = l.Cg(l.P(1)^0, "payload") | |
| local request_type = pri_text * timereported * header * payload | |
| grammar = l.Ct(request_type) | |
| function process_message () | |
| local log = read_message("Payload") | |
| local fields = grammar:match(log) | |
| if not fields then fields = {} end | |
| -- http://lua-users.org/lists/lua-l/2009-12/msg00921.html | |
| if fields.payload and trim then | |
| local space = lpeg.S' \t\v\n' | |
| local nospace = 1 - space | |
| local ptrim = space^0 * l.C((space^0 * nospace^1)^0) | |
| fields.payload = ptrim:match(fields.payload) | |
| end | |
| if fields.timereported and overwrite_timestamp then | |
| msg.Timestamp = fields.timereported | |
| fields.timereported = nil | |
| end | |
| if fields.pri then | |
| msg.Severity = fields.pri.severity | |
| fields.facility = fields.pri.facility | |
| fields.severity_text = syslog_severity_text[fields.pri.severity + 1] | |
| fields.facility_text = syslog_facility_text[fields.pri.facility + 1] | |
| fields.pri = nil | |
| end | |
| if fields.syslogtag then | |
| fields.programname = fields.syslogtag.programname | |
| msg.Pid = fields.syslogtag.pid | |
| fields.syslogtag = nil | |
| end | |
| if overwrite_hostname then | |
| msg.Hostname = fields.hostname | |
| fields.hostname = nil | |
| end | |
| fields.rawmessage = log | |
| msg.Payload = fields.payload | |
| fields.payload = nil | |
| if fields then | |
| msg.Fields = fields | |
| end | |
| --if not pcall(inject_message, msg) then return -1 end | |
| inject_message(msg) | |
| return 0 | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment