Fast RFC5424 syslog message parser written in Go

go get github.com/tonimelisma/rfc5424

func ExampleParseMultiple() {
	testMessageBuffer := []byte(`83 <40>1 2012-11-30T06:45:29+00:00 host app web.3 - State changed from starting to up
119 <40>1 2012-11-30T06:45:26+00:00 host app web.3 - Starting process with command 'bundle exec rackup config.ru -p 24405'
`)
	testMessageReader := bytes.NewReader(testMessageBuffer)

	messageArray, err := rfc5424.ParseMultiple(testMessageReader)
	if err != nil {
		fmt.Println("error parsing syslog messages:", err.Error())
	}

	for _, message := range messageArray {
		fmt.Printf("%v [%v.%v] %v %v %v: %v\n", message.Timestamp, message.Facility, message.Severity, message.Hostname, message.AppName, message.ProcID, message.Message)
	}
	// Output:
	// 2012-11-30T06:45:29+00:00 [syslog.emerg] host app web.3: State changed from starting to up
	// 2012-11-30T06:45:26+00:00 [syslog.emerg] host app web.3: Starting process with command 'bundle exec rackup config.ru -p 24405'
}

For a practical example that parses syslog messages from HTTPS POST bodies as a log drain for Heroku, see https://github.com/tonimelisma/golang-heroku-log-drain

RFC5424 defines a way to transmit structured data messages in addition to the more typical free-form text log messages. This library does not parse this structured data. It is provided as-is in the Message field of the struct, just like regular unstructured log messages. I've never actually seen any system use the structured data, and most implementations break RFC5424 by transmitting unstructured data instead of structured in the seventh field, and thus parsing it as structured would break compatibility with most systems.

I consider this library feature-complete for my use cases and don't foresee much activity in the repository. However, this software is still actively maintained. Any issues or PRs will be dealt with in a reasonable amount of time.