Skip to content

Commit

Permalink
Merge branch 'develop' into feature/nx-os-soup
Browse files Browse the repository at this point in the history
  • Loading branch information
Ryan Faircloth authored and GitHub committed May 18, 2020
2 parents c205f39 + 0f7c2d0 commit 5023801
Show file tree
Hide file tree
Showing 8 changed files with 166 additions and 113 deletions.
2 changes: 1 addition & 1 deletion .circleci/config.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -195,7 +195,7 @@ jobs:
docker:
- image: circleci/python:3.7
environment:
SYSLOG: "syslog-ng-3.26.1"
SYSLOG: "syslog-ng-3.27.1"
steps:
- setup_remote_docker:
docker_layer_caching: true
Expand Down
2 changes: 1 addition & 1 deletion .github/CODEOWNERS
View file
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
* @rfaircloth-splunk
package/etc/ @rfaircloth @mbonsack
package/etc/ @rfaircloth @mbonsack @nandinivij
42 changes: 21 additions & 21 deletions package/etc/conf.d/filters/cisco/cisco_syslog.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,38 +11,38 @@ filter f_is_cisco_syslog{
parser cisco-parser-ex{
channel {
filter {
message('^<\d*> ?(?:(\d+)\: )?(?:(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}|([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9]): )?(?:(\d+): )?(?:(\d\d:\d\d:\d\d|\d{1,6} \d{1,2}))?(?:(\*)?((?:\w\w\w {1,2}\d{1,2} (?:\d{2,4} )?\d\d:\d\d:\d\d)(?:\.\d{3,6})?( [AP]M)?)( [A-Z]{3,3})?)? ?(?:(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}|([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9]))? ?: ((\%[^\: ]+)\:? ?.*)' flags(store-matches));
};

parser { date-parser-nofilter(format(
'%b %d %H:%M:%S.%f',
'%b %d %H:%M:%S',
'%b %d %I:%M:%S %p.%f',
'%b %d %I:%M:%S %p',
'%b %d %Y %H:%M:%S.%f',
'%b %d %Y %H:%M:%S')
template("$8"));
message(
'^<\d*> ?(?:\d+\: )?(?<NODEID>RP\/\d*\/RSP\d*\/CPU\d*:)?(?:(?<H1>(?:\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}|(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*(?:[A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])): ?)?(?:\d+: )?(?:(?:\d\d:\d\d:\d\d|\d{1,6} \d{1,2}))?(?:(\*)?(?<CISCOTS>(?:\w\w\w {1,2}\d{1,2} (?:\d{2,4} )?\d\d:\d\d:\d\d)(?:\.\d{3,6})?(?: [AP]M)?)(?: [A-Z]{3,3})?)? ?(?<H2>(?:\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}|(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*(?:[A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9]))? ?: (?<CISCOMESSAGE>(?:(?<PROGRAM>[^\[]{1,30})\[(?<PID>\d*)\]: ?)?(?<MNEMONIC>\%[^\: ]+)\:? ?.*)'
flags(store-matches)
);
};

rewrite {
set(
"${4}",
"${H1}",
value("HOST")
condition(not match('^\d+$', value('4')) and match('^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$' value('4')))
condition(not match('^\d+$', value('H1')) and match('^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$' value('H1')))
);
set(
"${13}",
"${H2}",
value("HOST")
condition(not match('^\d+$', value('13')) and match('^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$' value('13')))
condition(not match('^\d+$', value('H2')) and match('^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$' value('H2')))
);
set(
"${15}",
value("PROGRAM")
);
set(
"${14}",
"${CISCOMESSAGE}",
value("MESSAGE")
);
);

};
parser { date-parser-nofilter(format(
'%b %d %H:%M:%S.%f',
'%b %d %H:%M:%S',
'%b %d %I:%M:%S %p.%f',
'%b %d %I:%M:%S %p',
'%b %d %Y %H:%M:%S.%f',
'%b %d %Y %H:%M:%S')
template("${CISCOTS}"));
};

};
};
6 changes: 3 additions & 3 deletions package/etc/conf.d/log_paths/lp-sc4s_internal.conf.tmpl
View file
Original file line number Diff line number Diff line change
@@ -1,15 +1,15 @@
log {
source(s_internal);

if (match("^Log statistics; " value("MESSAGE"))) {
if (match("Log statistics; " value("MESSAGE"))) {

rewrite { r_set_splunk_dest_default(sourcetype("sc4s:metrics"), index("em_metrics")) };

parser {p_add_context_splunk(key("sc4s_metrics")); };
rewrite {
subst('Log statistics; ', '', value("MESSAGE"), flags("utf8" "global"));
subst('.*Log statistics; ', '', value("MESSAGE"), flags("utf8" "global"));
subst('([^= ]+=\x27[^\(]+\(#anon[^,\)]+(?:,[^,]+,[^\)]+)?\)\=\d+\x27(?:, )?)', '', value("MESSAGE"), flags("utf8" "global"));
subst('(?<Type>[^= ]+)=\x27(?<SourceName>[^\(]+)\((?<SourceId>[^,\)]+)(?:,(?<SourceInstance>[^,]+),(?<State>[^\)]+))?\)\=(?<Number>\d+)\x27,? ?',
subst('(?<Type>[^= ]+)=\x27(?<SourceName>[^\(]+)\((?<SourceId>\S+(?=\)=))(?:,(?<SourceInstance>[^,]+),(?<State>[^\)]+))?\)\=(?<Number>\d+)\x27,? ?',
'{"time": "$S_UNIXTIME","event": "metric","host": "$HOST","index": "${.splunk.index}","source": "internal","sourcetype": "${.splunk.sourcetype}","fields": {"source_name": "${SourceName}","source_instance": "${SourceInstance}","state": "${State}","type": "${Type}","_value": ${Number},"metric_name": "syslogng.${SourceId}"}}
',
value("MESSAGE") flags("utf8" "global")
Expand Down
2 changes: 1 addition & 1 deletion package/etc/syslog-ng.conf.tmpl
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
@version:3.26
@version:3.27

# syslog-ng configuration file.

Expand Down

0 comments on commit 5023801

Please sign in to comment.