1、导包:
<dependency>
<groupId>org.graylog2</groupId>
<artifactId>syslog4j</artifactId>
<version>0.9.60</version>
</dependency>
2、重写接收处理器:
import org.graylog2.syslog4j.server.SyslogServerEventIF;
import org.graylog2.syslog4j.server.SyslogServerIF;
import org.graylog2.syslog4j.server.SyslogServerSessionEventHandlerIF;
import org.graylog2.syslog4j.util.SyslogUtility;
import java.io.UnsupportedEncodingException;
import java.net.SocketAddress;
import java.nio.charset.StandardCharsets;
import java.util.Date;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
public class SyslogServerEventHandlerTest implements SyslogServerSessionEventHandlerIF {//extends PrintStreamSyslogServerEventHandler {
private String syslog;
//重写event方法
public void event(Object session, SyslogServerIF syslogServer, SocketAddress socketAddress, SyslogServerEventIF event) {
//判断传输时间是否存在,不存在将现在的时间设置为传输时间
String date = (event.getDate() == null ? new Date() : event.getDate()).toString();
//将解析日志的生成端,<<3是要该数左移动三位计算
String facility = SyslogUtility.getFacilityString(event.getFacility() << 3);
//讲解析日志的级别,级别越大越低
String level = SyslogUtility.getLevelString(event.getLevel());
//获取当前的源设备IP
String sourceIP = getIPAddress(socketAddress.toString());
//获取到信息主体
String msg = event.getMessage();
//放入信息
setSyslog("{" + facility + "} " + date + " " + level + " " + msg + " " + sourceIP);
try {
msg = new String(event.getMessage().getBytes(), StandardCharsets.UTF_8);
//打印信息
// System.out.println(getSyslog());
System.out.println(msg);
} catch (Exception e) {
System.err.println("UnsupportedEncodingException");
}
}
public String getSyslog() throws UnsupportedEncodingException {
return new String(syslog.getBytes(), "UTF-8");
}
public void setSyslog(String syslog) {
this.syslog = syslog;
}
//获取到该字符串里的ip地址
private String getIPAddress(String bString) {
String regEx = "((2[0-4]\\d|25[0-5]|[01]?\\d\\d?)\\.){3}(2[0-4]\\d|25[0-5]|[01]?\\d\\d?)";
Pattern p = Pattern.compile(regEx);
Matcher m = p.matcher(bString);
String result = "";
while (m.find()) {
result = m.group();
break;
}
return result;
}
@Override
public void initialize(SyslogServerIF syslogServer) {
}
@Override
public void destroy(SyslogServerIF syslogServer) {
}
@Override
public Object sessionOpened(SyslogServerIF syslogServer, SocketAddress socketAddress) {
return null;
}
@Override
public void exception(Object session, SyslogServerIF syslogServer, SocketAddress socketAddress, Exception exception) {
}
@Override
public void sessionClosed(Object session, SyslogServerIF syslogServer, SocketAddress socketAddress, boolean timeout) {
}
}
3、多线程调用接收处理器:
import org.graylog2.syslog4j.server.SyslogServer;
import org.graylog2.syslog4j.server.SyslogServerConfigIF;
import org.graylog2.syslog4j.server.SyslogServerEventHandlerIF;
import org.graylog2.syslog4j.server.SyslogServerIF;
public class UDPSyslogServerFinalTest implements Runnable {
private static UDPSyslogServerFinalTest UDPSyslogServerFinal = null;
//syslog服务器配置文件用于服务器关闭
private SyslogServerIF serverIf = null;
public SyslogServerIF getServerIF() {
return serverIf;
}
private void setServerIF(SyslogServerIF serverIF) {
this.serverIf = serverIF;
}
private UDPSyslogServerFinalTest() {
}
//用单例模式去书写
public static synchronized UDPSyslogServerFinalTest getUDPSyslogServer() {
if (UDPSyslogServerFinal == null) {
UDPSyslogServerFinal = new UDPSyslogServerFinalTest();
}
return UDPSyslogServerFinal;
}
@Override
public void run() {
//实例化接收处理方法
SyslogServerEventHandlerIF eventHandler = new SyslogServerEventHandlerTest();
//传入UDP协议参数实例化具体服务器 就是这个位置不同,如果你闲麻烦可以用自己优化一下算法然后将两个合为一个
SyslogServerIF serverIF = SyslogServer.getInstance("udp");
//从服务器里获取配置信息变量
SyslogServerConfigIF config = serverIF.getConfig();
//设置监听地址0.0.0.0为监听网络内全部地址
config.setHost("0.0.0.0");
//设置监听地址为514,514为syslog默认地址
config.setPort(514);
//放入接收方法
config.addEventHandler(eventHandler);
//初始化服务器
serverIF.initialize("udp", config);
System.out.println("server start udp");
//设置服务器变量,用来外部调用关闭
setServerIF(serverIF);
//服务器启动
serverIF.run();
}
}
4、开启监听:
UDPSyslogServerFinalTest udpSyslogServerFinalTest = UDPSyslogServerFinalTest.getUDPSyslogServer();
Thread s = new Thread(udpSyslogServerFinalTest);
s.start();
5、模拟发送syslog数据
@SneakyThrows
@Test
public void syslogClientSend() {
SyslogIF syslog = Syslog.getInstance("udp");
syslog.getConfig().setSendLocalName(false);//根据方法名就可看出是发送名称
// syslog.getConfig().setSendLocalTimestamp(false);//发送时间
syslog.getConfig().setHost("192.168.0.104");
syslog.getConfig().setPort(514);
StringBuffer eventCvs = new StringBuffer();
String str = "666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666";
TimeInterval timer = DateUtil.timer();
for (int m = 0; m < 100000; m++) {
syslog.log(SyslogConstants.LEVEL_DEBUG, URLDecoder.decode(str, String.valueOf(StandardCharsets.UTF_8)));
eventCvs.delete(0,eventCvs.length());
}
Thread.sleep(3000);
System.out.println("cast time:" +timer.interval());
}