public static SyslogMessage parseMessage(byte[] bytes) {
ByteBuffer byteBuffer = ByteBuffer.allocate(bytes.length);
byteBuffer.put(bytes);
byteBuffer.rewind();
Character charFound = (char) byteBuffer.get();
SyslogFacility foundFacility = null;
SyslogSeverity foundSeverity = null;
while (charFound != '<') {
// Ignore noise in beginning of message.
charFound = (char) byteBuffer.get();
}
char priChar = 0;
if (charFound == '<') {
int facility = 0;
while (Character.isDigit(priChar = (char) (byteBuffer.get() & 0xff))) {
facility *= 10;
facility += Character.digit(priChar, 10);
}
foundFacility = SyslogFacility.values()[facility >> 3];
foundSeverity = SyslogSeverity.values()[facility & 0x07];
}
if (priChar != '>') {
// Invalid character - this is not a well defined syslog message.
LOG.error("Invalid syslog message, missing a > in the Facility/Priority part");
}
SyslogMessage syslogMessage = new SyslogMessage();
boolean isRfc5424 = false;
// Read next character
charFound = (char) byteBuffer.get();
// If next character is a 1, we have probably found an rfc 5424 message
// message
if (charFound == '1') {
syslogMessage = new Rfc5424SyslogMessage();
isRfc5424 = true;
} else {
// go back one to parse the rfc3164 date
byteBuffer.position(byteBuffer.position() - 1);
}
syslogMessage.setFacility(foundFacility);
syslogMessage.setSeverity(foundSeverity);
if (!isRfc5424) {
// Parse rfc 3164 date
syslogMessage.setTimestamp(parseRfc3164Date(byteBuffer));
} else {
charFound = (char) byteBuffer.get();
if (charFound != ' ') {
LOG.error("Invalid syslog message, missing a mandatory space after version");
}
// This should be the timestamp
StringBuilder date = new StringBuilder();
while ((charFound = (char) (byteBuffer.get() & 0xff)) != ' ') {
date.append(charFound);
}
syslogMessage.setTimestamp(DatatypeConverter.parseDateTime(date.toString()));
}
// The host is the char sequence until the next ' '
StringBuilder host = new StringBuilder();
while ((charFound = (char) (byteBuffer.get() & 0xff)) != ' ') {
host.append(charFound);
}
syslogMessage.setHostname(host.toString());
if (isRfc5424) {
Rfc5424SyslogMessage rfc5424SyslogMessage = (Rfc5424SyslogMessage) syslogMessage;
StringBuilder appName = new StringBuilder();
while ((charFound = (char) (byteBuffer.get() & 0xff)) != ' ') {
appName.append(charFound);
}
rfc5424SyslogMessage.setAppName(appName.toString());
StringBuilder procId = new StringBuilder();
while ((charFound = (char) (byteBuffer.get() & 0xff)) != ' ') {
procId.append(charFound);
}
rfc5424SyslogMessage.setProcId(procId.toString());
StringBuilder msgId = new StringBuilder();
while ((charFound = (char) (byteBuffer.get() & 0xff)) != ' ') {
msgId.append(charFound);
}
rfc5424SyslogMessage.setMsgId(msgId.toString());
StringBuilder structuredData = new StringBuilder();
boolean inblock = false;
while (((charFound = (char) (byteBuffer.get() & 0xff)) != ' ') || inblock) {
if (charFound == '[') {
inblock = true;
}
if (charFound == ']') {
inblock = false;
}
structuredData.append(charFound);
}
rfc5424SyslogMessage.setStructuredData(structuredData.toString());
}
StringBuilder msg = new StringBuilder();
while (byteBuffer.hasRemaining()) {
charFound = (char) (byteBuffer.get() & 0xff);
msg.append(charFound);
}
syslogMessage.setLogMessage(msg.toString());
LOG.trace("Syslog message : {}", syslogMessage.toString());
return syslogMessage;
}
