Bug #23897 for Parse-Syslog: Fix to parse facility and level in syslogd -v and syslog-ng logs.

I fixed Parse::Syslog 1.09 to parse log lines like those below. The diff is attached, as well as test files for the package. Type syslogd -v: Dec 12 06:55:50 <16.4> localhost syslog.pl[62123]: Hello Similar type from syslog-ng with such a destination thingy: destination test { file("/var/log/test" template("$DATE <$FACILITY.$PRIORITY> $HOST $MSG\n") template_escape(no) ); }; Dec 12 06:55:56 <local1.notice> localhost syslog.pl[62123]: Hello

use Test; use lib "lib"; BEGIN { plan tests => 41 }; use Parse::Syslog; ok(1); # If we made it this far, we're ok. ######################### my $parser = Parse::Syslog->new("t/syslog-ng", year=>2006); open(PARSED, "<t/syslog-ng-parsed") or die "can't open t/syslog-ng-parsed: $!\n"; while(my $sl = $parser->next) { my $is = ''; $is .= "time : ".(localtime($sl->{timestamp}))."\n"; $is .= "host : $sl->{host}\n"; $is .= "program : $sl->{program}\n"; $is .= "pid : ".(defined $sl->{pid} ? $sl->{pid} : 'undef')."\n"; $is .= "text : $sl->{text}\n"; $is .= "facility: $sl->{facility}\n"; $is .= "level : $sl->{level}\n"; $is .= "\n"; print "$is"; my $shouldbe = ''; $shouldbe .= <PARSED>; $shouldbe .= <PARSED>; $shouldbe .= <PARSED>; $shouldbe .= <PARSED>; $shouldbe .= <PARSED>; $shouldbe .= <PARSED>; $shouldbe .= <PARSED>; $shouldbe .= <PARSED>; ok($is, $shouldbe); } # vim: set filetype=perl:

--- Syslog.pm.orig 2006-01-05 14:43:44.000000000 +0100 +++ Syslog.pm 2006-12-12 14:43:25.087163300 +0100 @@ -222,12 +222,12 @@ (\S{3})\s+(\d+) # date -- 1, 2 \s (\d+):(\d+):(\d+) # time -- 3, 4, 5 - (?:\s<\w+\.\w+>)? # FreeBSD's verbose-mode + (\s<(\w+)\.(\w+)>)? # FreeBSD's verbose-mode 6,7,8 \s - ([-\w\.\@:]+) # host -- 6 + ([-\w\.\@:]+) # host -- 9 \s+ (?:\[LOG_[A-Z]+\]\s+)? # FreeBSD - (.*) # text -- 7 + (.*) # text -- 10 $/x or do { warn "WARNING: line not in syslog format: $str"; @@ -249,7 +249,7 @@ } } - my ($host, $text) = ($6, $7); + my ($facility, $level, $host, $text) = ($7, $8, $9, $10); # last message repeated ... times if($text =~ /^(?:last message repeated|above message repeats) (\d+) time/) { @@ -286,6 +286,12 @@ warn "WARNING: line not in syslog format: $str"; next line; }; + unless(defined($facility)) { + $facility = $4; + } + unless(defined($level)) { + $level = $5; + } if($self->{arrayref}) { $self->{_last_data}{$host} = [ @@ -303,8 +309,8 @@ program => $1, pid => $2, msgid => $3, - facility => $4, - level => $5, + facility => $facility, + level => $level, text => $6, }; }