Add RFC5424 format support for syslog input #23954
Conversation
- add VERSION schema
- clean code - change parser.go to parser/parser_rfc5424
- Add "ProcID" format - Add "MsgID" format - Add "HostName" format - improve test
- add auto detect format
- add more test
# Conflicts: # filebeat/input/syslog/rfc3164_parser.go
botelastic
bot
added
the
needs_team
|
Pinging @elastic/agent (Team:Agent) |
botelastic
bot
removed
the
needs_team
|
jenkins, run the tests please |
|
jenkins run tests |
|
Thanks for the contribution, this looks great! Can you merge with the latest branch and re-push? It looks like your base used an older testing configuration that doesn't work with our current setup. |
np, will rebase to lastest soon :) tks your review and reply |
💚 Build Succeeded
Expand to view the summary
Build stats
Test stats 🧪
Trends 🧪💚 Flaky test reportTests succeeded. Expand to view the summary
Test stats 🧪
|
|
jenkins run tests |
make sense! |
|
Hi, just a followup to say that while I haven't had time to do a full line-by-line review yet, I think this looks good and we hope to merge it. Thank you for all the work that went into this, and I will follow up with more specific feedback soon :-) |
* upstream/master: (91 commits) [Filebeat] Change okta.target to nested field (elastic#24636) Add RFC5424 format support for syslog input (elastic#23954) Fix links to Beats product pages (elastic#24821) [DOCS] Fix 'make setup' instructions for a new beat (elastic#24944) Remove duplicate decode_xml entry (elastic#24941) [libbeat] Add wineventlog schema to decode_xml processor (elastic#24726) [Elastic Agent] Add check for URL set when cert and cert key. (elastic#24904) feat: stage execution cache (elastic#24780) Fix error in Journalbeat commands (elastic#24880) Add baseline ECS 1.9.0 upgrade (elastic#24909) [Elastic Agent] Cloud container legacy apm files. (elastic#24896) [Elastic Agent]: Reduce allowed socket path length (elastic#24914) Add ability to destroy indices with wildcards in testing (elastic#24915) Add status subcommand to report status of running daemon. (elastic#24856) Fix types of fields GetHits and Ops in Metricbeat module for Couchbase (elastic#23287) Add support for Filestream input in elastic agent. (elastic#24820) Implement k8s secrets provider for Agent (elastic#24789) Sort processor list in docs (elastic#24874) Add support for SCRAM authentication in kafka metricbeat module (elastic#24810) Properly update offset in case of unparasable line (elastic#22685) ...
* - add PRI schema - add VERSION schema * - make test work - clean code - change parser.go to parser/parser_rfc5424 * - Add TIMESTAMP format * - Add "AppName" format - Add "ProcID" format - Add "MsgID" format - Add "HostName" format - improve test * add STRUCTURED_DATA support * add MESSAGE support * - syslog input config support rfc5424 - add auto detect format * add param value escape support * - clean up the code - add more test * update mod (cherry picked from commit 3953756)
* - add PRI schema - add VERSION schema * - make test work - clean code - change parser.go to parser/parser_rfc5424 * - Add TIMESTAMP format * - Add "AppName" format - Add "ProcID" format - Add "MsgID" format - Add "HostName" format - improve test * add STRUCTURED_DATA support * add MESSAGE support * - syslog input config support rfc5424 - add auto detect format * add param value escape support * - clean up the code - add more test * update mod (cherry picked from commit 3953756)
What does this PR do?
Reopen from #20246
Resolves #6872
Add RFC5424 format support for syslog input
Why is it important?
Syslog input only support rfc3164, btw rfc3164 is obsoleted by rfc5424
More and more software is using rfc5424 instead of rfc3164.
Checklist
CHANGELOG.next.asciidocorCHANGELOG-developer.next.asciidoc.Author's Checklist
How to test this PR locally
Related issues
closes # #6872