class LogStash::Filters::Syslog_pri
Filter plugin for logstash to parse the PRI field from the front of a Syslog (RFC3164) message. If no priority is set, it will default to 13 (per RFC).
This filter is based on the original syslog.rb code shipped with logstash.
Public Instance Methods
filter(event)
click to toggle source
# File lib/logstash/filters/syslog_pri.rb, line 69 def filter(event) return unless filter?(event) parse_pri(event) filter_matched(event) end
register()
click to toggle source
# File lib/logstash/filters/syslog_pri.rb, line 64 def register # Nothing end
Private Instance Methods
parse_pri(event)
click to toggle source
# File lib/logstash/filters/syslog_pri.rb, line 76 def parse_pri(event) # Per RFC3164, priority = (facility * 8) + severity # = (facility << 3) & (severity) if event[@syslog_pri_field_name] if event[@syslog_pri_field_name].is_a?(Array) priority = event[@syslog_pri_field_name].first.to_i else priority = event[@syslog_pri_field_name].to_i end else priority = 13 # default end severity = priority & 7 # 7 is 111 (3 bits) facility = priority >> 3 event["syslog_severity_code"] = severity event["syslog_facility_code"] = facility # Add human-readable names after parsing severity and facility from PRI if @use_labels facility_number = event["syslog_facility_code"] severity_number = event["syslog_severity_code"] if @facility_labels[facility_number] event["syslog_facility"] = @facility_labels[facility_number] end if @severity_labels[severity_number] event["syslog_severity"] = @severity_labels[severity_number] end end end