mcuadros · glicht · Apr 2, 2018 · Jan 27, 2019 · Feb 6, 2019
diff --git a/doc.go b/doc.go
@@ -2,4 +2,4 @@
 Syslog server library for go, build easy your custom syslog server
 over UDP, TCP or Unix sockets using RFC3164, RFC5424 and RFC6587
 */
-package syslog // import "gopkg.in/mcuadros/go-syslog.v2"
+package syslog // import "github.com/demisto/go-syslog"
diff --git a/example/basic_udp.go b/example/basic_udp.go
@@ -3,7 +3,7 @@ package main
 import (
 	"fmt"
 
-	"gopkg.in/mcuadros/go-syslog.v2"
+	"github.com/demisto/go-syslog"
 )
 
 func main() {

diff --git a/format/automatic.go b/format/automatic.go
@@ -3,11 +3,10 @@ package format
 import (
 	"bufio"
 	"bytes"
-	"errors"
 	"strconv"
 
-	"gopkg.in/mcuadros/go-syslog.v2/internal/syslogparser/rfc3164"
-	"gopkg.in/mcuadros/go-syslog.v2/internal/syslogparser/rfc5424"
+	"github.com/demisto/go-syslog/internal/syslogparser/rfc3164"
+	"github.com/demisto/go-syslog/internal/syslogparser/rfc5424"
 )
 
 /* Selecting an 'Automatic' format detects incoming format (i.e. RFC3164 vs RFC5424) and Framing
@@ -31,33 +30,40 @@ const (
 	detectedRFC6587 = iota
 )
 
-func detect(data []byte) (detected int, err error) {
+/*
+ * Will always fallback to rfc3164 (see section 4.3.3)
+ */
+func detect(data []byte) int {
 	// all formats have a sapce somewhere
 	if i := bytes.IndexByte(data, ' '); i > 0 {
 		pLength := data[0:i]
 		if _, err := strconv.Atoi(string(pLength)); err == nil {
-			return detectedRFC6587, nil
+			return detectedRFC6587
+		}
+		// are we starting with <
+		if data[0] != '<' {
+			return detectedRFC3164
 		}
-
 		// is there a close angle bracket before the ' '? there should be
 		angle := bytes.IndexByte(data, '>')
 		if (angle < 0) || (angle >= i) {
-			return detectedUnknown, errors.New("No close angle bracket before space")
+			return detectedRFC3164
 		}
 
 		// if a single digit immediately follows the angle bracket, then a space
 		// it is RFC5424, as RFC3164 must begin with a letter (month name)
 		if (angle+2 == i) && (data[angle+1] >= '0') && (data[angle+1] <= '9') {
-			return detectedRFC5424, nil
+			return detectedRFC5424
 		} else {
-			return detectedRFC3164, nil
+			return detectedRFC3164
 		}
 	}
-	return detectedUnknown, nil
+	// fallback to rfc 3164 section 4.3.3
+	return detectedRFC3164
 }
 
 func (f *Automatic) GetParser(line []byte) LogParser {
-	switch format, _ := detect(line); format {
+	switch format := detect(line); format {
 	case detectedRFC3164:
 		return &parserWrapper{rfc3164.NewParser(line)}
 	case detectedRFC5424:
@@ -82,7 +88,7 @@ func (f *Automatic) automaticScannerSplit(data []byte, atEOF bool) (advance int,
 		return 0, nil, nil
 	}
 
-	switch format, err := detect(data); format {
+	switch format := detect(data); format {
 	case detectedRFC6587:
 		return rfc6587ScannerSplit(data, atEOF)
 	case detectedRFC3164, detectedRFC5424:

diff --git a/format/format.go b/format/format.go
@@ -4,7 +4,7 @@ import (
 	"bufio"
 	"time"
 
-	"gopkg.in/mcuadros/go-syslog.v2/internal/syslogparser"
+	"github.com/demisto/go-syslog/internal/syslogparser"
 )
 
 type LogParts map[string]interface{}

diff --git a/format/rfc3164.go b/format/rfc3164.go
@@ -3,7 +3,7 @@ package format
 import (
 	"bufio"
 
-	"gopkg.in/mcuadros/go-syslog.v2/internal/syslogparser/rfc3164"
+	"github.com/demisto/go-syslog/internal/syslogparser/rfc3164"
 )
 
 type RFC3164 struct{}

diff --git a/format/rfc5424.go b/format/rfc5424.go
@@ -3,7 +3,7 @@ package format
 import (
 	"bufio"
 
-	"gopkg.in/mcuadros/go-syslog.v2/internal/syslogparser/rfc5424"
+	"github.com/demisto/go-syslog/internal/syslogparser/rfc5424"
 )
 
 type RFC5424 struct{}

diff --git a/format/rfc6587.go b/format/rfc6587.go
@@ -5,7 +5,7 @@ import (
 	"bytes"
 	"strconv"
 
-	"gopkg.in/mcuadros/go-syslog.v2/internal/syslogparser/rfc5424"
+	"github.com/demisto/go-syslog/internal/syslogparser/rfc5424"
 )
 
 type RFC6587 struct{}

diff --git a/handler.go b/handler.go
@@ -1,7 +1,7 @@
 package syslog
 
 import (
-	"gopkg.in/mcuadros/go-syslog.v2/format"
+	"github.com/demisto/go-syslog/format"
 )
 
 //The handler receive every syslog entry at Handle method

diff --git a/handler_test.go b/handler_test.go
@@ -2,7 +2,7 @@ package syslog
 
 import (
 	. "gopkg.in/check.v1"
-	"gopkg.in/mcuadros/go-syslog.v2/format"
+	"github.com/demisto/go-syslog/format"
 )
 
 type HandlerSuite struct{}

diff --git a/internal/syslogparser/rfc3164/example_test.go b/internal/syslogparser/rfc3164/example_test.go
@@ -3,7 +3,7 @@ package rfc3164_test
 import (
 	"fmt"
 
-	"gopkg.in/mcuadros/go-syslog.v2/internal/syslogparser/rfc3164"
+	"github.com/demisto/go-syslog/internal/syslogparser/rfc3164"
 )
 
 func ExampleNewParser() {

diff --git a/internal/syslogparser/rfc3164/rfc3164.go b/internal/syslogparser/rfc3164/rfc3164.go
@@ -4,7 +4,7 @@ import (
 	"bytes"
 	"time"
 
-	"gopkg.in/mcuadros/go-syslog.v2/internal/syslogparser"
+	"github.com/demisto/go-syslog/internal/syslogparser"
 )
 
 type Parser struct {
@@ -43,12 +43,22 @@ func (p *Parser) Location(location *time.Location) {
 }
 
 func (p *Parser) Parse() error {
+	tcursor := p.cursor
 	pri, err := p.parsePriority()
 	if err != nil {
-		return err
+		// RFC3164 sec 4.3.3
+		p.priority = syslogparser.Priority{13, syslogparser.Facility{Value: 1}, syslogparser.Severity{Value: 5}}
+		p.cursor = tcursor
+		content, err := p.parseContent()
+		p.header.timestamp = time.Now().Round(time.Second)
+		if err != syslogparser.ErrEOL {
+			return err
+		}
+		p.message = rfc3164message{content: content}
+		return nil
 	}
 
-	tcursor := p.cursor
+	tcursor = p.cursor
 	hdr, err := p.parseHeader()
 	if err == syslogparser.ErrTimestampUnknownFormat {
 		// RFC3164 sec 4.3.2.

diff --git a/internal/syslogparser/rfc3164/rfc3164_test.go b/internal/syslogparser/rfc3164/rfc3164_test.go
@@ -5,8 +5,8 @@ import (
 	"testing"
 	"time"
 
+	"github.com/demisto/go-syslog/internal/syslogparser"
 	. "gopkg.in/check.v1"
-	"gopkg.in/mcuadros/go-syslog.v2/internal/syslogparser"
 )
 
 // Hooks up gocheck into the gotest runner.
@@ -107,6 +107,10 @@ func (s *Rfc3164TestSuite) TestParser_NoTimestamp(c *C) {
 	now := time.Now()
 
 	obtained := p.Dump()
+
+	obtainedTime := obtained["timestamp"].(time.Time)
+	s.assertTimeIsCloseToNow(c, obtainedTime)
+
 	obtained["timestamp"] = now // XXX: Need to mock out time to test this fully
 	expected := syslogparser.LogParts{
 		"timestamp": now,
@@ -121,6 +125,43 @@ func (s *Rfc3164TestSuite) TestParser_NoTimestamp(c *C) {
 	c.Assert(obtained, DeepEquals, expected)
 }
 
+// RFC 3164 section 4.3.3
+func (s *Rfc3164TestSuite) TestParser_NoPriority(c *C) {
+	buff := []byte("Oct 11 22:14:15 Testing no priority")
+
+	p := NewParser(buff)
+	expectedP := &Parser{
+		buff:     buff,
+		cursor:   0,
+		l:        len(buff),
+		location: time.UTC,
+	}
+
+	c.Assert(p, DeepEquals, expectedP)
+
+	err := p.Parse()
+	c.Assert(err, IsNil)
+
+	now := time.Now()
+
+	obtained := p.Dump()
+	obtainedTime := obtained["timestamp"].(time.Time)
+	s.assertTimeIsCloseToNow(c, obtainedTime)
+
+	obtained["timestamp"] = now // XXX: Need to mock out time to test this fully
+	expected := syslogparser.LogParts{
+		"timestamp": now,
+		"hostname":  "",
+		"tag":       "",
+		"content":   "Oct 11 22:14:15 Testing no priority",
+		"priority":  13,
+		"facility":  1,
+		"severity":  5,
+	}
+
+	c.Assert(obtained, DeepEquals, expected)
+}
+
 func (s *Rfc3164TestSuite) TestParseHeader_Valid(c *C) {
 	buff := []byte("Oct 11 22:14:15 mymachine ")
 	now := time.Now()
@@ -375,3 +416,11 @@ func (s *Rfc3164TestSuite) assertRfc3164message(c *C, msg rfc3164message, b []by
 	c.Assert(obtained, Equals, msg)
 	c.Assert(p.cursor, Equals, expC)
 }
+
+func (s *Rfc3164TestSuite) assertTimeIsCloseToNow(c *C, obtainedTime time.Time) {
+	now := time.Now()
+	timeStart := now.Add(-(time.Second * 5))
+	timeEnd := now.Add(time.Second)
+	c.Assert(obtainedTime.After(timeStart), Equals, true)
+	c.Assert(obtainedTime.Before(timeEnd), Equals, true)
+}
diff --git a/internal/syslogparser/rfc5424/example_test.go b/internal/syslogparser/rfc5424/example_test.go
@@ -3,7 +3,7 @@ package rfc5424_test
 import (
 	"fmt"
 
-	"gopkg.in/mcuadros/go-syslog.v2/internal/syslogparser/rfc5424"
+	"github.com/demisto/go-syslog/internal/syslogparser/rfc5424"
 )
 
 func ExampleNewParser() {

diff --git a/internal/syslogparser/rfc5424/rfc5424.go b/internal/syslogparser/rfc5424/rfc5424.go
@@ -9,7 +9,7 @@ import (
 	"strconv"
 	"time"
 
-	"gopkg.in/mcuadros/go-syslog.v2/internal/syslogparser"
+	"github.com/demisto/go-syslog/internal/syslogparser"
 )
 
 const (

diff --git a/internal/syslogparser/rfc5424/rfc5424_test.go b/internal/syslogparser/rfc5424/rfc5424_test.go
@@ -6,7 +6,7 @@ import (
 	"time"
 
 	. "gopkg.in/check.v1"
-	"gopkg.in/mcuadros/go-syslog.v2/internal/syslogparser"
+	"github.com/demisto/go-syslog/internal/syslogparser"
 )
 
 // Hooks up gocheck into the gotest runner.

diff --git a/server.go b/server.go
@@ -9,7 +9,7 @@ import (
 	"sync"
 	"time"
 
-	"gopkg.in/mcuadros/go-syslog.v2/format"
+	"github.com/demisto/go-syslog/format"
 )
 
 var (
@@ -258,7 +258,7 @@ func (s *Server) parser(line []byte, client string, tlsPeer string) {
 
 	logParts := parser.Dump()
 	logParts["client"] = client
-	if logParts["hostname"] == "" && s.format == RFC3164 {
+	if logParts["hostname"] == "" && (s.format == RFC3164 || s.format == Automatic) {
 		if i := strings.Index(client, ":"); i > 1 {
 			logParts["hostname"] = client[:i]
 		} else {

diff --git a/server_bench_test.go b/server_bench_test.go
@@ -7,7 +7,7 @@ import (
 	"testing"
 	"time"
 
-	"gopkg.in/mcuadros/go-syslog.v2/format"
+	"github.com/demisto/go-syslog/format"
 )
 
 type noopFormatter struct{}

diff --git a/server_test.go b/server_test.go
@@ -7,8 +7,8 @@ import (
 	"testing"
 	"time"
 
+	"github.com/demisto/go-syslog/format"
 	. "gopkg.in/check.v1"
-	"gopkg.in/mcuadros/go-syslog.v2/format"
 )
 
 func Test(t *testing.T) { TestingT(t) }
@@ -19,6 +19,7 @@ type ServerSuite struct {
 var _ = Suite(&ServerSuite{})
 var exampleSyslog = "<31>Dec 26 05:08:46 hostname tag[296]: content"
 var exampleSyslogNoTSTagHost = "<14>INFO     leaving (1) step postscripts"
+var exampleSyslogNoPriority = "Dec 26 05:08:46 hostname test with no priority - see rfc 3164 section 4.3.3"
 var exampleRFC5424Syslog = "<34>1 2003-10-11T22:14:15.003Z mymachine.example.com su - ID47 - 'su root' failed for lonvick on /dev/pts/8"
 
 func (s *ServerSuite) TestTailFile(c *C) {
@@ -184,6 +185,24 @@ func (s *ServerSuite) TestUDP3164NoTag(c *C) {
 	c.Check(handler.LastError, IsNil)
 }
 
+func (s *ServerSuite) TestUDPAutomatic3164NoPriority(c *C) {
+	handler := new(HandlerMock)
+	server := NewServer()
+	server.SetFormat(Automatic)
+	server.SetHandler(handler)
+	server.SetTimeout(10)
+	server.goParseDatagrams()
+	server.datagramChannel <- DatagramMessage{[]byte(exampleSyslogNoPriority), "127.0.0.1:45789"}
+	close(server.datagramChannel)
+	server.Wait()
+	c.Check(handler.LastLogParts["hostname"], Equals, "127.0.0.1")
+	c.Check(handler.LastLogParts["tag"], Equals, "")
+	c.Check(handler.LastLogParts["priority"], Equals, 13)
+	c.Check(handler.LastLogParts["content"], Equals, exampleSyslogNoPriority)
+	c.Check(handler.LastMessageLength, Equals, int64(len(exampleSyslogNoPriority)))
+	c.Check(handler.LastError, IsNil)
+}
+
 func (s *ServerSuite) TestUDP6587(c *C) {
 	handler := new(HandlerMock)
 	server := NewServer()
-Original file line number
+Diff line change
@@ Expand Up / @@ -4,7 +4,7 @@ import ( @@
     	"bufio"
     	"time"
-    	"gopkg.in/mcuadros/go-syslog.v2/internal/syslogparser"
+    	"github.com/demisto/go-syslog/internal/syslogparser"
     )
     type LogParts map[string]interface{}
@@ Expand Down @@