package org.infosec.ismp.manager.syslog.hillstone;
import java.io.UnsupportedEncodingException;
import java.text.ParseException;
import java.util.Date;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.infosec.ismp.model.syslog.MessageDiscardedException;
import org.infosec.ismp.model.syslog.Syslog;
import org.infosec.ismp.model.syslog.SyslogDefs;
import org.infosec.ismp.model.syslog.SyslogEntity;
import org.infosec.ismp.model.syslog.SyslogParser;
import org.infosec.ismp.model.syslog.SyslogTimeStamp;
import org.infosec.ismp.util.ThreadCategory;
public class HillStoneSyslogParse implements SyslogParser {
public SyslogEntity parseSyslog(byte[] data, int len)
throws UnsupportedEncodingException, MessageDiscardedException {
String msg = new String(data, 0, len, "utf-8");
int lbIdx = msg.indexOf('<');
int rbIdx = msg.indexOf('>');
if (lbIdx < 0 || rbIdx < 0 || lbIdx >= (rbIdx - 1)) {
log().warn("Syslogd received an unparsable message!");
}
int priCode = 0;
String priStr = msg.substring(lbIdx + 1, rbIdx);
try {
priCode = Integer.parseInt(priStr);
} catch (final NumberFormatException ex) {
log().debug("ERROR Bad priority code '" + priStr + "'");
}
final int facility = SyslogDefs.extractFacility(priCode);
final int priority = SyslogDefs.extractPriority(priCode);
final String priorityTxt = SyslogDefs.getPriorityName(priority);
final String facilityTxt = SyslogDefs.getFacilityName(facility);
SyslogEntity syslog = new SyslogEntity();
syslog.setFacility(facilityTxt);
syslog.setSeverity(priorityTxt);
msg = msg.substring(rbIdx + 1, (msg.length()));
// Check to see if message looks non-standard.
// In this case, it means that there is not a standard
// date in the front of the message text.
boolean stdMsg = true;
if (msg.length() < 16) {
stdMsg = false;
} else if (msg.charAt(3) != ' ' || msg.charAt(6) != ' '
|| msg.charAt(9) != ':' || msg.charAt(12) != ':'
|| msg.charAt(15) != ' ') {
stdMsg = false;
}
String timestamp;
if (!stdMsg) {
try {
timestamp = SyslogTimeStamp.getInstance().format(new Date());
} catch (IllegalArgumentException ex) {
log().debug("ERROR INTERNAL DATE ERROR!");
timestamp = "";
}
} else {
timestamp = msg.substring(0, 15);
msg = msg.substring(16);
}
Date date;
try {
date = SyslogTimeStamp.getInstance().parse(timestamp);
} catch (ParseException e) {
e.printStackTrace();
date = new Date();
}
syslog.setCreateTime(date);
msg = msg.trim();
Pattern pattern = Pattern.compile("^(\\S*)\\s(.*)\\n?$",
Pattern.MULTILINE);
Matcher match = pattern.matcher(msg);
if (match.matches()) {
String hostName = match.group(1);
// System.out.println("hostname is : " + hostName);
String content = match.group(2);
// System.out.println("content is : " + content);
syslog.setHostname(hostName);
syslog.setMsg(content);
} else {
log().warn("the regex expression not match");
throw new MessageDiscardedException();
}
return syslog;
}
public boolean isRightSyslog(byte[] data, int len) {
boolean flag = false;
try {
String msg = new String(data, 0, len, "utf-8");
if (msg.contains("hillstone")) {
flag = true;
}
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
return flag;
}
ThreadCategory log() {
return ThreadCategory.getInstance(getClass());
}
}