public static SyslogMessage Create(SyslogFacility facility, SyslogSeverity severity, string message) { SyslogMessage msg = new SyslogMessage(); msg.Facility = facility; msg.Severity = severity; msg.TimeStamp = DateTimeOffset.Now; msg.HostName = Environment.MachineName; msg.MessageText = message; return(msg); }
public static SyslogMessage Create(string message) { SyslogMessage msg = new SyslogMessage(); msg.Facility = SyslogConstants.DefaultFacility; msg.Severity = SyslogConstants.DefaultSeverity; msg.TimeStamp = DateTimeOffset.Now; msg.HostName = Environment.MachineName; msg.MessageText = message; return(msg); }
//called when data for any output pin is requested public void Evaluate(int spreadMax) { spreadMax = Max(FMessageIn.SliceCount, FFacility.SliceCount, FSeverity.SliceCount, FHostname.SliceCount, FAppName.SliceCount, FProcId.SliceCount, FMsgId.SliceCount, FStructuredDataName.SliceCount, FStructuredDataValue.SliceCount); //ResizeAndDispose will adjust the spread length and thereby call //the given constructor function for new slices and Dispose on old //slices. FStreamOut.ResizeAndDispose(spreadMax, () => new MemoryStream()); for (int i = 0; i < spreadMax; i++) { if (FMessageIn.IsChanged || FFacility.IsChanged || FSeverity.IsChanged || FHostname.IsChanged || FAppName.IsChanged || FProcId.IsChanged || FMsgId.IsChanged /*|| * FStructuredData.IsChanged*/) { //create msg SyslogMessage msg = Create(FFacility[i], FSeverity[i], FMessageIn[i]); // add properties if (FHostname[i] != string.Empty) { msg.HostName = FHostname[i]; } if (FAppName[i] != string.Empty) { msg.AppName = FAppName[i]; } if (FProcId[i] != string.Empty) { msg.ProcessID = FProcId[i]; } if (FMsgId[i] != string.Empty) { msg.MessageID = FMsgId[i]; } // add structured Data List <StructuredDataElement> sd = new List <StructuredDataElement>(); StructuredDataElement sde = new StructuredDataElement(); sde.ID = FSDID[0] + "@" + FEID[0]; // set id according to rfc5424 ... the enterprise ID is a wildcard anyway, since one is not registered at the IANA for (int s = 0; s < FStructuredDataName[i].SliceCount; s++) { sde.Properties.Add(FStructuredDataName[i][s], FStructuredDataValue[i][s]); } sd.Add(sde); msg.StructuredData = sd; // convert to stream byte[] byteMessage = System.Text.Encoding.ASCII.GetBytes(msg.ToIetfSyslogString()); Stream outputStream = FStreamOut[i]; // write out outputStream.Position = 0; outputStream.SetLength(byteMessage.Length); outputStream.Write(byteMessage, 0, byteMessage.Length); } } //this will force the changed flag of the output pin to be set FStreamOut.Flush(true); }
//List<Stream> oldStream; //bool firstrun = true; #endregion fields & pins public void Evaluate(int spreadMax) { FMessage.SliceCount = spreadMax; FFacility.SliceCount = spreadMax; FSeverity.SliceCount = spreadMax; FTimestamp.SliceCount = spreadMax; FHostname.SliceCount = spreadMax; FAppName.SliceCount = spreadMax; FProcId.SliceCount = spreadMax; FMsgId.SliceCount = spreadMax; FStructuredDataName.SliceCount = spreadMax; FStructuredDataValue.SliceCount = spreadMax; #region test //if (firstrun) // oldStream = new List<Stream>(); //if (firstrun || oldStream.Count != FStreamIn.SliceCount) //{ // oldStream.Clear(); // foreach (Stream s in FStreamIn) // oldStream.Add(s); //} #endregion test for (int i = 0; i < spreadMax; i++) { #region test //if (firstrun || oldStream[i] != FStreamIn[i] ) //IsChanged doesn't work with Streams //{ // if (firstrun == true) // firstrun = false; // oldStream[i] = FStreamIn[i]; #endregion test if (FStreamIn[i].Length > 0) { // Stream > string byte[] buffer = new byte[FStreamIn[i].Length]; int test = FStreamIn[i].Read(buffer, 0, (int)FStreamIn[i].Length); string stringMessage = System.Text.Encoding.ASCII.GetString(buffer, 0, buffer.Length); SyslogParser prs = new SyslogParser(); SyslogMessage msg = prs.Parse(stringMessage); if (msg != null) { FMessage[i] = msg.MessageText; FFacility[i] = msg.Facility; FSeverity[i] = msg.Severity; FTimestamp[i] = msg.TimeStamp.ToString(); FHostname[i] = msg.HostName; FAppName[i] = msg.AppName; FProcId[i] = msg.ProcessID; FMsgId[i] = msg.MessageID; int sdCount = msg.StructuredData.Count; // is normally 1 (when created with Syslog (Raw join), because it can't pack several sd elements into one sd package) FStructuredDataName[i].SliceCount = 0; FStructuredDataValue[i].SliceCount = 0; for (int s = 0; s < sdCount; s++) { // each sd contains n sd elements int keycount = msg.StructuredData[s].Properties.Count; for (int k = 0; k < keycount; k++) { FStructuredDataName[i].Add <string>(msg.StructuredData[s].Properties.AllKeys[k]); FStructuredDataValue[i].Add <string>(msg.StructuredData[s].Properties.GetValues(k)[0]); } } } else { FMessage[i] = "corrupt message"; FFacility[i] = SyslogFacility.Unknown; FSeverity[i] = SyslogSeverity.Unknown; FTimestamp[i] = ""; FHostname[i] = ""; FAppName[i] = ""; FProcId[i] = ""; FMsgId[i] = ""; FStructuredDataName[i].SliceCount = 0; FStructuredDataValue[i].SliceCount = 0; } } } }