SysLog RFC5424 的正则表达式 [英] Regular Expression for SysLog RFC5424

问题描述

我正在编写一个 SysLog 服务器，我的程序在其中接收 RFC5424Format 的消息.

I am writing a SysLog Server where my program receive messages of RFC5424Format.

我的程序必须解析消息并存储值.

My program has to parse the message and store the values.

我有一个无法解析消息的正则表达式.

I have got a regular expression which is failing to parse the message.

正则表达式有问题.我是正则表达式的新手.

There is problem in Regular Expression.I am new to Regular expression.

感谢任何帮助.

public static void Main()
    {
        string RFC5424Format = @"(\<(?<PRI>\d+)\>(?<VERSION>\d+)?)? \ * (?<TIMESTAMP> ( (?<YEAR>\d+) - (?<MONTH>\d+) - (?<DAY>\d+) ) T+ (?<HOUR>\d+): (?<MINUTE>\d+): (?<SECOND>\d+) (\.(?<MILLISECONDS>\d+))? (?<OFFSET>Z|(\+|\-)\d+:\d+)? ) \ (?<HOSTNAME>[\w!-~]+) \ (?<APPNAME>[\w!-~]+) \ (?<PROCID>[\w!-~]+) \ (?<MSGID>[\w!-~]+) \  (?<SD>-|(\[.*\])) \ ?(?<MESSAGE>.*)?";

        Regex rfc5424 = new Regex("^" + RFC5424Format + "$", RegexOptions.IgnoreCase | RegexOptions.CultureInvariant | RegexOptions.IgnorePatternWhitespace);

        string input = "< 38 > 1 2018 - 03 - 01T16: 05:51.799465 + 05:30 AAEINBLR07229L Source_UDP - -\n ??? MessageContent_Via_UDP - 5424";

        Match m = rfc5424.Match(input);

        if (m.Success)
        {
            Console.WriteLine("Regex is fine");
        }
        else
        {
            Console.WriteLine("Problem in Regex");
        }
    }

推荐答案

我最近刚遇到这个问题.根据 RFC 5424，系统日志消息应采用以下格式:HEADERSP STRUCTURED-DATA [SP MSG]，其中 SP 是一个空格字符，括号表示数据是可选的.话虽如此，我发现将消息分解为三个单独的正则表达式模式，然后在实例化 Regex 用于比较的对象.

I just came across this problem recently. According to RFC 5424, the Syslog message should be in the following format: HEADER SP STRUCTURED-DATA [SP MSG], where SP is a space character and the brackets represent the data is optional. Having said that I found it easier to break the message down into three separate regular expression patterns and then combine them when I instantiate a Regex object for comparing.

这是我的示例课程.我希望它有所帮助.

Here's my sample class. I hope it helps.

public class SyslogMessage
{
    private static readonly string _SyslogMsgHeaderPattern = @"\<(?<PRIVAL>\d{1,3})\>(?<VERSION>[1-9]{0,2}) (?<TIMESTAMP>(\S|\w)+) (?<HOSTNAME>-|(\S|\w){1,255}) (?<APPNAME>-|(\S|\w){1,48}) (?<PROCID>-|(\S|\w){1,128}) (?<MSGID>-|(\S|\w){1,32})";
    private static readonly string _SyslogMsgStructuredDataPattern = @"(?<STRUCTUREDDATA>-|\[[^\[\=\x22\]\x20]{1,32}( ([^\[\=\x22\]\x20]{1,32}=\x22.+\x22))?\])";
    private static readonly string _SyslogMsgMessagePattern = @"( (?<MESSAGE>.+))?";
    private static Regex _Expression = new Regex($@"^{_SyslogMsgHeaderPattern} {_SyslogMsgStructuredDataPattern}{_SyslogMsgMessagePattern}$", RegexOptions.None, new TimeSpan(0, 0, 5));

    public int Prival { get; private set; }
    public int Version { get; private set; }
    public DateTime TimeStamp { get; private set; }
    public string HostName { get; private set; }
    public string AppName { get; private set; }
    public string ProcId { get; private set; }
    public string MessageId { get; private set; }
    public string StructuredData { get; private set; }
    public string Message { get; private set; }
    public string RawMessage { get; private set; }

    /// <summary>
    /// Parses a Syslog message in RFC 5424 format. 
    /// </summary>
    /// <exception cref="FormatException"></exception>
    /// <exception cref="OverflowException"></exception>
    /// <exception cref="ArgumentNullException"></exception>
    /// <exception cref="InvalidOperationException"></exception>
    public static SyslogMessage Parse(string rawMessage)
    {
        if (string.IsNullOrWhiteSpace(rawMessage)) { throw new ArgumentNullException("message"); }

        var match = _Expression.Match(rawMessage);
        if (match.Success)
        {
            return new SyslogMessage
            {
                Prival = Convert.ToInt32(match.Groups["PRIVAL"].Value),
                Version = Convert.ToInt32(match.Groups["VERSION"].Value),
                TimeStamp = Convert.ToDateTime(match.Groups["TIMESTAMP"].Value),
                HostName = match.Groups["HOSTNAME"].Value,
                AppName = match.Groups["APPNAME"].Value,
                ProcId = match.Groups["PROCID"].Value,
                MessageId = match.Groups["MSGID"].Value,
                StructuredData = match.Groups["STRUCTUREDDATA"].Value,
                Message = match.Groups["MESSAGE"].Value,
                RawMessage = rawMessage
            };
        }
        else { throw new InvalidOperationException("Invalid message."); }
    }

    public override string ToString()
    {
        var message = new StringBuilder($@"<{Prival:###}>{Version:##} {TimeStamp.ToString("yyyy-MM-ddTHH:mm:ss.fffK")} {HostName} {AppName} {ProcId} {MessageId} {StructuredData}");

        if (!string.IsNullOrWhiteSpace(Message))
        {
            message.Append($" {Message}");
        }

        return message.ToString();
    }
}

这篇关于SysLog RFC5424 的正则表达式的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！