TCP和UDP的Syslog日志接收与解析

接收UDPSyslog日志(直接使用Socket编程监听端口,得到原始字符串)

  2 
import java.io.IOException;
import java.net.DatagramPacket;
import java.net.DatagramSocket;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.SocketException;

import com.icssla.platform.common.AppLogger;

/**
 * UDP服务类.  采集syslog
 */
public class UdpServerSocket {//implements IUdpServerSocket
    private byte[] buffer = new byte[1024];

    private DatagramSocket ds = null;

    private DatagramPacket packet = null;

    private InetSocketAddress socketAddress = null;

    private String orgIp;

    private String curIp = "192.168.1.128";

    /**
     * 构造函数，绑定主机和端口
     * 
     * @param host 主机
     * @param port 端口号
     * @throws SocketException 
     * @throws Exception
     */
    
    public UdpServerSocket(int port) throws SocketException {
        socketAddress = new InetSocketAddress(port);
        ds = new DatagramSocket(socketAddress);
//        System.out.println("--------------udp service start----------------");
    }

    public final String getOrgIp() {
        return orgIp;
    }

    public final String getCurIp() {
        return curIp;
    }

    /**
     * 设置超时时间，该方法必须在bind方法之后使用
     * @param timeout 超时时间
     * @throws Exception
     */
    public final void setSoTimeout(int timeout) throws Exception {
        ds.setSoTimeout(timeout);
    }

    /**
     * 获得超时时间
     * 
     * @return 返回超时时间
     * @throws Exception
     */
    public final int getSoTimeout() throws Exception {
        return ds.getSoTimeout();
    }

    /**
     * 绑定监听地址和端口
     * @param host 主机IP
     * @param port 端口
     * @throws SocketException
     */
    public final void bind(String host, int port) throws SocketException {
        socketAddress = new InetSocketAddress(host, port);
        ds = new DatagramSocket(socketAddress);
    }

    /**
     * 接收数据包，该方法会造成线程阻塞
     * 
     * @return 返回接收的数据串信息
     * @throws IOException
     */
    public final String receive() throws Exception {
        packet = new DatagramPacket(buffer, buffer.length);
        ds.receive(packet);
        orgIp = packet.getAddress().getHostAddress();
        String info = new String(packet.getData(), 0, packet.getLength());
//        System.out.println("UdpServerSocket receive "+info);
        return info;
    }

    /**
     * 接收日志并返回字符串
     * 
     * @return
     * @throws Exception
     */
    public final String receiveReturnStr() throws Exception {
        packet = new DatagramPacket(buffer, buffer.length);
        ds.receive(packet);
        orgIp = packet.getAddress().getHostAddress();
        String info = new String(packet.getData(), 0, packet.getLength());
//        System.out.println("UdpServerSocket Receive "+info);

        return info;
    }

    /**
     * 将响应包发送给请求端 
     * @param info 回应报文
     * @throws IOException
     */
    public final void response(String info) throws IOException {
//        System.out.println("Client IP" + packet.getAddress().getHostAddress()
//                + ",Port：" + packet.getPort());
        DatagramPacket dp = new DatagramPacket(buffer, buffer.length, packet
                .getAddress(), packet.getPort());
        dp.setData(info.getBytes());
        ds.send(dp);
    }

    /**
     * 设置报文的缓冲长度
     * @param bufsize 缓冲长度
     */
    public final void setLength(int bufsize) {
        packet.setLength(bufsize);
    }

    /**
     * 获得发送回应的IP地址
     * @return 返回回应的IP地址
     */
    public final String getResponseAddress() {
//        System.out.println("IP receive "+packet.getAddress().toString().substring(1));
        return packet.getAddress().toString().substring(1);
    }

    /**
     * 获得回应的主机的端口
     * @return 返回回应的主机的端口
     */
    public final int getResponsePort() {
        return packet.getPort();
    }

    /**
     * 关闭udp监听口
     */
    public final void close() {
        try {
            ds.close();
        } catch (Exception ex) {
            ex.printStackTrace();
        }
    }
    
    /**
     * 测试方法.
     * @param args
     * @throws Exception
     */
    public static void main(String[] args) throws Exception {
        //这里的IP是你本机的IP也就是syslog服务器的IP
        String serverHost = "192.168.1.134";
        int serverPort = 514;
        UdpServerSocket udpServerSocket = new UdpServerSocket(serverPort);
        while (true) {          
            udpServerSocket.receive();
            udpServerSocket.getResponseAddress();
        }
    }
}

接收TCP Syslog日志(直接使用Socket编程监听端口,得到原始字符串)

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.PrintWriter;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.net.SocketAddress;
import java.net.SocketException;

public class TcpServerSocket {
    private byte[] buffer = new byte[1024];
    
    private ServerSocket serverSocket = new ServerSocket();
    
    private InetSocketAddress socketAddress = null;
    
    private Socket client;
    
    private PrintWriter socketOut;
        
    private String orgIp;
        
    /**
     * 构造函数，绑定主机和端口
     * @param host 主机
     * @param port 端口号
     * @throws SocketException 
     * @throws Exception
     */
    public TcpServerSocket(int port) throws IOException {
        socketAddress = new InetSocketAddress(port);
        serverSocket.bind(socketAddress);
//        System.out.println("--------------tcp service start----------------");
    }
     
    
    public final String getOrgIp() {
        orgIp = client.getRemoteSocketAddress().toString();
        return orgIp.substring(1, orgIp.indexOf(":"));
    }


    /**
     * 接收数据包
     * @return 返回接收的数据串信息
     * @throws IOException
     */
    public final String receive() throws Exception {
        String info = new String();
        client = serverSocket.accept();
        socketOut = new PrintWriter(client.getOutputStream());
        if ( client.getInputStream().read(buffer) > 0 ) {
            int length = 0;
            for(;length < buffer.length; length++) {
                 if (buffer[length] == '')
                     break;
            }
            info = new String(buffer, 0 , length);
        }
        client.close();
        return info;
    }


    /**
     * 将响应包发送给请求端
     * @param info 回应报文
     * @throws IOException
     */
    public final void response(String info) throws IOException {
        socketOut.write(info);
    }

    /**
     * 关闭udp监听口
     */
    public final void close() {
        try {
            socketOut.flush();
            socketOut.close();
            serverSocket.close();
        } catch (Exception e) {
        }
    }
    
    /**
     * 测试方法.
     * @param args
     * @throws Exception
     */
    public static void main(String[] args) throws Exception {
        //TCP发包测试
        int num = 0;
        while (true) {
            final Socket socket = new Socket();
            SocketAddress address = new InetSocketAddress("192.168.1.132", 1468);
            socket.connect(address);
            
            PrintWriter socketOut = new PrintWriter(socket.getOutputStream());
            BufferedReader socketIn = new BufferedReader( new InputStreamReader(socket.getInputStream()) );
            
            String sendStr = "This is message - " + num;
            socketOut.write(sendStr);
            socketOut.flush();
            String receiveStr = socketIn.readLine();
            System.out.println("Receive Message: " + receiveStr);
            
            socketOut.close();
            socketIn.close();
            socket.close();    
            num++;
            Thread.sleep(1000L);
        }
    }
}

利用正则表达式对Syslog日志进行解析

import java.util.HashMap;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

public class Test {
    
    public static void main(String[] args) {
        Map<Integer, String> Facility = new HashMap<Integer, String>(){
            {
                put(0, "kernel messages");
                put(1, "user-level messages");
                put(2, "mail system");
                put(3, "system daemons");
                put(4, "security/authorization messages (note 1)");
                put(5, "messages generated internally by syslogd");
                put(6, "line printer subsystem");
                put(7, "network news subsystem");
                put(8, "UUCP subsystem");
                put(9, "clock daemon (note 2)");
                put(10, "security/authorization messages (note 1)");
                put(11, "FTP daemon");
                put(12, "NTP subsystem");
                put(13, "log audit (note 1)");
                put(14, "log alert (note 1)");
                put(15, "clock daemon (note 2)");
                put(16, "local use 0  (local0)");
                put(17, "local use 1  (local1)");
                put(18, "local use 2  (local2)");
                put(19, "local use 3  (local3)");
                put(20, "local use 4  (local4)");
                put(21, "local use 5  (local5)");
                put(22, "local use 6  (local6)");
                put(23, "local use 7  (local7)");            
            }
        };
        
        Map<Integer, String> Severity = new HashMap<Integer, String>(){
            {
                put(0, "Emergency: system is unusable");
                put(1, "Alert: action must be taken immediately");
                put(2,"Critical: critical conditions");
                put(3, "Error: error conditions");
                put(4, "Warning: warning conditions"); 
                put(5, "Notice: normal but significant condition");
                put(6, "Informational: informational messages");
                put(7, "Debug: debug-level messages");
            }     
        };
        
        Map<String, String> syslogMap = new HashMap<String, String>();
        String log = "<27>Sep 27 21:41:29 ka ntpd[2248]: bind(23) AF_INET6 fe80::216:31ff:fee7:f4a4%4#123 flags 0x11 failed: Cannot assign requested address
" + 
                " ka rc.local[1698]: send noflow data:192.168.101.111;192.168.101.26;modbus;1;2020-09-27 21:40:42
" + 
                "<30>Sep 27 21:41:12 ka rc.local[1698]: send noflow data:192.168.101.111;192.168.101.26;s7;1;2020-09-27 21:40:46
" + 
                "<30>Sep 27 21:41:12 ka rc.local[1698]: send noflow data:192.168.101.26;192.168.101.111;s7;1;2020-09-27 21:40:46
" + 
                "<30>Sep 27 21:41:12 ka rc.local[1698]: send noflow data:192.168.101.26;192.168.101.111;hj212;1;2020-09-27 21:40:46
" + 
                "<30>Sep 27 21:41:12 ka rc.local[1698]: send noflow data:192.168.101.111;192.168.101.26;hj212;1;2020-09-27 21:40:46
" + 
                "<30>Sep 27 21:41:12 ka rc.local[1698]: send noflow data:192.168.101.26;192.168.101.111;modbus;1;2020-09-27 21:40:46
" + 
                "<30>Sep 27 21:41:12 ka rc.local[1698]: send noflow data:192.168.101.111;192.168.101.26;modbus;1;2020-09-27 21:40:46
" + 
                "<30>Sep 27 21:41:12 ka rc.local[1698]: send noflow data:192.168.101.26;192.168.101.111;hj212;1;2020-09-27 ";
        String[] logArray = log.split("<");
        for(int i = 1; i < logArray.length; i++) {
            String logString = "<" + logArray[i];
            String pattern = "<(\d+)>(\w{3}\s+\d{1,2}\s\d\d:\d\d:\d\d)\s+([\w-]+)\s+([\w-\.\]\[]+):\s(.*)";
            Pattern r = Pattern.compile(pattern);
            Matcher matcher = r.matcher(logString); 
            if(matcher.find()) {
                Integer FS = Integer.parseInt(matcher.group(1));
                syslogMap.put("Facility", Facility.get(FS >> 8));
                syslogMap.put("Severity", Severity.get(FS & 7));
                syslogMap.put("Timestamp", matcher.group(2));
                syslogMap.put("Orgin",matcher.group(3));
                syslogMap.put("Tag", matcher.group(4));
                syslogMap.put("Message", matcher.group(5));
            }
            System.out.println(syslogMap);            
        }
    }
}