Browse Source

Merge "Add auto-detect parser for raw syslog"

Zuul 1 year ago
parent
commit
3a6b12679d
1 changed files with 45 additions and 0 deletions
  1. 45
    0
      oslogmerger/oslogmerger.py

+ 45
- 0
oslogmerger/oslogmerger.py View File

@@ -2,9 +2,11 @@ from __future__ import print_function
2 2
 import argparse
3 3
 from datetime import datetime, timedelta
4 4
 import dateutil.parser
5
+import dateutil.tz
5 6
 import hashlib
6 7
 import heapq
7 8
 import os
9
+import re
8 10
 import sys
9 11
 import tempfile
10 12
 import time
@@ -231,6 +233,48 @@ class LibvirtdParser(LogParser):
231 233
         return dt, dt_str, line[match.end():]
232 234
 
233 235
 
236
+class RawSyslog(LogParser):
237
+    """Raw syslog: <183>1 2017-04-03T21:48:21.781459-03:30"""
238
+
239
+    # NOTE(mdbooth): Parsing the date in this regexp and reconstructing it
240
+    # manually is a *lot* faster than passing the whole string to
241
+    # dateutil.parse(). Didn't try strptime due to having to parse tzinfo
242
+    # manually anyway.
243
+    HEADER = re.compile('<\d+>\d+\s'
244
+                        '('
245
+                         '(\d{4})-(\d{2})-(\d{2})T'       # Date
246
+                         '(\d{2}):(\d{2}):(\d{2})\.(\d+)' # Time
247
+                         '('                              #
248
+                          '([+-])(\d{2}):(\d{2})'         # Timezone
249
+                         ')'                              #
250
+                        ')\s*')
251
+
252
+    def parse_line(self, line):
253
+        m = RawSyslog.HEADER.match(line)
254
+        if m is None:
255
+            raise ValueError("Not syslog packet")
256
+
257
+        groups = list(m.groups())
258
+        dt_str = groups.pop(0)
259
+
260
+        (tzminutes, tzhours, tzsign, tzstr) = (
261
+                groups.pop(), groups.pop(), groups.pop(), groups.pop())
262
+        tzinfo = make_tzinfo(tzstr, tzsign, tzhours, tzminutes)
263
+
264
+        dt = datetime(
265
+            year=int(groups.pop(0)),
266
+            month=int(groups.pop(0)),
267
+            day=int(groups.pop(0)),
268
+            hour=int(groups.pop(0)),
269
+            minute=int(groups.pop(0)),
270
+            second=int(groups.pop(0)),
271
+            microsecond=int(groups.pop(0)),
272
+            tzinfo=tzinfo,
273
+        )
274
+
275
+        return dt, dt_str, line[m.end():]
276
+
277
+
234 278
 class TSLogParser(LogParser):
235 279
     """Timestamped log: [275514.814982]"""
236 280
 
@@ -422,6 +466,7 @@ LOG_TYPES = {
422 466
 # Log file formats which can only be auto-detected
423 467
 DETECTED_LOG_TYPES = [
424 468
     LibvirtdParser,
469
+    RawSyslog,
425 470
 ]
426 471
 
427 472
 

Loading…
Cancel
Save