johlym/syslog_relay.rb

## syslog_relay.rb
#!/usr/bin/env ruby

require 'socket'

LISTEN_PORT = 55514
DESTINATION_HOST = "logsN.papertrailapp.com"
DESTINATION_PORT = XXXXX

class SyslogRelay
  PARSER = /^(<\d+>\S+\s+\S+\s+\S+) (\S+) ([^:]+): (.*)$/
  UAP_PARSER = /^\(\"(\S+)\,(\S+),(\S+)\"\)$/
  def initialize(listen_port, destination_host, destination_port, include_version_details = true)
    @server = UDPSocket.new
    @server.bind("0.0.0.0", listen_port)

    @client = UDPSocket.new
    @destination_host = destination_host
    @destination_port = destination_port
    @include_version_details = include_version_details
  end

  def start
    if @running
      return
    end

    @running = true
    run
  end

  def join
    if @thread
      @thread.join
    end
  end

  # <30>Apr  6 18:09:55 ("U7PG2,44d9exxxxxx,v3.4.16.3435") hostapd: ath0: STA 18:b4:30:xx:xx:xx IEEE 802.11: associated

  def run
    @thread = Thread.new do
      while @running
        begin
          data, from = @server.recvfrom(65535)
          if data && data.length > 0
            if matched = data.match(PARSER)
              _, prefix, source, program, message = *matched
              if source.start_with?("(")
                smatch = source.match(UAP_PARSER)
                _, devtype, mac, version = *smatch
                message = "#{source} #{message}"
                source = mac
              end
              rewritten = "#{prefix} #{source} #{program}: #{message}"
                puts rewritten
              @client.send(rewritten, 0, @destination_host, @destination_port)
            end
          end
        rescue => ex
          puts "Error: #{ex.class}: #{ex.message}"
        end
      end
    end
  end
end


relay = SyslogRelay.new(LISTEN_PORT, DESTINATION_HOST, DESTINATION_PORT)
relay.start
relay.join
	#!/usr/bin/env ruby

	require 'socket'

	LISTEN_PORT = 55514
	DESTINATION_HOST = "logsN.papertrailapp.com"
	DESTINATION_PORT = XXXXX

	class SyslogRelay
	PARSER = /^(<\d+>\S+\s+\S+\s+\S+) (\S+) ([^:]+): (.*)$/
	UAP_PARSER = /^\(\"(\S+)\,(\S+),(\S+)\"\)$/
	def initialize(listen_port, destination_host, destination_port, include_version_details = true)
	@server = UDPSocket.new
	@server.bind("0.0.0.0", listen_port)

	@client = UDPSocket.new
	@destination_host = destination_host
	@destination_port = destination_port
	@include_version_details = include_version_details
	end

	def start
	if @running
	return
	end

	@running = true
	run
	end

	def join
	if @thread
	@thread.join
	end
	end

	# <30>Apr 6 18:09:55 ("U7PG2,44d9exxxxxx,v3.4.16.3435") hostapd: ath0: STA 18:b4:30:xx:xx:xx IEEE 802.11: associated

	def run
	@thread = Thread.new do
	while @running
	begin
	data, from = @server.recvfrom(65535)
	if data && data.length > 0
	if matched = data.match(PARSER)
	_, prefix, source, program, message = *matched
	if source.start_with?("(")
	smatch = source.match(UAP_PARSER)
	_, devtype, mac, version = *smatch
	message = "#{source} #{message}"
	source = mac
	end
	rewritten = "#{prefix} #{source} #{program}: #{message}"
	puts rewritten
	@client.send(rewritten, 0, @destination_host, @destination_port)
	end
	end
	rescue => ex
	puts "Error: #{ex.class}: #{ex.message}"
	end
	end
	end
	end
	end


	relay = SyslogRelay.new(LISTEN_PORT, DESTINATION_HOST, DESTINATION_PORT)
	relay.start
	relay.join