public static SyslogMessage parseMessage(byte[] bytes) { ByteBuffer byteBuffer = ByteBuffer.allocate(bytes.length); byteBuffer.put(bytes); byteBuffer.rewind(); Character charFound = (char) byteBuffer.get(); SyslogFacility foundFacility = null; SyslogSeverity foundSeverity = null; while (charFound != '<') { // Ignore noise in beginning of message. charFound = (char) byteBuffer.get(); } char priChar = 0; if (charFound == '<') { int facility = 0; while (Character.isDigit(priChar = (char) (byteBuffer.get() & 0xff))) { facility *= 10; facility += Character.digit(priChar, 10); } foundFacility = SyslogFacility.values()[facility >> 3]; foundSeverity = SyslogSeverity.values()[facility & 0x07]; } if (priChar != '>') { // Invalid character - this is not a well defined syslog message. LOG.error("Invalid syslog message, missing a > in the Facility/Priority part"); } SyslogMessage syslogMessage = new SyslogMessage(); boolean isRfc5424 = false; // Read next character charFound = (char) byteBuffer.get(); // If next character is a 1, we have probably found an rfc 5424 message // message if (charFound == '1') { syslogMessage = new Rfc5424SyslogMessage(); isRfc5424 = true; } else { // go back one to parse the rfc3164 date byteBuffer.position(byteBuffer.position() - 1); } syslogMessage.setFacility(foundFacility); syslogMessage.setSeverity(foundSeverity); if (!isRfc5424) { // Parse rfc 3164 date syslogMessage.setTimestamp(parseRfc3164Date(byteBuffer)); } else { charFound = (char) byteBuffer.get(); if (charFound != ' ') { LOG.error("Invalid syslog message, missing a mandatory space after version"); } // This should be the timestamp StringBuilder date = new StringBuilder(); while ((charFound = (char) (byteBuffer.get() & 0xff)) != ' ') { date.append(charFound); } syslogMessage.setTimestamp(DatatypeConverter.parseDateTime(date.toString())); } // The host is the char sequence until the next ' ' StringBuilder host = new StringBuilder(); while ((charFound = (char) (byteBuffer.get() & 0xff)) != ' ') { host.append(charFound); } syslogMessage.setHostname(host.toString()); if (isRfc5424) { Rfc5424SyslogMessage rfc5424SyslogMessage = (Rfc5424SyslogMessage) syslogMessage; StringBuilder appName = new StringBuilder(); while ((charFound = (char) (byteBuffer.get() & 0xff)) != ' ') { appName.append(charFound); } rfc5424SyslogMessage.setAppName(appName.toString()); StringBuilder procId = new StringBuilder(); while ((charFound = (char) (byteBuffer.get() & 0xff)) != ' ') { procId.append(charFound); } rfc5424SyslogMessage.setProcId(procId.toString()); StringBuilder msgId = new StringBuilder(); while ((charFound = (char) (byteBuffer.get() & 0xff)) != ' ') { msgId.append(charFound); } rfc5424SyslogMessage.setMsgId(msgId.toString()); StringBuilder structuredData = new StringBuilder(); boolean inblock = false; while (((charFound = (char) (byteBuffer.get() & 0xff)) != ' ') || inblock) { if (charFound == '[') { inblock = true; } if (charFound == ']') { inblock = false; } structuredData.append(charFound); } rfc5424SyslogMessage.setStructuredData(structuredData.toString()); } StringBuilder msg = new StringBuilder(); while (byteBuffer.hasRemaining()) { charFound = (char) (byteBuffer.get() & 0xff); msg.append(charFound); } syslogMessage.setLogMessage(msg.toString()); LOG.trace("Syslog message : {}", syslogMessage.toString()); return syslogMessage; }