1、maven 依赖
<!--syslog固定数据外送-->
<dependency>
<groupId>org.graylog2</groupId>
<artifactId>syslog4j</artifactId>
<version>0.9.60</version>
</dependency>
2、实例
2-1、client 端
SyslogGAUtils.java
package cn.dbsec.syslogga.util;
import org.graylog2.syslog4j.Syslog;
import org.graylog2.syslog4j.SyslogConfigIF;
import org.graylog2.syslog4j.SyslogConstants;
import org.graylog2.syslog4j.SyslogIF;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
/**
* @Description: DCL GA_SYSLOG 数据外发工具类
* @author: ;DBSEC-lei.yu
* @date: 2022/5/31 17:21
*/
public class SyslogGAUtils {
private static volatile SyslogGAUtils instance;
private SyslogGAUtils(){}
public static SyslogGAUtils getInstance(){
if(instance == null){
synchronized (SyslogGAUtils.class) {
if(instance == null){
instance = new SyslogGAUtils();
}
}
}
return instance;
}
/**
* 数据外送
* @param data 外送数据
* @param server_host 外送数据IP地址
* @param server_port 外送数据port端口
* @param max_msgsize 外送数据最大字节数
* @return
*/
public boolean sendSyslog(String data,String server_host,int server_port,int max_msgsize,String syslogType){
SyslogIF syslog = Syslog.getInstance(syslogType);// 协议
SyslogConfigIF clientConfig = syslog.getConfig();//获取配置项
clientConfig.setHost(server_host);// 接收服务器
clientConfig.setPort(server_port);// 端口
clientConfig.setMaxMessageLength(max_msgsize*SyslogConstants.SYSLOG_BUFFER_SIZE);//根据包内设置,传入大小限制
try {
syslog.log(SyslogConstants.LEVEL_INFO, URLDecoder.decode(data, String.valueOf(StandardCharsets.UTF_8)));
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
return false;
}
return true;
}
}
2-1、server 端
SyslogServerEventHandler.java
package cn.dbsec.syslogga.util.receive;
import lombok.extern.slf4j.Slf4j;
import org.graylog2.syslog4j.server.SyslogServerEventIF;
import org.graylog2.syslog4j.server.SyslogServerIF;
import org.graylog2.syslog4j.server.SyslogServerSessionEventHandlerIF;
import org.graylog2.syslog4j.util.SyslogUtility;
import java.io.UnsupportedEncodingException;
import java.net.SocketAddress;
import java.nio.charset.StandardCharsets;
import java.util.Date;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
@Slf4j(topic = "syslogOut")
public class SyslogServerEventHandler implements SyslogServerSessionEventHandlerIF {//extends PrintStreamSyslogServerEventHandler {
private String syslog;
//重写event方法
@Override
public void event(Object session, SyslogServerIF syslogServer, SocketAddress socketAddress, SyslogServerEventIF event) {
//判断传输时间是否存在,不存在将现在的时间设置为传输时间
String date = (event.getDate() == null ? new Date() : event.getDate()).toString();
//将解析日志的生成端,<<3是要该数左移动三位计算
String facility = SyslogUtility.getFacilityString(event.getFacility() << 3);
//讲解析日志的级别,级别越大越低
String level = SyslogUtility.getLevelString(event.getLevel());
//获取当前的源设备IP
String sourceIP = getIPAddress(socketAddress.toString());
//获取到信息主体
String msg = event.getMessage();
//放入信息
// setSyslog("{" + facility + "} " + date + " " + level + " " + msg + " " + sourceIP);
try {
msg = new String(event.getMessage().getBytes(), StandardCharsets.UTF_8);
log.info("msg_end======="+msg);
} catch (Exception e) {
e.printStackTrace();
}
}
public String getSyslog() throws UnsupportedEncodingException {
return new String(syslog.getBytes(), "UTF-8");
}
public void setSyslog(String syslog) {
this.syslog = syslog;
}
//获取到该字符串里的ip地址
private String getIPAddress(String bString) {
String regEx = "((2[0-4]\\d|25[0-5]|[01]?\\d\\d?)\\.){3}(2[0-4]\\d|25[0-5]|[01]?\\d\\d?)";
Pattern p = Pattern.compile(regEx);
Matcher m = p.matcher(bString);
String result = "";
while (m.find()) {
result = m.group();
break;
}
return result;
}
@Override
public void initialize(SyslogServerIF syslogServer) {
}
@Override
public void destroy(SyslogServerIF syslogServer) {
}
@Override
public Object sessionOpened(SyslogServerIF syslogServer, SocketAddress socketAddress) {
return null;
}
@Override
public void exception(Object session, SyslogServerIF syslogServer, SocketAddress socketAddress, Exception exception) {
}
@Override
public void sessionClosed(Object session, SyslogServerIF syslogServer, SocketAddress socketAddress, boolean timeout) {
}
}
UDPSyslogServerFinal.java
package cn.dbsec.syslogga.util.receive;
import org.graylog2.syslog4j.SyslogConstants;
import org.graylog2.syslog4j.server.SyslogServer;
import org.graylog2.syslog4j.server.SyslogServerEventHandlerIF;
import org.graylog2.syslog4j.server.SyslogServerIF;
import org.graylog2.syslog4j.server.impl.net.udp.UDPNetSyslogServerConfig;
public class UDPSyslogServerFinal implements Runnable {
private static UDPSyslogServerFinal UDPSyslogServerFinal = null;
//syslog服务器配置文件用于服务器关闭
private SyslogServerIF serverIf = null;
public SyslogServerIF getServerIF() {
return serverIf;
}
private void setServerIF(SyslogServerIF serverIF) {
this.serverIf = serverIF;
}
private UDPSyslogServerFinal() {
}
//用单例模式去书写
public static synchronized UDPSyslogServerFinal getUDPSyslogServer() {
if (UDPSyslogServerFinal == null) {
UDPSyslogServerFinal = new UDPSyslogServerFinal();
}
return UDPSyslogServerFinal;
}
@Override
public void run() {
//实例化接收处理方法
SyslogServerEventHandlerIF eventHandler = new SyslogServerEventHandler();
//传入UDP协议参数实例化具体服务器 就是这个位置不同,如果你闲麻烦可以用自己优化一下算法然后将两个合为一个
final SyslogServerIF serverIF = SyslogServer.getInstance(SyslogConstants.UDP);
//[这里注意一下,必须要强转一下,不然无法设置接收长度 setMaxMessageSize]从服务器里获取配置信息变量
final UDPNetSyslogServerConfig config = (UDPNetSyslogServerConfig) serverIF.getConfig();
//设置监听地址0.0.0.0为监听网络内全部地址
config.setHost("0.0.0.0");
//设置监听地址为514,514为syslog默认地址
config.setPort(514);
//接收大小限制【设置缓冲区大小为64k 以防消息被截断】
config.setMaxMessageSize(SyslogConstants.SYSLOG_BUFFER_SIZE*64);
//放入接收方法
config.addEventHandler(eventHandler);
//初始化服务器
serverIF.initialize("udp", config);
System.out.println("server start udp");
//设置服务器变量,用来外部调用关闭
setServerIF(serverIF);
//服务器启动
serverIF.run();
}
}
2、服务端监听启动
UDPSyslogServerFinal udpSyslogServerFinalTest = UDPSyslogServerFinal.getUDPSyslogServer();
Thread s = new Thread(udpSyslogServerFinalTest);
s.start();