Description
a module for decoding syslog messages (RFC 3164)
because syslog messages are often improperly formatted (per the RFC)
we have a number of levels of strictness.
-
Constants
constant
Public.Protocols.Syslog.__author
constant
Public.Protocols.Syslog.__version
-
Constant SYSLOG_PORT
constant
Public.Protocols.Syslog.SYSLOG_PORT
- Description
syslog port number
-
Constant FACILITY_KERNEL
constant
Public.Protocols.Syslog.FACILITY_KERNEL
- Description
kernel messages
-
Constant FACILITY_USER
constant
Public.Protocols.Syslog.FACILITY_USER
- Description
user-level messages
-
Constant FACILITY_MAIL
constant
Public.Protocols.Syslog.FACILITY_MAIL
- Description
mail system
-
Constant FACILITY_DAEMON
constant
Public.Protocols.Syslog.FACILITY_DAEMON
- Description
system daemons
-
Constant FACILITY_AUTH
constant
Public.Protocols.Syslog.FACILITY_AUTH
- Description
security/authorization messages
-
Constant FACILITY_SYSLOG
constant
Public.Protocols.Syslog.FACILITY_SYSLOG
- Description
messages generated internally by syslogd
-
Constant FACILITY_LP
constant
Public.Protocols.Syslog.FACILITY_LP
- Description
line printer subsystem
-
Constant FACILITY_NEWS
constant
Public.Protocols.Syslog.FACILITY_NEWS
- Description
network news subsystem
-
Constant FACILITY_UUCP
constant
Public.Protocols.Syslog.FACILITY_UUCP
- Description
UUCP subsystem
-
Constant FACILITY_CLOCK
constant
Public.Protocols.Syslog.FACILITY_CLOCK
- Description
clock daemon
-
Constant FACILITY_SECURITY
constant
Public.Protocols.Syslog.FACILITY_SECURITY
- Description
security/authorization messages
-
Constant FACILITY_FTP
constant
Public.Protocols.Syslog.FACILITY_FTP
- Description
FTP daemon
-
Constant FACILITY_NTP
constant
Public.Protocols.Syslog.FACILITY_NTP
- Description
NTP subsystem
-
Constant FACILITY_LOGAUDIT
constant
Public.Protocols.Syslog.FACILITY_LOGAUDIT
- Description
log audit
-
Constant FACILITY_LOGALERT
constant
Public.Protocols.Syslog.FACILITY_LOGALERT
- Description
log alert
-
Constant FACILITY_CLOCK2
constant
Public.Protocols.Syslog.FACILITY_CLOCK2
- Description
clock daemon
-
Constant FACILITY_LOCAL0
constant
Public.Protocols.Syslog.FACILITY_LOCAL0
- Description
local use 0 (local0)
-
Constant FACILITY_LOCAL1
constant
Public.Protocols.Syslog.FACILITY_LOCAL1
- Description
local use 1 (local1)
-
Constant FACILITY_LOCAL2
constant
Public.Protocols.Syslog.FACILITY_LOCAL2
- Description
local use 2 (local2)
-
Constant FACILITY_LOCAL3
constant
Public.Protocols.Syslog.FACILITY_LOCAL3
- Description
local use 3 (local3)
-
Constant FACILITY_LOCAL4
constant
Public.Protocols.Syslog.FACILITY_LOCAL4
- Description
local use 4 (local4)
-
Constant FACILITY_LOCAL5
constant
Public.Protocols.Syslog.FACILITY_LOCAL5
- Description
local use 5 (local5)
-
Constant FACILITY_LOCAL6
constant
Public.Protocols.Syslog.FACILITY_LOCAL6
- Description
local use 6 (local6)
-
Constant FACILITY_LOCAL7
constant
Public.Protocols.Syslog.FACILITY_LOCAL7
- Description
local use 7 (local7)
-
Constant SEVERITY_EMERGENCY
constant
Public.Protocols.Syslog.SEVERITY_EMERGENCY
- Description
Emergency: system is unusable
-
Constant SEVERITY_ALERT
constant
Public.Protocols.Syslog.SEVERITY_ALERT
- Description
Alert: action must be taken immediately
-
Constant SEVERITY_CRITICAL
constant
Public.Protocols.Syslog.SEVERITY_CRITICAL
- Description
Critical: critical conditions
-
Constant SEVERITY_ERROR
constant
Public.Protocols.Syslog.SEVERITY_ERROR
- Description
Error: error conditions
-
Constant SEVERITY_WARNING
constant
Public.Protocols.Syslog.SEVERITY_WARNING
- Description
Warning: warning conditions
-
Constant SEVERITY_NOTICE
constant
Public.Protocols.Syslog.SEVERITY_NOTICE
- Description
Notice: normal but significant condition
-
Constant SEVERITY_INFO
constant
Public.Protocols.Syslog.SEVERITY_INFO
- Description
Informational: informational messages
-
Constant SEVERITY_DEBUG
constant
Public.Protocols.Syslog.SEVERITY_DEBUG
- Description
Debug: debug-level messages
-
Method sloppy_decode
mapping Public.Protocols.Syslog.sloppy_decode(string packet)
- Description
decode a syslog message, as long as it has a proper facility/severity code.
- Parameter packet
a string containing the raw syslog packet
- Returns
a mapping of decoded data, consisting of the facility, severity and
message of the balance of the syslog packet (presumably the message)
- facility
: int
- severity
: int
- message
: string
-
Method decode
mapping Public.Protocols.Syslog.decode(string packet)
- Description
strictly decode a syslog message, requiring all fields
- Parameter packet
a string containing the raw syslog packet
- Returns
a mapping containing the decoded syslog message, or zero if the
message was not properly formatted.
- facility
: int
- severity
: int
- host
: string
- timestamp
: object
-
a Calendar.Time object
- message
: string
- Example
> Syslog.decode("<11>Aug 7 17:36:10 localhost joeuser: [ID 702911 user.error] test syslog message");
(1) Result:
([ /* 6 elements */
"facility":1,
"host":"localhost",
"message":"[ID 702911 user.error] test syslog message",
"severity":3,
"timestamp":"Aug 7 17:36:10"
])
-
Method decode_timestamp
object Public.Protocols.Syslog.decode_timestamp(string stamp)
- Description
returns a Calendar.Time object corresponding to the syslog
timestamp input.
- Example
> Syslog.decode_timestamp(Syslog.decode(packet)->timestamp);
(1) Result: Second(Thu 7 Aug 2003 17:30:50 EDT)
-
Method encode_timestamp
string Public.Protocols.Syslog.encode_timestamp(object stamp)
- Description
returns a syslog time string corresponding to the Calendar.Time
object input.
- Example
> Syslog.encode_timestamp(Calendar.now());
(4) Result: "Aug 7 17:33:19"
-
Method encode
string|int Public.Protocols.Syslog.encode(mapping data)
- Description
encode a syslog message
- Parameter data
- facility
: int
- severity
: int
- host
: string
- timestamp
: object
- message
: string
- Returns
a raw syslog packet suitable for sending to syslogd.
-
Method send_message
int Public.Protocols.Syslog.send_message(string host, int facility, int severity, string message, string|void fromhost, string|void tag, object|void timestamp)
- Description
send a syslog message
- Parameter host
host to send the message to
- Parameter facility
facility code
- Parameter severity
severity code
- Parameter message
the message
- Parameter fromhost
an optional hostname or address from which the message should be
marked as being from. if not specified, the value of
gethostname() is provided.
- Parameter tag
an optional string containing the tag of the sender
- Parameter timestamp
an optional Calendar.Time object representing the time the event occurred
if not specified, the time is assumed to be Calendar.now().
- Returns
1 on success, 0 otherwise.
|