fluent-plugin-parser-cloudfoundry-syslog 0.1.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 7ff07c83db3eb09a0d7558f467c23d61456138319964217939151c66356594b0
+  data.tar.gz: 94ee8161810875c519bc36dbbe67664cf56684e81dbf103e21a97e18f09a1739
+SHA512:
+  metadata.gz: 5eeee36d0cf7bd24922d0633fee62d1aa185639031db03834dc73b33465a52c65ed4f306d013733fe05112572cbc7c112ea312c11da65e4accb148cd616720f5
+  data.tar.gz: 754d39b3d2e360877ac58aa713d7978868a80aa6832f2fa557fc29f9a297b5dea6bd501bb1954dea44887f932527f6f6c142281e2be0353d3f46da1383b1b207

data/.devcontainer/Dockerfile

@@ -0,0 +1,10 @@
+FROM ruby:3.0.3-bullseye
+
+RUN useradd -ms /bin/bash vscode \
+    && usermod -aG sudo vscode
+
+RUN echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
+
+USER vscode
+RUN gem install solargraph
+RUN gem install rufo

data/.devcontainer/devcontainer.json

@@ -0,0 +1,13 @@
+{
+	"name": "Fluent Plugin Parser CloudFoundry",
+	"build": {
+		"dockerfile": "Dockerfile",
+	},
+	"extensions": [
+		"rebornix.Ruby",
+		"castwide.solargraph",
+		"jnbt.vscode-rufo"
+	],
+	"remoteUser": "vscode",
+	"postCreateCommand": "bash -i .devcontainer/post-create.sh",
+}

data/.devcontainer/post-create.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+
+set -e
+
+gem install bundler
+bundle install

data/.github/workflows/build-and-test.yml

@@ -0,0 +1,26 @@
+name: Build and Test
+on:
+  - push
+  - pull_request
+jobs:
+  build:
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby: [ '2.6', '2.7', '3.0' ]
+        os:
+          - ubuntu-latest
+    name: Ruby ${{ matrix.ruby }} unit testing on ${{ matrix.os }}
+    steps:
+    - uses: actions/checkout@v2
+    - uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.ruby }}
+    - name: unit testing
+      env:
+        CI: true
+      run: |
+        gem install bundler rake
+        bundle install --jobs 4 --retry 3
+        bundle exec rake test

data/.github/workflows/publish.yml

@@ -0,0 +1,23 @@
+name: Publish Gem
+
+on:
+  release:
+    types:
+      - created
+
+jobs:
+  publish:
+    if: github.repository_owner == 'bitpatty'
+    runs-on: ubuntu-latest
+    environment: package-registries
+    permissions:
+      contents: read
+      packages: write
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v2
+    - name: Publish gem
+      uses: dawidd6/action-publish-gem@v1
+      with:
+        api_key: ${{ secrets.RUBYGEMS_API_KEY }}
+        github_token: ${{ secrets.GITHUB_TOKEN }}

data/.gitignore

@@ -0,0 +1 @@
+*.lock

data/.vscode/settings.json

@@ -0,0 +1,41 @@
+{
+  "files.autoSave": "off",
+  "breadcrumbs.symbolSortOrder": "type",
+  "editor.codeLens": true,
+  "editor.detectIndentation": true,
+  "editor.formatOnSave": true,
+  "editor.minimap.maxColumn": 150,
+  "editor.tabSize": 2,
+  "explorer.confirmDragAndDrop": false,
+  "files.associations": {
+    "*.erb": "html",
+    "*.html.erb": "html"
+  },
+  "git.confirmSync": false,
+  "git.enableSmartCommit": true,
+  "html.format.wrapLineLength": 150,
+  "javascript.updateImportsOnFileMove.enabled": "always",
+  "search.exclude": {
+    "**/*.eot": true,
+    "**/*.png": true,
+    "**/*.svg": true,
+    "**/*.ttf": true,
+    "**/*.woff": true,
+    "**/*.woff2": true,
+    "**/.git": true,
+    "**/bower_components": true,
+    "**/dist/": true,
+    "**/node_modules": true,
+    "**/tmp": true
+  },
+  "todohighlight.keywords": [
+    "@TODO"
+  ],
+  "typescript.preferences.importModuleSpecifier": "relative",
+  "typescript.referencesCodeLens.enabled": true,
+  "typescript.referencesCodeLens.showOnAllFunctions": true,
+  "typescript.reportStyleChecksAsWarnings": true,
+  "typescript.updateImportsOnFileMove.enabled": "always",
+  "workbench.editor.enablePreview": false,
+  "workbench.editor.enablePreviewFromQuickOpen": false
+}

data/Gemfile

@@ -0,0 +1,3 @@
+source "https://rubygems.org"
+
+gemspec

data/LICENSE

@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright 2011-2018 Fluentd Authors
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

data/README.md

@@ -0,0 +1,123 @@
+# fluent-plugin-parser-cloudfoundry-syslog
+
+A experimental, work-in-progress [fluentd](https://www.fluentd.org/) parser for CloudFoundry specific syslog drains - basically the opposite end of their [output formatter](https://github.com/cloudfoundry/fluent-plugin-syslog_rfc5424).
+
+This plugin should make CF metrics more accessible than the current [syslog parser for fluent](https://docs.fluentd.org/parser/syslog) allows for.
+
+
+## Sample
+
+An access log in the format
+
+```
+<14>1 2021-12-24T22:20:01.438069+00:00 some-hostname some-appname [RTR/0] - [tags@47450 __v1_type="LogMessage" app_id="some-app-id" app_name="some-appname" component="route-emitter" deployment="eu-gb-prod" index="some-index" instance_id="0" ip="some-ip" job="router" organization_id="some-org-id" organization_name="some-org-name" origin="gorouter" process_id="some-process-id" process_instance_id="some-process-instance-id" process_type="web" source_type="RTR" space_id="some-space-id" space_name="dev"] example.com - [2021-12-24T22:20:01.429164095Z] "GET /styles.css HTTP/1.1" 304 0 0 "https://example.com/" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:95.0) Gecko/20100101 Firefox/95.0" "some-remote-host" "some-backend-host" x_forwarded_for:"a, b" x_forwarded_proto:"https" vcap_request_id:"some-request-id" response_time:0.008452 gorouter_time:0.000625 app_id:"some-app-id" app_index:"0" instance_id:"some-instance-id" x_cf_routererror:"-" x_global_transaction_id:"some-global-transaction-id" true_client_ip:"-" x_b3_traceid:"some-trace-id" x_b3_spanid:"some-span-id" x_b3_parentspanid:"-" b3:"some-b3"
+```
+
+.. is turned into ..
+
+```ruby
+{
+  "header" => {
+    "pri" => {
+      "facility" => 1,
+      "severity" => "info",
+    },
+    "version" => 1,
+    "timestamp" => "2021-12-24T22:20:01.438069+00:00",
+    "hostname" => "some-hostname",
+    "app_name" => "some-appname",
+    "proc_id" => "[RTR/0]",
+    "msg_id" => "-",
+  },
+  "sd" => {
+    "tags@47450" => {
+      "__v1_type" => "LogMessage",
+      "app_id" => "some-app-id",
+      "app_name" => "some-appname",
+      "component" => "route-emitter",
+      "deployment" => "eu-gb-prod",
+      "index" => "some-index",
+      "instance_id" => "0",
+      "ip" => "some-ip",
+      "job" => "router",
+      "organization_id" => "some-org-id",
+      "organization_name" => "some-org-name",
+      "origin" => "gorouter",
+      "process_id" => "some-process-id",
+      "process_instance_id" => "some-process-instance-id",
+      "process_type" => "web",
+      "source_type" => "RTR",
+      "space_id" => "some-space-id",
+      "space_name" => "dev",
+    },
+  },
+  "gorouter" => {
+    "host" => "example.com",
+    "timestamp" => "2021-12-24T22:20:01.429164095Z",
+    "method" => "GET",
+    "pathname" => "/styles.css",
+    "protocol" => "HTTP/1.1",
+    "status" => "304",
+    "bytes_received" => "0",
+    "bytes_sent" => "0",
+    "referer" => "https://example.com/",
+    "user_agent" => "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:95.0) Gecko/20100101 Firefox/95.0",
+    "remote_address" => "some-remote-host",
+    "backend_address" => "some-backend-host",
+    "x_forwarded_for" => "a, b",
+    "x_forwarded_proto" => "https",
+    "vcap_request_id" => "some-request-id",
+    "response_time" => 0.008452,
+    "gorouter_time" => 0.000625,
+    "app_id" => "some-app-id",
+    "app_index" => "0",
+    "instance_id" => "some-instance-id",
+    "x_cf_routererror" => "-",
+    "x_global_transaction_id" => "some-global-transaction-id",
+    "true_client_ip" => "-",
+    "x_b3_traceid" => "some-trace-id",
+    "x_b3_spanid" => "some-span-id",
+    "x_b3_parentspanid" => "-",
+    "b3" => "some-b3",
+  },
+  "message" => 'example.com - [2021-12-24T22:20:01.429164095Z] "GET /styles.css HTTP/1.1" 304 0 0 "https://example.com/" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:95.0) Gecko/20100101 Firefox/95.0" "some-remote-host" "some-backend-host" x_forwarded_for:"a, b" x_forwarded_proto:"https" vcap_request_id:"some-request-id" response_time:0.008452 gorouter_time:0.000625 app_id:"some-app-id" app_index:"0" instance_id:"some-instance-id" x_cf_routererror:"-" x_global_transaction_id:"some-global-transaction-id" true_client_ip:"-" x_b3_traceid:"some-trace-id" x_b3_spanid:"some-span-id" x_b3_parentspanid:"-" b3:"some-b3"',
+}
+```
+
+## Usage
+
+Create a logdrain and update your fluent configuration:
+
+```conf
+<source>
+  @type http
+
+  # HTTP Ports are provided by the CF environment
+  port "#{ENV['PORT']}"
+  bind 0.0.0.0
+
+  body_size_limit 32m
+  keepalive_timeout 10s
+
+  <parse>
+    @type cloudfoundry_syslog
+
+    # Set this to true if access log messages should be parsed.
+    # Defaults to false
+    parse_gorouter_access_log true
+
+    # Set this to true if you want the raw message to be available
+    # under the key `raw`. Defaults to false
+    include_raw_message true
+  </parse>
+</source>
+```
+
+## Limitations
+
+- Values in `STRUCTURED-DATA`, such as app names, may not contain quotes since they're not being escaped on CloudFoundry's side. See https://github.com/cloudfoundry/loggregator-agent-release/issues/69
+
+## Credit
+
+- [fluent-plugin-elasticsearch](https://github.com/uken/fluent-plugin-elasticsearch) used as reference for boilerplating the codebase and GH workflows
+- [fluentd/parser_syslog](https://github.com/fluent/fluentd/blob/master/lib/fluent/plugin/parser_syslog.rb) used as reference on the current builtin syslog parser

data/Rakefile

@@ -0,0 +1,13 @@
+require "bundler"
+Bundler::GemHelper.install_tasks
+
+require "rake/testtask"
+
+Rake::TestTask.new(:test) do |t|
+  t.libs.push("lib", "test")
+  t.test_files = FileList["test/**/test_*.rb"]
+  t.verbose = true
+  t.warning = true
+end
+
+task default: [:test]

data/fluent-plugin-parser-cloudfoundry-syslog.gemspec

@@ -0,0 +1,28 @@
+lib = File.expand_path("../lib", __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+
+Gem::Specification.new do |spec|
+  spec.name = "fluent-plugin-parser-cloudfoundry-syslog"
+  spec.version = "0.1.1"
+  spec.authors = ["Matteias Collet"]
+  spec.email = ["matteias.collet@bluewin.ch"]
+
+  spec.summary = %q{CloudFoundry log parser for Fluentd}
+  spec.description = spec.summary
+  spec.homepage = "https://github.com/bitpatty/fluent-plugin-parser-cloudfoundry-syslog"
+  spec.license = "Apache-2.0"
+
+  test_files, files = `git ls-files -z`.split("\x0").partition do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
+
+  spec.files = files
+  spec.executables = files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files = test_files
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 2.1"
+  spec.add_development_dependency "rake", "~> 13.0"
+  spec.add_development_dependency "test-unit", "~> 3.3"
+  spec.add_runtime_dependency "fluentd", ">= 1"
+end

data/lib/fluent/plugin/parser_cloudfoundry_syslog.rb

@@ -0,0 +1,236 @@
+require "fluent/plugin/parser"
+require "fluent/time"
+
+module Fluent
+  module Plugin
+    class CloudFoundrySyslogParser < Parser
+      Plugin.register_parser("cloudfoundry_syslog", self)
+
+      # https://www.iana.org/assignments/enterprise-numbers/enterprise-numbers
+      CF_IANA_ENTERPRISE_ID = 47450.freeze
+
+      # Syslog Constants https://datatracker.ietf.org/doc/html/rfc5424#section-6
+      SYSLOG_HEADER_SPLIT_CHAR = " ".freeze     # See SP
+      SYSLOG_NILVALUE = "-".freeze              # See NILVALUE
+      SYSLOG_PRI_DELIMITER_START = "<".freeze   # See PRI
+      SYSLOG_PRI_DELIMITER_END = ">".freeze     # See PRI
+      SYSLOG_SD_DELIMITER_START = "[".freeze    # See STRUCTURED-DATA
+      SYSLOG_SD_DELIMITER_END = "]".freeze      # See STRUCTURED-DATA
+
+      # https://datatracker.ietf.org/doc/html/rfc5424#section-6.2
+      # PRI is parsed separately (https://datatracker.ietf.org/doc/html/rfc5424#section-6.2.1)
+      SYSLOG_HEADER_FIELDS = [
+        "version",    # https://datatracker.ietf.org/doc/html/rfc5424#section-6.2.2
+        "timestamp",  # https://datatracker.ietf.org/doc/html/rfc5424#section-6.2.3
+        "hostname",   # https://datatracker.ietf.org/doc/html/rfc5424#section-6.2.4
+        "app_name",   # https://datatracker.ietf.org/doc/html/rfc5424#section-6.2.5
+        "proc_id",    # https://datatracker.ietf.org/doc/html/rfc5424#section-6.2.6
+        "msg_id",     # https://datatracker.ietf.org/doc/html/rfc5424#section-6.2.7
+      ]
+
+      # https://datatracker.ietf.org/doc/html/rfc5424#appendix-A.3
+      # https://resources.docs.pivotal.io/pdfs/tiledev-guide-2.1.pdf
+      SYSLOG_SEVERITY_CODES = [
+        "emergency",
+        "alert",
+        "critical",
+        "error",
+        "warning",
+        "notice",
+        "info",
+        "debug",
+      ]
+
+      # Regexes to extract information from STRUCTURED-DATA
+      # Matches a whole STRUCTURED-DATA block including the delimiters '[', ']'
+      SYSLOG_STRUCTURED_DATA_MATCH_REGEX = Regexp.new(/^(\[(?:[a-zA-Z_-]+(?:\@[0-9]+)?)*(?:[a-zA-Z0-9_-]+="(?:[^\\\]\"]|\\"|\\\]|\\\\|\\[^"\]\\])*"| )*\])/)
+      # Matches the SD-ID if applied to the SYSLOG_STRUCTURED_DATA_MATCH_REGEX match
+      SYSLOG_SD_ID_MATCH_REGEX = Regexp.new(/^\[([a-zA-Z0-9_-]+(?:\@[0-9]+)?)/)
+      # Matches an SD-PARAM (SD-NAME=SD-VALUE)
+      SYSLOG_SD_PARAM_MATCH_REGEX = Regexp.new(/([a-zA-Z0-9_-]+="(?:[^\\\]\"]|\\"|\\\]|\\\\|\\[^"\]\\])*")/)
+
+      # Regex to extract information from Gorouter access logs
+      # https://github.com/cloudfoundry/gorouter#access-logs
+      # <Request Host> - [<Start Date>] "<Request Method> <Request URL> <Request Protocol>" <Status Code> <Bytes Received> <Bytes Sent> "<Referer>" "<User-Agent>" <Remote Address> <Backend Address> x_forwarded_for:"<X-Forwarded-For>" x_forwarded_proto:"<X-Forwarded-Proto>" vcap_request_id:<X-Vcap-Request-ID> response_time:<Response Time> gorouter_time:<Gorouter Time> app_id:<Application ID> app_index:<Application Index> x_cf_routererror:<X-Cf-RouterError> <Extra Headers>
+      GOROUTER_MESSAGE_STATIC_REGEX = Regexp.new(/^(?<host>[^ ]+) - \[(?<timestamp>[^\]]+)\] "(?<method>[^ ]+) (?<pathname>[^ ]+) (?<protocol>[^"]+)" (?<status>[^ ]+) (?<bytes_received>[^ ]+) (?<bytes_sent>[^ ]+) "(?<referer>[^"]+)" "(?<user_agent>[^"]+)" "(?<remote_address>[^"]+)" "(?<backend_address>[^"]+)"/)
+      GOROUTER_MESSAGE_EXTRADATA_REGEX = Regexp.new(/(?<param>[a-zA-Z0-9_-]+):(?<value>(?:[0-9\.]+|"[^"]+"|-))(?: |\n|\\|$)/)
+
+      config_param :parse_gorouter_access_log, :bool, default: false
+      config_param :include_raw_message, :bool, default: false
+
+      @time_parser
+
+      def initialize
+        super
+      end
+
+      def configure(conf)
+        super
+        @time_parser = time_parser_create(format: "%Y-%m-%dT%H:%M:%S.%L%z")
+      end
+
+      def parse(text)
+        if text.nil? or not text.start_with?(SYSLOG_PRI_DELIMITER_START)
+          yield nil
+          return
+        end
+
+        cursor = 0
+        record = {}
+
+        if @include_raw_message
+          record["raw"] = text
+        end
+
+        # RFC 5424 currently only defines version 1
+        # https://datatracker.ietf.org/doc/html/rfc5424#section-6.2.2
+        record["header"], cursor = parse_header(text)
+        if cursor.nil? or record.dig("header", "version") != "1"
+          yield nil
+          return
+        end
+
+        # Convert to integer for convenience
+        record["header"]["version"] = 1
+
+        # https://datatracker.ietf.org/doc/html/rfc5424#section-6.2.3
+        time = @time_parser.parse(record["header"]["timestamp"]) rescue nil
+
+        if time.nil?
+          yield nil
+          return
+        end
+
+        # Parse STRUCTURED_DATA
+        record["sd"], cursor = parse_structured_data(text, cursor)
+        if (cursor.nil?)
+          yield nil
+          return
+        end
+
+        # Parse MESSAGE
+        msg = text.slice(cursor, text.length - cursor)
+
+        if msg.nil?
+          record["message"] = nil
+        else
+          record["message"] = msg.strip
+
+          if @parse_gorouter_access_log and
+             record.dig("sd", "tags@#{CF_IANA_ENTERPRISE_ID}", "origin") == "gorouter"
+            record["gorouter"] = parse_gorouter_access_logs(record["message"])
+          end
+        end
+
+        yield time, record
+      end
+
+      def parse_integer(str)
+        return Integer(str || "")
+      rescue ArgumentError
+        return
+      end
+
+      def parse_header_block(text, startIdx)
+        i = text.index(SYSLOG_HEADER_SPLIT_CHAR, startIdx)
+        if i.nil? or i - startIdx < 1 then return end
+        return text.slice(startIdx, i - startIdx), i + 1
+      end
+
+      # https://datatracker.ietf.org/doc/html/rfc5424#section-6.2.1
+      def parse_pri(text)
+        unless text.start_with?(SYSLOG_PRI_DELIMITER_START) then return end
+        endIdx = text.index(SYSLOG_PRI_DELIMITER_END, 1)
+        if endIdx.nil? or endIdx < 2 then return end
+        v_pri = parse_integer(text.slice(1, endIdx - 1))
+        if v_pri.nil? or v_pri < 0 then return end
+        return v_pri >> 3, SYSLOG_SEVERITY_CODES[v_pri & 0b111], endIdx
+      end
+
+      # https://datatracker.ietf.org/doc/html/rfc5424#section-6.2
+      def parse_header(text)
+        facility, severity, c = parse_pri(text)
+        if (c.nil?) then return end
+        c = c + 1
+
+        r = {
+          "pri" => {
+            "facility" => facility,
+            "severity" => severity,
+          },
+        }
+
+        SYSLOG_HEADER_FIELDS.each { |field|
+          block, endIdx = parse_header_block(text, c)
+          if block.nil? then return end
+          r[field] = block
+          c = endIdx
+        }
+
+        return r, c
+      end
+
+      # https://datatracker.ietf.org/doc/html/rfc5424#section-6.3.1
+      def parse_sd_element(sd_element)
+        sd_params = {}
+
+        # https://datatracker.ietf.org/doc/html/rfc5424#section-6.3.2
+        sd_id = sd_element[SYSLOG_SD_ID_MATCH_REGEX]
+        if sd_id.nil? then return end
+        sd_id = sd_id[1..-1]
+
+        # https://datatracker.ietf.org/doc/html/rfc5424#section-6.3.3
+        sd_element.scan(SYSLOG_SD_PARAM_MATCH_REGEX).each { |match|
+          arr = match[0].strip.split("=", 2)
+          sd_params[arr[0]] = arr[1][1..-2]
+        }
+
+        return sd_id, sd_params
+      end
+
+      # https://datatracker.ietf.org/doc/html/rfc5424#section-6.3
+      def parse_structured_data(text, startIdx)
+        if text[startIdx] == SYSLOG_NILVALUE then return {}, startIdx + 1 end
+        unless text[startIdx] == SYSLOG_SD_DELIMITER_START then return end
+
+        sd = text[startIdx..-1][SYSLOG_STRUCTURED_DATA_MATCH_REGEX]
+        if sd.nil? then return end
+
+        r = {}
+        len = 0
+        loop do
+          len += sd.length
+          sd_id, sd_params = parse_sd_element(sd)
+          if sd_id.nil? then return end
+          r[sd_id] = sd_params
+          sd = text[startIdx + len..-1][SYSLOG_STRUCTURED_DATA_MATCH_REGEX]
+          break if sd.nil?
+        end
+
+        return r, startIdx + len
+      end
+
+      # https://github.com/cloudfoundry/gorouter#access-logs
+      def parse_gorouter_access_logs(msg)
+        r = msg.match(GOROUTER_MESSAGE_STATIC_REGEX)
+        if r.nil? then return end
+        extra_headers = msg[r.to_s.length..-1]
+        r = r.named_captures
+        if extra_headers.nil? then return r end
+        extra_headers.strip.scan(GOROUTER_MESSAGE_EXTRADATA_REGEX) { |match|
+          unless match.length == 2 then next end
+          if match[1].start_with?('"') and match[1].end_with?('"')
+            # Strings
+            r[match[0]] = match[1][1..-2]
+          elsif match[1].match(/^[0-9]+(?:\.[0-9+]+)?$/)
+            # Numbers
+            r[match[0]] = match[1].to_f
+          else
+            r[match[0]] = match[1]
+          end
+        }
+        return r
+      end
+    end
+  end
+end

data/test/test_parser_router_log.rb

@@ -0,0 +1,88 @@
+require "test-unit"
+require "fluent/test"
+require "fluent/test/helpers"
+require "fluent/test/driver/parser"
+require "fluent/plugin/parser_cloudfoundry_syslog.rb"
+
+class GorouterParserLog < Test::Unit::TestCase
+  include Fluent::Test::Helpers
+
+  def setup
+    Fluent::Test.setup
+    @parser = Fluent::Test::Driver::Parser.new(Fluent::Plugin::CloudFoundrySyslogParser)
+
+    @parser.configure({
+      "parse_gorouter_access_log" => true,
+    })
+  end
+
+  def test_a
+    log = %{
+      <14>1 2021-12-24T22:20:01.438069+00:00 some-hostname some-appname [RTR/0] - 
+      [tags@47450
+        __v1_type="LogMessage" 
+        app_id="some-app-id" 
+        app_name="some-appname"
+        component="route-emitter" 
+        deployment="eu-gb-prod" 
+        index="some-index" 
+        instance_id="0" 
+        ip="some-ip" 
+        job="router" 
+        organization_id="some-org-id" 
+        organization_name="some-org-name" 
+        origin="gorouter" 
+        process_id="some-process-id" 
+        process_instance_id="some-process-instance-id" 
+        process_type="web"
+        source_type="RTR"
+        space_id="some-space-id" 
+        space_name="dev"]
+      example.com
+      -
+      [2021-12-24T22:20:01.429164095Z]
+      "GET /styles.css HTTP/1.1"
+      304
+      0
+      0
+      "https://example.com/"
+      "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:95.0) Gecko/20100101 Firefox/95.0" 
+      "some-remote-host"
+      "some-backend-host" 
+      x_forwarded_for:"a, b"
+      x_forwarded_proto:"https"
+      vcap_request_id:"some-request-id"
+      response_time:0.008452
+      gorouter_time:0.000625
+      app_id:"some-app-id" 
+      app_index:"0" 
+      instance_id:"some-instance-id"
+      x_cf_routererror:"-" 
+      x_global_transaction_id:"some-global-transaction-id"
+      true_client_ip:"-"
+      x_b3_traceid:"some-trace-id" 
+      x_b3_spanid:"some-span-id"
+      x_b3_parentspanid:"-" 
+      b3:"some-b3"
+    }.gsub(/\s+/, " ").strip
+    @parser.instance.parse(log) { |time, record|
+      assert_not_nil(time)
+      assert_not_nil(record)
+      assert_not_nil(record["gorouter"])
+      assert_equal("LogMessage", record.dig("sd", "tags@47450", "__v1_type"))
+      assert_equal("2021-12-24T22:20:01.429164095Z", record.dig("gorouter", "timestamp"))
+      assert_equal("GET", record.dig("gorouter", "method"))
+      assert_equal("/styles.css", record.dig("gorouter", "pathname"))
+      assert_equal("HTTP/1.1", record.dig("gorouter", "protocol"))
+      assert_equal("304", record.dig("gorouter", "status"))
+      assert_equal("0", record.dig("gorouter", "bytes_received"))
+      assert_equal("0", record.dig("gorouter", "bytes_sent"))
+      assert_equal("https://example.com/", record.dig("gorouter", "referer"))
+      assert_equal("Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:95.0) Gecko/20100101 Firefox/95.0", record.dig("gorouter", "user_agent"))
+      assert_equal("some-remote-host", record.dig("gorouter", "remote_address"))
+      assert_equal("some-backend-host", record.dig("gorouter", "backend_address"))
+      assert_equal("a, b", record.dig("gorouter", "x_forwarded_for"))
+      assert_equal(0.000625, record.dig("gorouter", "gorouter_time"))
+    }
+  end
+end

data/test/test_syslog_rfc.rb

@@ -0,0 +1,216 @@
+require "test-unit"
+require "fluent/test"
+require "fluent/test/helpers"
+require "fluent/test/driver/parser"
+require "fluent/plugin/parser_cloudfoundry_syslog.rb"
+
+class SyslogRFCTest < Test::Unit::TestCase
+  include Fluent::Test::Helpers
+
+  def setup
+    Fluent::Test.setup
+    @parser = Fluent::Test::Driver::Parser.new(Fluent::Plugin::CloudFoundrySyslogParser)
+    @parser.configure({})
+  end
+
+  def test_nil
+    @parser.instance.parse(nil) { |time, record|
+      assert_nil(time)
+      assert_nil(record)
+    }
+  end
+
+  def test_empty_string
+    @parser.instance.parse("") { |time, record|
+      assert_nil(time)
+      assert_nil(record)
+    }
+  end
+
+  def test_words
+    @parser.instance.parse("foo bar") { |time, record|
+      assert_nil(time)
+      assert_nil(record)
+    }
+  end
+
+  def test_parse_syslog
+    log = '<13>1 1985-04-12T23:20:50.52Z some-hostname some-appname some-procid some-msgid [instance@47450 paramA="def123" paramB="j k l" paramC=""] some foo bar'
+    @parser.instance.parse(log) { |time, record|
+      assert_not_nil(time)
+      assert_not_nil(record)
+      assert_equal(1, record.dig("header", "pri", "facility"))
+      assert_equal(Fluent::Plugin::CloudFoundrySyslogParser::SYSLOG_SEVERITY_CODES[5], record.dig("header", "pri", "severity"))
+      assert_equal("some-hostname", record.dig("header", "hostname"))
+      assert_equal("some-appname", record.dig("header", "app_name"))
+      assert_equal("some-procid", record.dig("header", "proc_id"))
+      assert_equal("some-msgid", record.dig("header", "msg_id"))
+      assert_equal({
+        "paramA" => "def123",
+        "paramB" => "j k l",
+        "paramC" => "",
+      }, record.dig("sd", "instance@47450"))
+      assert_equal("some foo bar", record.dig("message"))
+    }
+  end
+
+  def test_parse_syslog_with_nilvalue_structured_data
+    log = "<13>1 1985-04-12T23:20:50.52Z some-hostname some-appname some-procid some-msgid - some foo bar"
+    @parser.instance.parse(log) { |time, record|
+      assert_not_nil(time)
+      assert_not_nil(record)
+      assert_equal(1, record.dig("header", "pri", "facility"))
+      assert_equal(Fluent::Plugin::CloudFoundrySyslogParser::SYSLOG_SEVERITY_CODES[5], record.dig("header", "pri", "severity"))
+      assert_equal("some-hostname", record.dig("header", "hostname"))
+      assert_equal("some-appname", record.dig("header", "app_name"))
+      assert_equal("some-procid", record.dig("header", "proc_id"))
+      assert_equal("some-msgid", record.dig("header", "msg_id"))
+      assert_equal({}, record.dig("sd"))
+    }
+  end
+
+  def test_parse_syslog_with_sd_element_without_sd_params
+    log = "<13>1 1985-04-12T23:20:50.52Z some-hostname some-appname some-procid some-msgid [instance] some foo bar"
+    @parser.instance.parse(log) { |time, record|
+      assert_not_nil(time)
+      assert_not_nil(record)
+      assert_equal(1, record.dig("header", "pri", "facility"))
+      assert_equal(Fluent::Plugin::CloudFoundrySyslogParser::SYSLOG_SEVERITY_CODES[5], record.dig("header", "pri", "severity"))
+      assert_equal("some-hostname", record.dig("header", "hostname"))
+      assert_equal("some-appname", record.dig("header", "app_name"))
+      assert_equal("some-procid", record.dig("header", "proc_id"))
+      assert_equal("some-msgid", record.dig("header", "msg_id"))
+      assert_equal({ "instance" => {} }, record.dig("sd"))
+    }
+  end
+
+  def test_parse_syslog_with_sd_element_with_registered_id
+    log = "<13>1 1985-04-12T23:20:50.52Z some-hostname some-appname some-procid some-msgid [instance@1234] some foo bar"
+    @parser.instance.parse(log) { |time, record|
+      assert_not_nil(time)
+      assert_not_nil(record)
+      assert_equal(1, record.dig("header", "pri", "facility"))
+      assert_equal(Fluent::Plugin::CloudFoundrySyslogParser::SYSLOG_SEVERITY_CODES[5], record.dig("header", "pri", "severity"))
+      assert_equal("some-hostname", record.dig("header", "hostname"))
+      assert_equal("some-appname", record.dig("header", "app_name"))
+      assert_equal("some-procid", record.dig("header", "proc_id"))
+      assert_equal("some-msgid", record.dig("header", "msg_id"))
+      assert_equal({ "instance@1234" => {} }, record.dig("sd"))
+    }
+  end
+
+  def test_parse_syslog_with_escapes_in_sd_value
+    log = '<13>1 1985-04-12T23:20:50.52Z some-hostname some-appname some-procid some-msgid [instance@47450 paramA="def\\12\\3" paramB="j k l\\"" paramC="\\"\\]"] some foo bar'
+    @parser.instance.parse(log) { |time, record|
+      assert_not_nil(time)
+      assert_not_nil(record)
+      assert_equal(1, record.dig("header", "pri", "facility"))
+      assert_equal(Fluent::Plugin::CloudFoundrySyslogParser::SYSLOG_SEVERITY_CODES[5], record.dig("header", "pri", "severity"))
+      assert_equal("some-hostname", record.dig("header", "hostname"))
+      assert_equal("some-appname", record.dig("header", "app_name"))
+      assert_equal("some-procid", record.dig("header", "proc_id"))
+      assert_equal("some-msgid", record.dig("header", "msg_id"))
+      assert_equal({
+        "paramA" => "def\\12\\3",
+        "paramB" => "j k l\\\"",
+        "paramC" => "\\\"\\]",
+      }, record.dig("sd", "instance@47450"))
+      assert_equal("some foo bar", record.dig("message"))
+    }
+  end
+
+  def test_parse_syslog_with_invalid_escapes_in_sd_value
+    log = '<13>1 1985-04-12T23:20:50.52Z some-hostname some-appname some-procid some-msgid [instance@47450 paramB="j k l\\\\""] some foo bar'
+    @parser.instance.parse(log) { |time, record|
+      assert_nil(time)
+      assert_nil(record)
+    }
+  end
+
+  def test_parse_syslog_with_invalid_escaped_sd_value_delimiter
+    log = '<13>1 1985-04-12T23:20:50.52Z some-hostname some-appname some-procid some-msgid [instance@47450 paramC="\\"] some foo bar'
+    @parser.instance.parse(log) { |time, record|
+      assert_nil(time)
+      assert_nil(record)
+    }
+  end
+
+  def test_parse_syslog_with_multiple_sd_elements
+    log = '<13>1 1985-04-12T23:20:50.52Z some-hostname some-appname some-procid some-msgid [elementA fooA="barA"][elementB fooB="barB"] some foo bar'
+    @parser.instance.parse(log) { |time, record|
+      assert_not_nil(time)
+      assert_not_nil(record)
+      assert_equal(1, record.dig("header", "pri", "facility"))
+      assert_equal(Fluent::Plugin::CloudFoundrySyslogParser::SYSLOG_SEVERITY_CODES[5], record.dig("header", "pri", "severity"))
+      assert_equal("some-hostname", record.dig("header", "hostname"))
+      assert_equal("some-appname", record.dig("header", "app_name"))
+      assert_equal("some-procid", record.dig("header", "proc_id"))
+      assert_equal("some-msgid", record.dig("header", "msg_id"))
+      assert_equal({
+        "elementA" => {
+          "fooA" => "barA",
+        },
+        "elementB" => {
+          "fooB" => "barB",
+        },
+      }, record.dig("sd"))
+      assert_equal("some foo bar", record.dig("message"))
+    }
+  end
+
+  def test_parse_syslog_with_seperated_sd_elements
+    log = '<13>1 1985-04-12T23:20:50.52Z some-hostname some-appname some-procid some-msgid [elementA fooA="barA"] [elementB fooB="barB"] some foo bar'
+    @parser.instance.parse(log) { |time, record|
+      assert_not_nil(time)
+      assert_not_nil(record)
+      assert_equal(1, record.dig("header", "pri", "facility"))
+      assert_equal(Fluent::Plugin::CloudFoundrySyslogParser::SYSLOG_SEVERITY_CODES[5], record.dig("header", "pri", "severity"))
+      assert_equal("some-hostname", record.dig("header", "hostname"))
+      assert_equal("some-appname", record.dig("header", "app_name"))
+      assert_equal("some-procid", record.dig("header", "proc_id"))
+      assert_equal("some-msgid", record.dig("header", "msg_id"))
+      assert_equal({
+        "elementA" => {
+          "fooA" => "barA",
+        },
+      }, record.dig("sd"))
+      assert_equal('[elementB fooB="barB"] some foo bar', record.dig("message"))
+    }
+  end
+
+  def test_parse_syslog_without_message
+    log = '<13>1 1985-04-12T23:20:50.52Z some-hostname some-appname some-procid some-msgid [instance@47450 paramA="def123" paramB="j k l" paramC=""]'
+    @parser.instance.parse(log) { |time, record|
+      assert_not_nil(time)
+      assert_not_nil(record)
+      assert_equal(1, record.dig("header", "pri", "facility"))
+      assert_equal(Fluent::Plugin::CloudFoundrySyslogParser::SYSLOG_SEVERITY_CODES[5], record.dig("header", "pri", "severity"))
+      assert_equal("some-hostname", record.dig("header", "hostname"))
+      assert_equal("some-appname", record.dig("header", "app_name"))
+      assert_equal("some-procid", record.dig("header", "proc_id"))
+      assert_equal("some-msgid", record.dig("header", "msg_id"))
+      assert_equal({
+        "paramA" => "def123",
+        "paramB" => "j k l",
+        "paramC" => "",
+      }, record.dig("sd", "instance@47450"))
+      assert_equal("", record.dig("message"))
+    }
+  end
+
+  def test_parse_syslog_with_nilvalue_sd_without_message
+    log = "<13>1 1985-04-12T23:20:50.52Z some-hostname some-appname some-procid some-msgid -"
+    @parser.instance.parse(log) { |time, record|
+      assert_not_nil(time)
+      assert_not_nil(record)
+      assert_equal(1, record.dig("header", "pri", "facility"))
+      assert_equal(Fluent::Plugin::CloudFoundrySyslogParser::SYSLOG_SEVERITY_CODES[5], record.dig("header", "pri", "severity"))
+      assert_equal("some-hostname", record.dig("header", "hostname"))
+      assert_equal("some-appname", record.dig("header", "app_name"))
+      assert_equal("some-procid", record.dig("header", "proc_id"))
+      assert_equal("some-msgid", record.dig("header", "msg_id"))
+      assert_equal({}, record.dig("sd"))
+      assert_equal("", record.dig("message"))
+    }
+  end
+end

metadata

@@ -0,0 +1,116 @@
+--- !ruby/object:Gem::Specification
+name: fluent-plugin-parser-cloudfoundry-syslog
+version: !ruby/object:Gem::Version
+  version: 0.1.1
+platform: ruby
+authors:
+- Matteias Collet
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2021-12-29 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.1'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
+- !ruby/object:Gem::Dependency
+  name: test-unit
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.3'
+- !ruby/object:Gem::Dependency
+  name: fluentd
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1'
+description: CloudFoundry log parser for Fluentd
+email:
+- matteias.collet@bluewin.ch
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".devcontainer/Dockerfile"
+- ".devcontainer/devcontainer.json"
+- ".devcontainer/post-create.sh"
+- ".github/workflows/build-and-test.yml"
+- ".github/workflows/publish.yml"
+- ".gitignore"
+- ".vscode/settings.json"
+- Gemfile
+- LICENSE
+- README.md
+- Rakefile
+- fluent-plugin-parser-cloudfoundry-syslog.gemspec
+- lib/fluent/plugin/parser_cloudfoundry_syslog.rb
+- test/test_parser_router_log.rb
+- test/test_syslog_rfc.rb
+homepage: https://github.com/bitpatty/fluent-plugin-parser-cloudfoundry-syslog
+licenses:
+- Apache-2.0
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.1.2
+signing_key: 
+specification_version: 4
+summary: CloudFoundry log parser for Fluentd
+test_files:
+- test/test_parser_router_log.rb
+- test/test_syslog_rfc.rb