From 343fbff28e7403e435fd0b5bf4eb39ccf99eb187 Mon Sep 17 00:00:00 2001 From: splunkertimn <109310003+timannguyen@users.noreply.github.com> Date: Thu, 13 Jul 2023 09:12:28 -0400 Subject: [PATCH] [pkg/stanza] use octetmultiline in input/syslog (#24168) Ensure `OctetMultiLineBuilder` is set --- .chloggen/pkg-stanza-input-syslog.yaml | 20 ++++++++ pkg/stanza/operator/input/syslog/syslog.go | 2 +- .../operator/input/syslog/syslog_test.go | 46 ++++++++++++++++++- 3 files changed, 65 insertions(+), 3 deletions(-) create mode 100644 .chloggen/pkg-stanza-input-syslog.yaml diff --git a/.chloggen/pkg-stanza-input-syslog.yaml b/.chloggen/pkg-stanza-input-syslog.yaml new file mode 100644 index 000000000000..7ee156763825 --- /dev/null +++ b/.chloggen/pkg-stanza-input-syslog.yaml @@ -0,0 +1,20 @@ +# Use this changelog template to create an entry for release notes. +# If your change doesn't affect end users, such as a test fix or a tooling change, +# you should instead start your pull request title with [chore] or use the "Skip Changelog" label. + +# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix' +change_type: bug_fix + +# The name of the component, or a single word describing the area of concern, (e.g. filelogreceiver) +component: pkg/stanza + +# A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`). +note: Fix issue where syslog input ignored enable_octet_counting setting + +# Mandatory: One or more tracking issues related to the change. You can use the PR number here if no issue exists. +issues: [24073] + +# (Optional) One or more lines of additional information to render under the primary note. +# These lines will be padded with 2 spaces and then inserted directly into the document. +# Use pipe (|) for multiline entries. +subtext: diff --git a/pkg/stanza/operator/input/syslog/syslog.go b/pkg/stanza/operator/input/syslog/syslog.go index 6c43ce0bec67..1d21bb6b0709 100644 --- a/pkg/stanza/operator/input/syslog/syslog.go +++ b/pkg/stanza/operator/input/syslog/syslog.go @@ -61,11 +61,11 @@ func (c Config) Build(logger *zap.SugaredLogger) (operator.Operator, error) { if c.TCP != nil { tcpInputCfg := tcp.NewConfigWithID(inputBase.ID() + "_internal_tcp") + tcpInputCfg.BaseConfig = *c.TCP if syslogParserCfg.EnableOctetCounting { tcpInputCfg.MultiLineBuilder = OctetMultiLineBuilder } - tcpInputCfg.BaseConfig = *c.TCP tcpInput, err := tcpInputCfg.Build(logger) if err != nil { return nil, fmt.Errorf("failed to resolve tcp config: %w", err) diff --git a/pkg/stanza/operator/input/syslog/syslog_test.go b/pkg/stanza/operator/input/syslog/syslog_test.go index 1315d3dc1f10..b6bd8f223cfd 100644 --- a/pkg/stanza/operator/input/syslog/syslog_test.go +++ b/pkg/stanza/operator/input/syslog/syslog_test.go @@ -11,6 +11,7 @@ import ( "github.com/stretchr/testify/require" + "github.com/open-telemetry/opentelemetry-collector-contrib/pkg/stanza/entry" "github.com/open-telemetry/opentelemetry-collector-contrib/pkg/stanza/operator" "github.com/open-telemetry/opentelemetry-collector-contrib/pkg/stanza/operator/helper" "github.com/open-telemetry/opentelemetry-collector-contrib/pkg/stanza/operator/input/tcp" @@ -21,14 +22,55 @@ import ( "github.com/open-telemetry/opentelemetry-collector-contrib/pkg/stanza/testutil" ) -func TestInput(t *testing.T) { - basicConfig := func() *syslog.Config { +var ( + basicConfig = func() *syslog.Config { cfg := syslog.NewConfigWithID("test_syslog_parser") return cfg } + OctetCase = syslog.Case{ + Name: "RFC6587 Octet Counting", + Config: func() *syslog.Config { + cfg := basicConfig() + cfg.Protocol = syslog.RFC5424 + cfg.EnableOctetCounting = true + return cfg + }(), + Input: &entry.Entry{ + Body: `215 <86>1 2015-08-05T21:58:59.693Z 192.168.2.132 SecureAuth0 23108 ID52020 [SecureAuth@27389 UserHostAddress="192.168.2.132" Realm="SecureAuth0" UserID="Tester2" PEN="27389"] Found the user for retrieving user's profile215 <86>1 2016-08-05T21:58:59.693Z 192.168.2.132 SecureAuth0 23108 ID52020 [SecureAuth@27389 UserHostAddress="192.168.2.132" Realm="SecureAuth0" UserID="Tester2" PEN="27389"] Found the user for retrieving user's profile215 <86>1 2017-08-05T21:58:59.693Z 192.168.2.132 SecureAuth0 23108 ID52020 [SecureAuth@27389 UserHostAddress="192.168.2.132" Realm="SecureAuth0" UserID="Tester2" PEN="27389"] Found the user for retrieving user's profile`, + }, + Expect: &entry.Entry{ + Timestamp: time.Date(2015, 8, 5, 21, 58, 59, 693000000, time.UTC), + Severity: entry.Info, + SeverityText: "info", + Attributes: map[string]interface{}{ + "appname": "SecureAuth0", + "facility": 10, + "hostname": "192.168.2.132", + "message": "Found the user for retrieving user's profile", + "msg_id": "ID52020", + "priority": 86, + "proc_id": "23108", + "structured_data": map[string]map[string]string{ + "SecureAuth@27389": { + "PEN": "27389", + "Realm": "SecureAuth0", + "UserHostAddress": "192.168.2.132", + "UserID": "Tester2", + }, + }, + "version": 1, + }, + Body: `215 <86>1 2015-08-05T21:58:59.693Z 192.168.2.132 SecureAuth0 23108 ID52020 [SecureAuth@27389 UserHostAddress="192.168.2.132" Realm="SecureAuth0" UserID="Tester2" PEN="27389"] Found the user for retrieving user's profile`, + }, + ValidForTCP: true, + } +) + +func TestInput(t *testing.T) { cases, err := syslog.CreateCases(basicConfig) require.NoError(t, err) + cases = append(cases, OctetCase) for _, tc := range cases { if tc.ValidForTCP {