syslog数据接收并处理

1、导包：

<dependency><groupId>org.graylog2</groupId><artifactId>syslog4j</artifactId><version>0.9.60</version></dependency>

2、重写接收处理器：

import org.graylog2.syslog4j.server.SyslogServerEventIF; import org.graylog2.syslog4j.server.SyslogServerIF; import org.graylog2.syslog4j.server.SyslogServerSessionEventHandlerIF; import org.graylog2.syslog4j.util.SyslogUtility;import java.io.UnsupportedEncodingException; import java.net.SocketAddress; import java.nio.charset.StandardCharsets; import java.util.Date; import java.util.regex.Matcher; import java.util.regex.Pattern;public class SyslogServerEventHandlerTest implements SyslogServerSessionEventHandlerIF {//extends PrintStreamSyslogServerEventHandler {private String syslog;//重写event方法public void event(Object session, SyslogServerIF syslogServer, SocketAddress socketAddress, SyslogServerEventIF event) {//判断传输时间是否存在，不存在将现在的时间设置为传输时间String date = (event.getDate() == null ? new Date() : event.getDate()).toString();//将解析日志的生成端,<<3是要该数左移动三位计算String facility = SyslogUtility.getFacilityString(event.getFacility() << 3);//讲解析日志的级别，级别越大越低String level = SyslogUtility.getLevelString(event.getLevel());//获取当前的源设备IPString sourceIP = getIPAddress(socketAddress.toString());//获取到信息主体String msg = event.getMessage();//放入信息setSyslog("{" + facility + "} " + date + " " + level + " " + msg + " " + sourceIP);try {msg = new String(event.getMessage().getBytes(), StandardCharsets.UTF_8);//打印信息 // System.out.println(getSyslog());System.out.println(msg);} catch (Exception e) {System.err.println("UnsupportedEncodingException");}}public String getSyslog() throws UnsupportedEncodingException {return new String(syslog.getBytes(), "UTF-8");}public void setSyslog(String syslog) {this.syslog = syslog;}//获取到该字符串里的ip地址private String getIPAddress(String bString) {String regEx = "((2[0-4]\\d|25[0-5]|[01]?\\d\\d?)\\.){3}(2[0-4]\\d|25[0-5]|[01]?\\d\\d?)";Pattern p = Pattern.compile(regEx);Matcher m = p.matcher(bString);String result = "";while (m.find()) {result = m.group();break;}return result;}@Overridepublic void initialize(SyslogServerIF syslogServer) {}@Overridepublic void destroy(SyslogServerIF syslogServer) {}@Overridepublic Object sessionOpened(SyslogServerIF syslogServer, SocketAddress socketAddress) {return null;}@Overridepublic void exception(Object session, SyslogServerIF syslogServer, SocketAddress socketAddress, Exception exception) {}@Overridepublic void sessionClosed(Object session, SyslogServerIF syslogServer, SocketAddress socketAddress, boolean timeout) {} }

3、多线程调用接收处理器：

import org.graylog2.syslog4j.server.SyslogServer; import org.graylog2.syslog4j.server.SyslogServerConfigIF; import org.graylog2.syslog4j.server.SyslogServerEventHandlerIF; import org.graylog2.syslog4j.server.SyslogServerIF;public class UDPSyslogServerFinalTest implements Runnable {private static UDPSyslogServerFinalTest UDPSyslogServerFinal = null;//syslog服务器配置文件用于服务器关闭private SyslogServerIF serverIf = null;public SyslogServerIF getServerIF() {return serverIf;}private void setServerIF(SyslogServerIF serverIF) {this.serverIf = serverIF;}private UDPSyslogServerFinalTest() {}//用单例模式去书写public static synchronized UDPSyslogServerFinalTest getUDPSyslogServer() {if (UDPSyslogServerFinal == null) {UDPSyslogServerFinal = new UDPSyslogServerFinalTest();}return UDPSyslogServerFinal;}@Overridepublic void run() {//实例化接收处理方法SyslogServerEventHandlerIF eventHandler = new SyslogServerEventHandlerTest();//传入UDP协议参数实例化具体服务器 就是这个位置不同，如果你闲麻烦可以用自己优化一下算法然后将两个合为一个SyslogServerIF serverIF = SyslogServer.getInstance("udp");//从服务器里获取配置信息变量SyslogServerConfigIF config = serverIF.getConfig();//设置监听地址0.0.0.0为监听网络内全部地址config.setHost("0.0.0.0");//设置监听地址为514,514为syslog默认地址config.setPort(514);//放入接收方法config.addEventHandler(eventHandler);//初始化服务器serverIF.initialize("udp", config);System.out.println("server start udp");//设置服务器变量，用来外部调用关闭setServerIF(serverIF);//服务器启动serverIF.run();} }

4、开启监听：
 

UDPSyslogServerFinalTest udpSyslogServerFinalTest = UDPSyslogServerFinalTest.getUDPSyslogServer();Thread s = new Thread(udpSyslogServerFinalTest);s.start();

5、模拟发送syslog数据

@SneakyThrows@Testpublic void syslogClientSend() {SyslogIF syslog = Syslog.getInstance("udp");syslog.getConfig().setSendLocalName(false);//根据方法名就可看出是发送名称 // syslog.getConfig().setSendLocalTimestamp(false);//发送时间syslog.getConfig().setHost("192.168.0.104");syslog.getConfig().setPort(514);StringBuffer eventCvs = new StringBuffer();String str = "666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666";TimeInterval timer = DateUtil.timer();for (int m = 0; m < 100000; m++) {syslog.log(SyslogConstants.LEVEL_DEBUG, URLDecoder.decode(str, String.valueOf(StandardCharsets.UTF_8)));eventCvs.delete(0,eventCvs.length());}Thread.sleep(3000);System.out.println("cast time:" +timer.interval());}

 

总结

以上是生活随笔为你收集整理的syslog数据接收并处理的全部内容，希望文章能够帮你解决所遇到的问题。

如果觉得生活随笔网站内容还不错，欢迎将生活随笔推荐给好友。