From b947d59185a53b814da0401257470422fe7439d1 Mon Sep 17 00:00:00 2001 From: Maros Mitucha Date: Wed, 16 Mar 2022 16:58:27 +0100 Subject: [PATCH] RFC5424Log structured data --- flog_test.go | 6 +++--- go.mod | 5 +++-- go.sum | 10 ++++++---- log.go | 19 ++++++++++++++++++- log_test.go | 24 +++++++++++++++++++++++- 5 files changed, 53 insertions(+), 11 deletions(-) diff --git a/flog_test.go b/flog_test.go index dd860ca..a5d5304 100644 --- a/flog_test.go +++ b/flog_test.go @@ -30,10 +30,10 @@ func ExampleNewLog() { // 144.199.149.125 - waelchi7603 [22/Apr/2018:09:30:00 +0000] "PUT /revolutionary HTTP/1.1" 301 8089 "https://www.futureaggregate.io/users" "Mozilla/5.0 (Macintosh; PPC Mac OS X 10_6_5 rv:4.0; en-US) AppleWebKit/536.38.2 (KHTML, like Gecko) Version/6.0 Safari/536.38.2" // [Sun Apr 22 09:30:00 2018] [eaque:error] [pid 3748:tid 2783] [client 54.26.161.221:31944] Backing up the program won't do anything, we need to compress the optical PCI bandwidth! // <94>Apr 22 09:30:00 ortiz5384 vel[1775]: If we copy the firewall, we can get to the PCI firewall through the redundant SQL port! - // <23>3 2018-04-22T09:30:00.000Z humaniterate.io iusto 544 ID177 - Use the optical RAM hard drive, then you can program the auxiliary feed! - // 195.44.200.155 - kihn6187 [22/Apr/2018:09:30:00 +0000] "GET /revolutionary/e-markets/holistic/syndicate HTTP/2.0" 404 14503 + // <23>3 2018-04-22T09:30:00.000Z humaniterate.io iusto 544 ID177 [exampleSDID@877061 iut="6" eventSource="Application" eventID="380001"][examplePriority@86525 class="high" method="PUT" uri="/empower/leading-edge/benchmark" status_code="400" time_millis="80" remote_host="190.67.164.175" remote_ip_addr="116.227.143.59"] We need to program the open-source ADP pixel! + // 15.48.13.108 - - [22/Apr/2018:09:30:00 +0000] "POST /cross-platform/extensible/out-of-the-box/architectures HTTP/2.0" 100 16077 // - // {"host":"13.108.182.26", "user-identifier":"bailey7205", "datetime":"22/Apr/2018:09:30:00 +0000", "method": "GET", "request": "/out-of-the-box/architectures/embrace", "protocol":"HTTP/1.0", "status":200, "bytes":5921, "referer": "http://www.dynamicexperiences.io/robust"} + // {"host":"11.53.30.203", "user-identifier":"wilkinson1680", "datetime":"22/Apr/2018:09:30:00 +0000", "method": "POST", "request": "/bleeding-edge/morph", "protocol":"HTTP/2.0", "status":502, "bytes":10203, "referer": "https://www.globale-enable.net/leverage/integrated"} } func TestNewSplitFileName(t *testing.T) { diff --git a/go.mod b/go.mod index 02dcab7..7c3dd1c 100644 --- a/go.mod +++ b/go.mod @@ -5,13 +5,14 @@ go 1.14 require ( bou.ke/monkey v1.0.1 github.com/brianvoe/gofakeit v3.11.5+incompatible - github.com/davecgh/go-spew v1.1.0 // indirect + github.com/davecgh/go-spew v1.1.1 // indirect github.com/fatih/color v1.6.0 // indirect + github.com/influxdata/go-syslog v1.0.1 github.com/mattn/go-colorable v0.0.9 // indirect github.com/mattn/go-isatty v0.0.3 // indirect github.com/mingrammer/cfmt v1.0.0 github.com/pmezard/go-difflib v1.0.0 // indirect github.com/spf13/pflag v1.0.0 - github.com/stretchr/testify v1.2.1 + github.com/stretchr/testify v1.2.2 golang.org/x/sys v0.0.0-20180416112224-2f57af4873d0 // indirect ) diff --git a/go.sum b/go.sum index c993d81..3169bd2 100644 --- a/go.sum +++ b/go.sum @@ -2,10 +2,12 @@ bou.ke/monkey v1.0.1 h1:zEMLInw9xvNakzUUPjfS4Ds6jYPqCFx3m7bRmG5NH2U= bou.ke/monkey v1.0.1/go.mod h1:FgHuK96Rv2Nlf+0u1OOVDpCMdsWyOFmeeketDHE7LIg= github.com/brianvoe/gofakeit v3.11.5+incompatible h1:AKzhOU0ycSDhjDbIeJ/V9wiiIMmyg9XzAg9muTXc2nk= github.com/brianvoe/gofakeit v3.11.5+incompatible/go.mod h1:kfwdRA90vvNhPutZWfH7WPaDzUjz+CZFqG+rPkOjGOc= -github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8= -github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/fatih/color v1.6.0 h1:66qjqZk8kalYAvDRtM1AdAJQI0tj4Wrue3Eq3B3pmFU= github.com/fatih/color v1.6.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= +github.com/influxdata/go-syslog v1.0.1 h1:a/ARpnCDr/sX/hVH7dyQVi+COXlEzM4bNIoolOfw99Y= +github.com/influxdata/go-syslog v1.0.1/go.mod h1:zAVA46ROTGBUi5zyIJODjMJYJKy+ooglXp0X3LgoIUE= github.com/mattn/go-colorable v0.0.9 h1:UVL0vNpWh04HeJXV0KLcaT7r06gOH2l4OW6ddYRUIY4= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-isatty v0.0.3 h1:ns/ykhmWi7G9O+8a448SecJU3nSMBXJfqQkl0upE1jI= @@ -16,7 +18,7 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/spf13/pflag v1.0.0 h1:oaPbdDe/x0UncahuwiPxW1GYJyilRAdsPnq3e1yaPcI= github.com/spf13/pflag v1.0.0/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= -github.com/stretchr/testify v1.2.1 h1:52QO5WkIUcHGIR7EnGagH88x1bUzqGXTC5/1bDTUQ7U= -github.com/stretchr/testify v1.2.1/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= +github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1w= +github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= golang.org/x/sys v0.0.0-20180416112224-2f57af4873d0 h1:goCgebTlSix0UXmgLcLKsA4BqtNMrWArPuW6gdIus/E= golang.org/x/sys v0.0.0-20180416112224-2f57af4873d0/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= diff --git a/log.go b/log.go index 304012d..9aa88c2 100644 --- a/log.go +++ b/log.go @@ -87,6 +87,23 @@ func NewRFC3164Log(t time.Time) string { // NewRFC5424Log creates a log string with syslog (RFC5424) format func NewRFC5424Log(t time.Time) string { + structuredData := func() string { + // Valid examples https://datatracker.ietf.org/doc/html/rfc5424#section-6.3.5 + structuredFormat := "[exampleSDID@%d iut=\"%d\" eventSource=\"Application\" eventID=\"%d\"][examplePriority@%d class=\"high\" method=\"%s\" uri=\"%s\" status_code=\"%d\" time_millis=\"%d\" remote_host=\"%s\" remote_ip_addr=\"%s\"]" + return fmt.Sprintf( + structuredFormat, + gofakeit.Number(100000, 900000), + gofakeit.Number(1, 10), + gofakeit.Number(100, 999999), + gofakeit.Number(10000, 99999), + gofakeit.HTTPMethod(), + RandResourceURI(), + gofakeit.StatusCode(), + gofakeit.Number(1, 300), + gofakeit.IPv4Address(), + gofakeit.IPv4Address(), + ) + } return fmt.Sprintf( RFC5424Log, gofakeit.Number(0, 191), @@ -96,7 +113,7 @@ func NewRFC5424Log(t time.Time) string { gofakeit.Word(), gofakeit.Number(1, 10000), gofakeit.Number(1, 1000), - "-", // TODO: structured data + structuredData(), gofakeit.HackerPhrase(), ) } diff --git a/log_test.go b/log_test.go index 77dcfd0..172dac6 100644 --- a/log_test.go +++ b/log_test.go @@ -3,9 +3,11 @@ package main import ( "fmt" "math/rand" + "testing" "time" "bou.ke/monkey" + "github.com/influxdata/go-syslog/rfc5424" ) var stopped = time.Date(2018, 04, 22, 9, 30, 0, 0, time.UTC) @@ -62,7 +64,27 @@ func ExampleNewRFC5424Log() { created := time.Now() fmt.Println(NewRFC5424Log(created)) - // Output: <24>3 2018-04-22T09:30:00.000Z futurefunctionalities.biz nisi 9030 ID160 - If we back up the program, we can get to the SSL sensor through the redundant SAS program! + // Output: <24>3 2018-04-22T09:30:00.000Z futurefunctionalities.biz nisi 9030 ID160 [exampleSDID@384101 iut="9" eventSource="Application" eventID="563169"][examplePriority@48929 class="high" method="DELETE" uri="/revolutionary/benchmark" status_code="406" time_millis="97" remote_host="199.149.125.36" remote_ip_addr="116.222.184.135"] The PCI firewall is down, parse the multi-byte interface so we can connect the SAS program! +} + +func TestNewRFC5424LogParse(t *testing.T) { + rand.Seed(11) + + monkey.Patch(time.Now, func() time.Time { return stopped }) + defer monkey.Unpatch(time.Now) + + created := time.Now() + fmt.Println(NewRFC5424Log(created)) + rfc5424text := NewRFC5424Log(created) + rfc5424bytes := []byte(rfc5424text) + withBestEffort := false + + p := rfc5424.NewParser() + _, err := p.Parse(rfc5424bytes, &withBestEffort) + if err != nil { + t.Errorf("Error parsing: '%s'", err) + } + } func ExampleNewCommonLogFormat() {