Skip to content

Syslog (RFC 3164) parser. Works with RFC 3339/ISO 8601 timestamps.

License

Notifications You must be signed in to change notification settings

CodeAnimal/js-syslog-protocol

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

SyslogProtocol.js

![NPM version][npm-badge] ![Build status][travis-badge] [npm-badge]: https://badge.fury.io/js/syslog-protocol.png [travis-badge]: https://travis-ci.org/moll/js-syslog-protocol.png?branch=master

SyslogProtocol.js is a Syslog (RFC 3164) format parser that supports high-precision timestamps (RFC 3339, ISO 8601).

Given a Syslog message with RFC 3164 timestamp:

<38>Jun 18 15:20:30 server sshd[42]: Accepted publickey for user

It'll return the following object (with time being an instance of Date, and the year being 'this year'):

{ facility: "auth",
  facilityCode: 4,
  severity: "info",
  severityCode: 6,
  time: new Date("2014-06-18T15:20:30.0Z"),
  host: "server",
  process: "sshd",
  pid: 42,
  message: "Accepted publickey for user" }

Given a Syslog message with a high-precision timestamp:

<38>1987-06-18T15:20:30.337Z server sshd[42]: Accepted publickey for user

It'll return the following object (with time being an instance of Date):

{ facility: "auth",
  facilityCode: 4,
  severity: "info",
  severityCode: 6,
  time: new Date("1987-06-18T15:20:30.337Z"),
  host: "server",
  process: "sshd",
  pid: 42,
  message: "Accepted publickey for user" }

SyslogProtocol.js does now support plain RFC 3164's timestamps, which are in who-knows-what time zone and lack a year part. If you can, don't use them.

Tour

  • Supports RFC 3164 with high-precision timestamps (RFC 3339, ISO 8601).
    For example, Rsyslog's RSYSLOG_ForwardFormat uses those.
  • Supports colon-less TAG/process identifiers/messages (which Heroku log drains send).
  • Facility and severity names are <syslog.h> and syslog(3) compatible.
  • All property names of the returned object have gone through serious sincere consideration and are amazingly well chosen.

Installing

npm install syslog-protocol

Using

Just require SyslogProtocol.js and use its parse function:

var SyslogProtocol = require("syslog-protocol")
var msg = "<38>1987-06-18T15:20:30.337Z server sshd[42]: Accepted publickey"
SyslogProtocol.parse(msg)

Alphanumeric process identifiers

SyslogProtocol.js can also handle alphanumeric process identifiers (sshd[foo]). For example, given Heroku's forwarded log:

<158>1987-06-18T15:20:30.337Z d.550e8400-e29b-41d4-a716-446655440000 heroku[router] at=info method=GET path=/

SyslogProtocol.js will return:

{ facility: "local3",
  facilityCode: 19,
  severity: "info",
  severityCode: 6,
  time: new Date("1987-06-18T15:20:30.337Z"),
  host: "d.550e8400-e29b-41d4-a716-446655440000",
  process: "heroku",
  pid: "router",
  message: "at=info method=GET path=/" }

Properties

The returned object from parse has the following properties:

Property Description
facility Facility name. See below for a full list of facilities.
facilityCode Facility numeric code.
severity Severity name. See below for a full list of severities.
severityCode Severity numeric code.
time Date instance from the timestamp.
host Hostname or IP address.
process Process name.
pid Process identifier (taken from brackets after process name).
If the message lacks one, pid won't be set at all.
If it looks like a number, it'll be cast to Number.
message Rest of the message.

Facilities

Facility names returned by SyslogProtocol.js match <syslog.h> and syslog(3).

Code Facility
0 kern
1 user
2 mail
3 daemon
4 auth
5 syslog
6 lpr
7 news
8 uucp
9 cron
10 authpriv
11 ftp
12 ntp
13 logaudit
14 logalert
15 clock
16 local0
17 local1
18 local2
19 local3
20 local4
21 local5
22 local6
23 local7

Severities

Severity names returned by SyslogProtocol.js match <syslog.h> and syslog(3).
Blame them for the inconsistent naming.

Code Severity
0 emerg
1 alert
2 crit
3 err
4 warning
5 notice
6 info
7 debug

License

SyslogProtocol.js is released under a Lesser GNU Affero General Public License, which in summary means:

  • You can use this program for no cost.
  • You can use this program for both personal and commercial reasons.
  • You do not have to share your own program's code which uses this program.
  • You have to share modifications (e.g. bug-fixes) you've made to this program.

For more convoluted language, see the LICENSE file.

About

Andri Möll typed this and the code.
Monday Calendar supported the engineering work.

If you find SyslogProtocol.js needs improving, please don't hesitate to type to me now at [email protected] or create an issue online.

About

Syslog (RFC 3164) parser. Works with RFC 3339/ISO 8601 timestamps.

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • JavaScript 100.0%