Syslog Support
Spring Integration 2.2 引入了 syslog 变换器:SyslogToMapTransformer。
Spring Integration 2.2 introduced the syslog transformer: SyslogToMapTransformer.
你需要将此依赖项包含在你的项目中:
You need to include this dependency into your project:
-
Maven
-
Gradle
<dependency>
<groupId>org.springframework.integration</groupId>
<artifactId>spring-integration-syslog</artifactId>
<version>{project-version}</version>
</dependency>compile "org.springframework.integration:spring-integration-syslog:{project-version}"此变换器与“UDP”或“TCP”输入适配器一起可用于接收和分析来自其他主机的 syslog 记录。此变换器创建一个消息有效负载,其中包含来自 syslog 消息的元素映射。
This transformer, together with a UDP or TCP inbound adapter, could be used to receive and analyze syslog records from other hosts.
The transformer creates a message payload that contains a map of the elements from the syslog message.
Spring Integration 3.0 引入了方便的命名空间支持,可以在一个元素中配置 syslog 输入适配器。
Spring Integration 3.0 introduced convenient namespace support for configuring a syslog inbound adapter in a single element.
Syslog Inbound Channel Adapter
此元素包括一个 UDP 或 TCP 入站通道适配器,以及一个 MessageConverter 来将 syslog 消息转换成 Spring Integration 消息。DefaultMessageConverter 委托给 SyslogToMapTransformer,创建一个消息,其有效负载是 syslog 字段的 Map。此外,除了消息以外的所有字段也都作为消息中的标头提供,并以 syslog_ 为前缀。在此模式中,仅支持 RFC 3164(BSD)syslog。
This element encompasses a UDP or TCP inbound channel adapter and a MessageConverter to convert the syslog message to a Spring Integration message.
The DefaultMessageConverter delegates to the SyslogToMapTransformer, creating a message with its payload being the Map of syslog fields.
In addition, all fields except the message are also made available as headers in the message and are prefixed with syslog_.
In this mode, only RFC 3164 (BSD) syslogs are supported.
自 4.1 版起,DefaultMessageConverter 有一个名为 asMap 的属性(默认值为 true)。当它处于 false 状态时,转换器会将消息有效负载保留为原始的完整 syslog 消息(在 byte[] 中),同时仍然设置标头。
Since version 4.1, the DefaultMessageConverter has a property called asMap (the default is true).
When it is false, the converter leaves the message payload as the original complete syslog message (in a byte[]) while still setting the headers.
从 4.1.1 版本开始,还通过使用 RFC5424MessageConverter,支持 RFC 5424。在这种情况下,字段不会作为标头复制,除非已将 asMap 设置为 false,在这种情况下,原始消息是有效负载且已解码的字段是标头。
Since version 4.1.1, RFC 5424 is also supported, by using the RFC5424MessageConverter.
In this case, the fields are not copied as headers, unless asMap is set to false, in which case the original message is the payload and the decoded fields are headers.
要将 RFC 5424 与 TCP 传输一起使用,您必须提供其他配置,以启用 RFC 6587 中描述的不同成帧技术。适配器需要使用 RFC6587SyslogDeserializer 配置的 TCP 连接工厂。默认情况下,此反序列化程序使用换行符 (LF) 界定系统日志消息,从而处理 octet counting 和 non-transparent framing。当未检测到 octet counting 时,它会使用 ByteArrayLfSerializer。要使用不同的 non-transparent 成帧,您可以为它提供其他反序列化程序。虽然反序列化程序可以同时支持 octet counting 和 non-transparent framing,但仅支持后者的一个形式。如果 asMap 在转换器上为 false,则必须在 RFC6587SyslogDeserializer 中设置 retainOriginal 构造函数参数。
To use RFC 5424 with a TCP transport, you must provide additional configuration to enable the different framing techniques described in RFC 6587.
The adapter needs a TCP connection factory that is configured with a RFC6587SyslogDeserializer.
By default, this deserializer handles octet counting and non-transparent framing by using a linefeed (LF) to delimit syslog messages.
It uses a ByteArrayLfSerializer when octet counting is not detected.
To use different non-transparent framing, you can provide it with some other deserializer.
While the deserializer can support both octet counting and non-transparent framing, only one form of the latter is supported.
If asMap is false on the converter, you must set the retainOriginal constructor argument in the RFC6587SyslogDeserializer.
Example Configuration
以下示例定义了一个将消息发送到 syslogIn 通道的 UDP 适配器(适配器 bean 名称是 syslogIn.adapter):
The following example defines a UDP adapter that sends messages to the syslogIn channel (the adapter bean name is syslogIn.adapter):
<int-syslog:inbound-channel-adapter id="syslogIn" port="1514" />该适配器在端口 1514 侦听。
The adapter listens on port 1514.
以下示例定义了一个将消息发送到 fromSyslog 通道的 UDP 适配器(适配器 bean 名称是 syslogIn):
The following example defines a UDP adapter that sends messages to the fromSyslog channel (the adapter bean name is syslogIn):
<int-syslog:inbound-channel-adapter id="syslogIn"
channel="fromSyslog" port="1514" />该适配器在端口 1514 侦听。
The adapter listens on port 1514.
以下示例定义了一个将消息发送到通道 syslogIn 的 TCP 适配器(适配器 bean 名称是 syslogIn.adapter):
The following example defines a TCP adapter that sends messages to channel syslogIn (the adapter bean name is syslogIn.adapter):
<int-syslog:inbound-channel-adapter id="bar" protocol="tcp" port="1514" />该适配器在端口 1514 侦听。
The adapter listens on port 1514.
请注意 protocol 属性的添加。此属性可以包含 udp 或 tcp。它默认为 udp。
Note the addition of the protocol attribute.
This attribute can contain udp or tcp.
It defaults to udp.
以下示例显示了一个将消息发送到通道 fromSyslog 的 UDP 适配器:
The following example shows a UDP adapter that sends messages to channel fromSyslog:
<int-syslog:inbound-channel-adapter id="udpSyslog"
channel="fromSyslog"
auto-startup="false"
phase="10000"
converter="converter"
send-timeout="1000"
error-channel="errors">
<int-syslog:udp-attributes port="1514" lookup-host="false" />
</int-syslog:inbound-channel-adapter>前面的示例还展示了两个 SmartLifecycle 属性: auto-startup 和 phase。它引用一个自定义 org.springframework.integration.syslog.MessageConverter,其 ID 为 converter 和一个 error-channel。还请注意 udp-attributes 子元素。你可以在此设置各种 UDP 属性,如 .UDP Inbound Channel Adapter Attributes 中所定义的。
The preceding example also shows two SmartLifecycle attributes: auto-startup and phase.
It has a reference to a custom org.springframework.integration.syslog.MessageConverter with an ID of converter and an error-channel.
Also notice the udp-attributes child element.
You can set various UDP attributes here, as defined in .UDP Inbound Channel Adapter Attributes.
|
使用 |
|
When you use the |
以下示例显示了一个将消息发送到通道 fromSyslog 的 TCP 适配器:
The following example shows a TCP adapter that sends messages to channel fromSyslog:
<int-syslog:inbound-channel-adapter id="TcpSyslog"
protocol="tcp"
channel="fromSyslog"
connection-factory="cf" />
<int-ip:tcp-connection-factory id="cf" type="server" port="1514" />它还展示了如何引用外部定义的连接工厂,该连接工厂可用于高级配置(套接字保持活动和其他用途)。有关详细信息,请参阅 TCP Connection Factories。
It also shows how to reference an externally defined connection factory, which can be used for advanced configuration (socket keep-alive and other uses). For more information, see TCP Connection Factories.
|
外部配置的 |
|
The externally configured |
以下示例显示了一个将消息发送到通道 fromSyslog 的 TCP 适配器:
The following example shows a TCP adapter that sends messages to channel fromSyslog:
<int-syslog:inbound-channel-adapter id="rfc5424Tcp"
protocol="tcp"
channel="fromSyslog"
connection-factory="cf"
converter="rfc5424" />
<int-ip:tcp-connection-factory id="cf"
using-nio="true"
type="server"
port="1514"
deserializer="rfc6587" />
<bean id="rfc5424" class="org.springframework.integration.syslog.RFC5424MessageConverter" />
<bean id="rfc6587" class="org.springframework.integration.syslog.inbound.RFC6587SyslogDeserializer" />前一个示例被配置为使用 RFC 5424 converter,并使用 RFC 6587 反序列化程序(RFC 5424 所需)引用外部定义的连接工厂进行配置。
The preceding example is configured to use the RFC 5424 converter and is configured with a reference to an externally defined connection factory with the RFC 6587 deserializer (required for RFC 5424).