Adding upstream version 1.34.4.

Signed-off-by: Daniel Baumann <daniel@debian.org>

plugins/inputs/syslog/README.md

@@ -0,0 +1,268 @@
+# Syslog Input Plugin
+
+The syslog plugin listens for syslog messages transmitted over a Unix Domain
+socket, [UDP](https://tools.ietf.org/html/rfc5426),
+[TCP](https://tools.ietf.org/html/rfc6587), or
+[TLS](https://tools.ietf.org/html/rfc5425); with or without the octet counting
+framing.
+
+Syslog messages should be formatted according to
+[RFC 5424](https://tools.ietf.org/html/rfc5424) (syslog protocol) or
+[RFC 3164](https://tools.ietf.org/html/rfc3164) (BSD syslog protocol).
+
+## Service Input <!-- @/docs/includes/service_input.md -->
+
+This plugin is a service input. Normal plugins gather metrics determined by the
+interval setting. Service plugins start a service to listen and wait for
+metrics or events to occur. Service plugins have two key differences from
+normal plugins:
+
+1. The global or plugin specific `interval` setting may not apply
+2. The CLI options of `--test`, `--test-wait`, and `--once` may not produce
+   output for this plugin
+
+## Global configuration options <!-- @/docs/includes/plugin_config.md -->
+
+In addition to the plugin-specific configuration settings, plugins support
+additional global and plugin configuration settings. These settings are used to
+modify metrics, tags, and field or create aliases and configure ordering, etc.
+See the [CONFIGURATION.md][CONFIGURATION.md] for more details.
+
+[CONFIGURATION.md]: ../../../docs/CONFIGURATION.md#plugins
+
+## Configuration
+
+```toml @sample.conf
+[[inputs.syslog]]
+  ## Protocol, address and port to host the syslog receiver.
+  ## If no host is specified, then localhost is used.
+  ## If no port is specified, 6514 is used (RFC5425#section-4.1).
+  ##   ex: server = "tcp://localhost:6514"
+  ##       server = "udp://:6514"
+  ##       server = "unix:///var/run/telegraf-syslog.sock"
+  ## When using tcp, consider using 'tcp4' or 'tcp6' to force the usage of IPv4
+  ## or IPV6 respectively. There are cases, where when not specified, a system
+  ## may force an IPv4 mapped IPv6 address.
+  server = "tcp://127.0.0.1:6514"
+
+  ## Permission for unix sockets (only available on unix sockets)
+  ## This setting may not be respected by some platforms. To safely restrict
+  ## permissions it is recommended to place the socket into a previously
+  ## created directory with the desired permissions.
+  ##   ex: socket_mode = "777"
+  # socket_mode = ""
+
+  ## Maximum number of concurrent connections (only available on stream sockets like TCP)
+  ## Zero means unlimited.
+  # max_connections = 0
+
+  ## Read timeout (only available on stream sockets like TCP)
+  ## Zero means unlimited.
+  # read_timeout = "0s"
+
+  ## Optional TLS configuration (only available on stream sockets like TCP)
+  # tls_cert = "/etc/telegraf/cert.pem"
+  # tls_key  = "/etc/telegraf/key.pem"
+  ## Enables client authentication if set.
+  # tls_allowed_cacerts = ["/etc/telegraf/clientca.pem"]
+
+  ## Maximum socket buffer size (in bytes when no unit specified)
+  ## For stream sockets, once the buffer fills up, the sender will start
+  ## backing up. For datagram sockets, once the buffer fills up, metrics will
+  ## start dropping. Defaults to the OS default.
+  # read_buffer_size = "64KiB"
+
+  ## Period between keep alive probes (only applies to TCP sockets)
+  ## Zero disables keep alive probes. Defaults to the OS configuration.
+  # keep_alive_period = "5m"
+
+  ## Content encoding for message payloads
+  ## Can be set to "gzip" for compressed payloads or "identity" for no encoding.
+  # content_encoding = "identity"
+
+  ## Maximum size of decoded packet (in bytes when no unit specified)
+  # max_decompression_size = "500MB"
+
+  ## Framing technique used for messages transport
+  ## Available settings are:
+  ##   octet-counting  -- see RFC5425#section-4.3.1 and RFC6587#section-3.4.1
+  ##   non-transparent -- see RFC6587#section-3.4.2
+  # framing = "octet-counting"
+
+  ## The trailer to be expected in case of non-transparent framing (default = "LF").
+  ## Must be one of "LF", or "NUL".
+  # trailer = "LF"
+
+  ## Whether to parse in best effort mode or not (default = false).
+  ## By default best effort parsing is off.
+  # best_effort = false
+
+  ## The RFC standard to use for message parsing
+  ## By default RFC5424 is used. RFC3164 only supports UDP transport (no streaming support)
+  ## Must be one of "RFC5424", or "RFC3164".
+  # syslog_standard = "RFC5424"
+
+  ## Character to prepend to SD-PARAMs (default = "_").
+  ## A syslog message can contain multiple parameters and multiple identifiers within structured data section.
+  ## Eg., [id1 name1="val1" name2="val2"][id2 name1="val1" nameA="valA"]
+  ## For each combination a field is created.
+  ## Its name is created concatenating identifier, sdparam_separator, and parameter name.
+  # sdparam_separator = "_"
+```
+
+### Message transport
+
+The `framing` option only applies to streams. It governs the way we expect to
+receive messages within the stream.  Namely, with the [`"octet counting"`][1]
+technique (default) or with the [`"non-transparent"`][2] framing.
+
+The `trailer` option only applies when `framing` option is
+`"non-transparent"`. It must have one of the following values: `"LF"` (default),
+or `"NUL"`.
+
+[1]: https://tools.ietf.org/html/rfc5425#section-4.3
+
+[2]: https://tools.ietf.org/html/rfc6587#section-3.4.2
+
+### Best effort
+
+The [`best_effort`](https://github.com/influxdata/go-syslog#best-effort-mode)
+option instructs the parser to extract partial but valid info from syslog
+messages. If unset only full messages will be collected.
+
+### Rsyslog Integration
+
+Rsyslog can be configured to forward logging messages to Telegraf by configuring
+[remote logging][3].
+
+Most system are setup with a configuration split between `/etc/rsyslog.conf`
+and the files in the `/etc/rsyslog.d/` directory, it is recommended to add the
+new configuration into the config directory to simplify updates to the main
+config file.
+
+Add the following lines to `/etc/rsyslog.d/50-telegraf.conf` making
+adjustments to the target address as needed:
+
+```shell
+$ActionQueueType LinkedList # use asynchronous processing
+$ActionQueueFileName srvrfwd # set file name, also enables disk mode
+$ActionResumeRetryCount -1 # infinite retries on insert failure
+$ActionQueueSaveOnShutdown on # save in-memory data if rsyslog shuts down
+
+# forward over tcp with octet framing according to RFC 5425
+*.* @@(o)127.0.0.1:6514;RSYSLOG_SyslogProtocol23Format
+
+# uncomment to use udp according to RFC 5424
+#*.* @127.0.0.1:6514;RSYSLOG_SyslogProtocol23Format
+```
+
+You can alternately use `advanced` format (aka RainerScript):
+
+```bash
+# forward over tcp with octet framing according to RFC 5425
+action(type="omfwd" Protocol="tcp" TCP_Framing="octet-counted" Target="127.0.0.1" Port="6514" Template="RSYSLOG_SyslogProtocol23Format")
+
+# uncomment to use udp according to RFC 5424
+#action(type="omfwd" Protocol="udp" Target="127.0.0.1" Port="6514" Template="RSYSLOG_SyslogProtocol23Format")
+```
+
+To complete TLS setup please refer to [rsyslog docs][4].
+
+[3]: https://www.rsyslog.com/doc/v8-stable/configuration/actions.html#remote-machine
+
+[4]: https://www.rsyslog.com/doc/v8-stable/tutorials/tls.html
+
+## Metrics
+
+- syslog
+  - tags
+    - severity (string)
+    - facility (string)
+    - hostname (string)
+    - appname (string)
+    - source (string)
+  - fields
+    - version (integer)
+    - severity_code (integer)
+    - facility_code (integer)
+    - timestamp (integer): the time recorded in the syslog message
+    - procid (string)
+    - msgid (string)
+    - sdid (bool)
+    - *Structured Data* (string)
+  - timestamp: the time the messages was received
+
+### Structured Data
+
+Structured data produces field keys by combining the `SD_ID` with the
+`PARAM_NAME` combined using the `sdparam_separator` as in the following example:
+
+```shell
+170 <165>1 2018-10-01:14:15.000Z mymachine.example.com evntslog - ID47 [exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"] An application event log entry...
+```
+
+```shell
+syslog,appname=evntslog,facility=local4,hostname=mymachine.example.com,severity=notice exampleSDID@32473_eventID="1011",exampleSDID@32473_eventSource="Application",exampleSDID@32473_iut="3",facility_code=20i,message="An application event log entry...",msgid="ID47",severity_code=5i,timestamp=1065910455003000000i,version=1i 1538421339749472344
+```
+
+## Troubleshooting
+
+```sh
+# TCP with octet framing
+echo "57 <13>1 2018-10-01T12:00:00.0Z example.org root - - - test" | nc 127.0.0.1 6514
+
+# UDP
+echo "<13>1 2018-10-01T12:00:00.0Z example.org root - - - test" | nc -u 127.0.0.1 6514
+```
+
+### Resolving Source IPs
+
+The `source` tag stores the remote IP address of the syslog sender.
+To resolve these IPs to DNS names, use the
+[`reverse_dns` processor](../../../plugins/processors/reverse_dns).
+
+You can send debugging messages directly to the input plugin using netcat:
+
+### RFC3164
+
+RFC3164 encoded messages are supported for UDP only, but not all vendors output
+valid RFC3164 messages by default
+
+- E.g. Cisco IOS
+
+If you see the following error, it is due to a message encoded in this format:
+
+ ```shell
+ E! Error in plugin [inputs.syslog]: expecting a version value in the range 1-999 [col 5]
+ ```
+
+Users can use rsyslog to translate RFC3164 syslog messages into RFC5424 format.
+Add the following lines to the rsyslog configuration file
+(e.g. `/etc/rsyslog.d/50-telegraf.conf`):
+
+```s
+# This makes rsyslog listen on 127.0.0.1:514 to receive RFC3164 udp
+# messages which can them be forwarded to telegraf as RFC5424
+$ModLoad imudp #loads the udp module
+$UDPServerAddress 127.0.0.1
+$UDPServerRun 514
+```
+
+Make adjustments to the target address as needed and sent your RFC3164 messages
+to port 514.
+
+## Example Output
+
+Here is example output of this plugin:
+
+```text
+syslog,appname=docker-compose,facility=daemon,host=bb8,hostname=droplet,location=home,severity=info,source=10.0.0.12 facility_code=3i,message="<redacted>",severity_code=6i,timestamp=1624643706396113000i,version=1i 1624643706400667198
+syslog,appname=tailscaled,facility=daemon,host=bb8,hostname=dev,location=home,severity=info,source=10.0.0.15 facility_code=3i,message="<redacted>",severity_code=6i,timestamp=1624643706403394000i,version=1i 1624643706407850408
+syslog,appname=docker-compose,facility=daemon,host=bb8,hostname=droplet,location=home,severity=info,source=10.0.0.12 facility_code=3i,message="<redacted>",severity_code=6i,timestamp=1624643706675853000i,version=1i 1624643706679251683
+syslog,appname=telegraf,facility=daemon,host=bb8,hostname=droplet,location=home,severity=info,source=10.0.0.12 facility_code=3i,message="<redacted>",severity_code=6i,timestamp=1624643710005006000i,version=1i 1624643710008285426
+syslog,appname=telegraf,facility=daemon,host=bb8,hostname=droplet,location=home,severity=info,source=10.0.0.12 facility_code=3i,message="<redacted>",severity_code=6i,timestamp=1624643710005696000i,version=1i 1624643710010754050
+syslog,appname=docker-compose,facility=daemon,host=bb8,hostname=droplet,location=home,severity=info,source=10.0.0.12 facility_code=3i,message="<redacted>",severity_code=6i,timestamp=1624643715777813000i,version=1i 1624643715782158154
+syslog,appname=docker-compose,facility=daemon,host=bb8,hostname=droplet,location=home,severity=info,source=10.0.0.12 facility_code=3i,message="<redacted>",severity_code=6i,timestamp=1624643716396547000i,version=1i 1624643716400395788
+syslog,appname=tailscaled,facility=daemon,host=bb8,hostname=dev,location=home,severity=info,source=10.0.0.15 facility_code=3i,message="<redacted>",severity_code=6i,timestamp=1624643716404931000i,version=1i 1624643716416947058
+syslog,appname=docker-compose,facility=daemon,host=bb8,hostname=droplet,location=home,severity=info,source=10.0.0.12 facility_code=3i,message="<redacted>",severity_code=6i,timestamp=1624643716676633000i,version=1i 1624643716680157558
+```

plugins/inputs/syslog/sample.conf

@@ -0,0 +1,75 @@
+[[inputs.syslog]]
+  ## Protocol, address and port to host the syslog receiver.
+  ## If no host is specified, then localhost is used.
+  ## If no port is specified, 6514 is used (RFC5425#section-4.1).
+  ##   ex: server = "tcp://localhost:6514"
+  ##       server = "udp://:6514"
+  ##       server = "unix:///var/run/telegraf-syslog.sock"
+  ## When using tcp, consider using 'tcp4' or 'tcp6' to force the usage of IPv4
+  ## or IPV6 respectively. There are cases, where when not specified, a system
+  ## may force an IPv4 mapped IPv6 address.
+  server = "tcp://127.0.0.1:6514"
+
+  ## Permission for unix sockets (only available on unix sockets)
+  ## This setting may not be respected by some platforms. To safely restrict
+  ## permissions it is recommended to place the socket into a previously
+  ## created directory with the desired permissions.
+  ##   ex: socket_mode = "777"
+  # socket_mode = ""
+
+  ## Maximum number of concurrent connections (only available on stream sockets like TCP)
+  ## Zero means unlimited.
+  # max_connections = 0
+
+  ## Read timeout (only available on stream sockets like TCP)
+  ## Zero means unlimited.
+  # read_timeout = "0s"
+
+  ## Optional TLS configuration (only available on stream sockets like TCP)
+  # tls_cert = "/etc/telegraf/cert.pem"
+  # tls_key  = "/etc/telegraf/key.pem"
+  ## Enables client authentication if set.
+  # tls_allowed_cacerts = ["/etc/telegraf/clientca.pem"]
+
+  ## Maximum socket buffer size (in bytes when no unit specified)
+  ## For stream sockets, once the buffer fills up, the sender will start
+  ## backing up. For datagram sockets, once the buffer fills up, metrics will
+  ## start dropping. Defaults to the OS default.
+  # read_buffer_size = "64KiB"
+
+  ## Period between keep alive probes (only applies to TCP sockets)
+  ## Zero disables keep alive probes. Defaults to the OS configuration.
+  # keep_alive_period = "5m"
+
+  ## Content encoding for message payloads
+  ## Can be set to "gzip" for compressed payloads or "identity" for no encoding.
+  # content_encoding = "identity"
+
+  ## Maximum size of decoded packet (in bytes when no unit specified)
+  # max_decompression_size = "500MB"
+
+  ## Framing technique used for messages transport
+  ## Available settings are:
+  ##   octet-counting  -- see RFC5425#section-4.3.1 and RFC6587#section-3.4.1
+  ##   non-transparent -- see RFC6587#section-3.4.2
+  # framing = "octet-counting"
+
+  ## The trailer to be expected in case of non-transparent framing (default = "LF").
+  ## Must be one of "LF", or "NUL".
+  # trailer = "LF"
+
+  ## Whether to parse in best effort mode or not (default = false).
+  ## By default best effort parsing is off.
+  # best_effort = false
+
+  ## The RFC standard to use for message parsing
+  ## By default RFC5424 is used. RFC3164 only supports UDP transport (no streaming support)
+  ## Must be one of "RFC5424", or "RFC3164".
+  # syslog_standard = "RFC5424"
+
+  ## Character to prepend to SD-PARAMs (default = "_").
+  ## A syslog message can contain multiple parameters and multiple identifiers within structured data section.
+  ## Eg., [id1 name1="val1" name2="val2"][id2 name1="val1" nameA="valA"]
+  ## For each combination a field is created.
+  ## Its name is created concatenating identifier, sdparam_separator, and parameter name.
+  # sdparam_separator = "_"

plugins/inputs/syslog/sample.conf.in

@@ -0,0 +1,39 @@
+[[inputs.syslog]]
+  ## Protocol, address and port to host the syslog receiver.
+  ## If no host is specified, then localhost is used.
+  ## If no port is specified, 6514 is used (RFC5425#section-4.1).
+  ##   ex: server = "tcp://localhost:6514"
+  ##       server = "udp://:6514"
+  ##       server = "unix:///var/run/telegraf-syslog.sock"
+  ## When using tcp, consider using 'tcp4' or 'tcp6' to force the usage of IPv4
+  ## or IPV6 respectively. There are cases, where when not specified, a system
+  ## may force an IPv4 mapped IPv6 address.
+  server = "tcp://127.0.0.1:6514"
+
+{{template "/plugins/common/socket/socket.conf"}}
+
+  ## Framing technique used for messages transport
+  ## Available settings are:
+  ##   octet-counting  -- see RFC5425#section-4.3.1 and RFC6587#section-3.4.1
+  ##   non-transparent -- see RFC6587#section-3.4.2
+  # framing = "octet-counting"
+
+  ## The trailer to be expected in case of non-transparent framing (default = "LF").
+  ## Must be one of "LF", or "NUL".
+  # trailer = "LF"
+
+  ## Whether to parse in best effort mode or not (default = false).
+  ## By default best effort parsing is off.
+  # best_effort = false
+
+  ## The RFC standard to use for message parsing
+  ## By default RFC5424 is used. RFC3164 only supports UDP transport (no streaming support)
+  ## Must be one of "RFC5424", or "RFC3164".
+  # syslog_standard = "RFC5424"
+
+  ## Character to prepend to SD-PARAMs (default = "_").
+  ## A syslog message can contain multiple parameters and multiple identifiers within structured data section.
+  ## Eg., [id1 name1="val1" name2="val2"][id2 name1="val1" nameA="valA"]
+  ## For each combination a field is created.
+  ## Its name is created concatenating identifier, sdparam_separator, and parameter name.
+  # sdparam_separator = "_"

plugins/inputs/syslog/syslog.go

@@ -0,0 +1,333 @@
+//go:generate ../../../tools/config_includer/generator
+//go:generate ../../../tools/readme_config_includer/generator
+package syslog
+
+import (
+	_ "embed"
+	"fmt"
+	"io"
+	"net"
+	"net/url"
+	"strings"
+	"sync"
+	"time"
+	"unicode"
+
+	"github.com/leodido/go-syslog/v4"
+	"github.com/leodido/go-syslog/v4/nontransparent"
+	"github.com/leodido/go-syslog/v4/octetcounting"
+	"github.com/leodido/go-syslog/v4/rfc3164"
+	"github.com/leodido/go-syslog/v4/rfc5424"
+
+	"github.com/influxdata/telegraf"
+	"github.com/influxdata/telegraf/plugins/common/socket"
+	"github.com/influxdata/telegraf/plugins/inputs"
+)
+
+//go:embed sample.conf
+var sampleConfig string
+
+const readTimeoutMsg = "Read timeout set! Connections, inactive for the set duration, will be closed!"
+
+type Syslog struct {
+	Address        string                     `toml:"server"`
+	Framing        string                     `toml:"framing"`
+	SyslogStandard string                     `toml:"syslog_standard"`
+	Trailer        nontransparent.TrailerType `toml:"trailer"`
+	BestEffort     bool                       `toml:"best_effort"`
+	Separator      string                     `toml:"sdparam_separator"`
+	Log            telegraf.Logger            `toml:"-"`
+	socket.Config
+
+	mu sync.Mutex
+	wg sync.WaitGroup
+
+	url    *url.URL
+	socket *socket.Socket
+}
+
+func (*Syslog) SampleConfig() string {
+	return sampleConfig
+}
+
+func (s *Syslog) Init() error {
+	// Check settings and set defaults
+	switch s.Framing {
+	case "":
+		s.Framing = "octet-counting"
+	case "octet-counting", "non-transparent":
+	default:
+		return fmt.Errorf("invalid 'framing' %q", s.Framing)
+	}
+
+	switch s.SyslogStandard {
+	case "":
+		s.SyslogStandard = "RFC5424"
+	case "RFC3164", "RFC5424":
+	default:
+		return fmt.Errorf("invalid 'syslog_standard' %q", s.SyslogStandard)
+	}
+
+	if s.Separator == "" {
+		s.Separator = "_"
+	}
+
+	// Check and parse address, set default if necessary
+	if s.Address == "" {
+		s.Address = "tcp://127.0.0.1:6514"
+	}
+
+	if !strings.Contains(s.Address, "://") {
+		return fmt.Errorf("missing protocol within address %q", s.Address)
+	}
+
+	u, err := url.Parse(s.Address)
+	if err != nil {
+		return fmt.Errorf("parsing address %q failed: %w", s.Address, err)
+	}
+
+	// Check if we do have a port and add the default one if not
+	if u.Port() == "" {
+		u.Host += ":6514"
+	}
+	s.url = u
+
+	switch s.url.Scheme {
+	case "tcp", "tcp4", "tcp6", "unix", "unixpacket":
+		if s.ReadTimeout > 0 {
+			s.Log.Warn(readTimeoutMsg)
+		}
+	case "udp", "udp4", "udp6", "ip", "ip4", "ip6", "unixgram":
+	default:
+		return fmt.Errorf("unknown protocol %q in %q", u.Scheme, s.Address)
+	}
+
+	// Create a socket
+	sock, err := s.Config.NewSocket(u.String(), nil, s.Log)
+	if err != nil {
+		return err
+	}
+	s.socket = sock
+
+	return nil
+}
+
+func (s *Syslog) Start(acc telegraf.Accumulator) error {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	// Setup the listener
+	if err := s.socket.Setup(); err != nil {
+		return err
+	}
+	addr := s.socket.Address()
+	s.Log.Infof("Listening on %s://%s", addr.Network(), addr.String())
+
+	// Setup the callbacks and start listening
+	onError := func(err error) {
+		acc.AddError(err)
+	}
+	switch s.url.Scheme {
+	case "tcp", "tcp4", "tcp6", "unix", "unixpacket":
+		onConnection := s.createStreamDataHandler(acc)
+		s.socket.ListenConnection(onConnection, onError)
+	case "udp", "udp4", "udp6", "ip", "ip4", "ip6", "unixgram":
+		onData := s.createDatagramDataHandler(acc)
+		s.socket.Listen(onData, onError)
+	default:
+		return fmt.Errorf("unknown protocol %q in %q", s.url.Scheme, s.Address)
+	}
+
+	return nil
+}
+
+func (*Syslog) Gather(telegraf.Accumulator) error {
+	return nil
+}
+
+func (s *Syslog) Stop() {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	s.socket.Close()
+	s.wg.Wait()
+}
+
+func (s *Syslog) createStreamDataHandler(acc telegraf.Accumulator) socket.CallbackConnection {
+	// Create parser options
+	var opts []syslog.ParserOption
+	if s.BestEffort {
+		opts = append(opts, syslog.WithBestEffort())
+	}
+	if s.Framing == "non-transparent" {
+		opts = append(opts, nontransparent.WithTrailer(s.Trailer))
+	}
+
+	return func(src net.Addr, reader io.ReadCloser) {
+		// Create the parser depending on transport framing and other settings
+		var parser syslog.Parser
+		switch s.Framing {
+		case "octet-counting":
+			parser = octetcounting.NewParser(opts...)
+		case "non-transparent":
+			parser = nontransparent.NewParser(opts...)
+		}
+
+		// Remove port from address
+		var addr string
+		if src.Network() != "unix" {
+			var err error
+			if addr, _, err = net.SplitHostPort(src.String()); err != nil {
+				addr = src.String()
+			}
+		}
+
+		parser.WithListener(func(r *syslog.Result) {
+			if r.Error != nil {
+				acc.AddError(r.Error)
+			}
+			if r.Message == nil {
+				return
+			}
+
+			// Extract message information
+			acc.AddFields("syslog", fields(r.Message, s.Separator), tags(r.Message, addr))
+		})
+		parser.Parse(reader)
+	}
+}
+
+func (s *Syslog) createDatagramDataHandler(acc telegraf.Accumulator) socket.CallbackData {
+	// Create the parser depending on syslog standard and other settings
+	var parser syslog.Machine
+	switch s.SyslogStandard {
+	case "RFC3164":
+		parser = rfc3164.NewParser(rfc3164.WithYear(rfc3164.CurrentYear{}))
+	case "RFC5424":
+		parser = rfc5424.NewParser()
+	}
+	if s.BestEffort {
+		parser.WithBestEffort()
+	}
+
+	// Return the OnData function
+	return func(src net.Addr, data []byte, _ time.Time) {
+		message, err := parser.Parse(data)
+		if err != nil {
+			acc.AddError(err)
+		} else if message == nil {
+			acc.AddError(fmt.Errorf("unable to parse message: %s", string(data)))
+		}
+		if message == nil {
+			return
+		}
+
+		// Extract message information
+		var addr string
+		if src.Network() != "unixgram" {
+			var err error
+			if addr, _, err = net.SplitHostPort(src.String()); err != nil {
+				addr = src.String()
+			}
+		}
+		acc.AddFields("syslog", fields(message, s.Separator), tags(message, addr))
+	}
+}
+
+func tags(msg syslog.Message, src string) map[string]string {
+	// Extract message information
+	tags := map[string]string{
+		"severity": *msg.SeverityShortLevel(),
+		"facility": *msg.FacilityLevel(),
+	}
+
+	if src != "" {
+		tags["source"] = src
+	}
+
+	switch msg := msg.(type) {
+	case *rfc5424.SyslogMessage:
+		if msg.Hostname != nil {
+			tags["hostname"] = *msg.Hostname
+		}
+		if msg.Appname != nil {
+			tags["appname"] = *msg.Appname
+		}
+	case *rfc3164.SyslogMessage:
+		if msg.Hostname != nil {
+			tags["hostname"] = *msg.Hostname
+		}
+		if msg.Appname != nil {
+			tags["appname"] = *msg.Appname
+		}
+	}
+
+	return tags
+}
+
+func fields(msg syslog.Message, separator string) map[string]interface{} {
+	var fields map[string]interface{}
+	switch msg := msg.(type) {
+	case *rfc5424.SyslogMessage:
+		fields = map[string]interface{}{
+			"facility_code": int(*msg.Facility),
+			"severity_code": int(*msg.Severity),
+			"version":       msg.Version,
+		}
+		if msg.Timestamp != nil {
+			fields["timestamp"] = (*msg.Timestamp).UnixNano()
+		}
+		if msg.ProcID != nil {
+			fields["procid"] = *msg.ProcID
+		}
+		if msg.MsgID != nil {
+			fields["msgid"] = *msg.MsgID
+		}
+		if msg.Message != nil {
+			fields["message"] = strings.TrimRightFunc(*msg.Message, func(r rune) bool {
+				return unicode.IsSpace(r)
+			})
+		}
+		if msg.StructuredData != nil {
+			for sdid, sdparams := range *msg.StructuredData {
+				if len(sdparams) == 0 {
+					// When SD-ID does not have params we indicate its presence with a bool
+					fields[sdid] = true
+					continue
+				}
+				for k, v := range sdparams {
+					fields[sdid+separator+k] = v
+				}
+			}
+		}
+	case *rfc3164.SyslogMessage:
+		fields = map[string]interface{}{
+			"facility_code": int(*msg.Facility),
+			"severity_code": int(*msg.Severity),
+		}
+		if msg.Timestamp != nil {
+			fields["timestamp"] = (*msg.Timestamp).UnixNano()
+		}
+		if msg.ProcID != nil {
+			fields["procid"] = *msg.ProcID
+		}
+		if msg.MsgID != nil {
+			fields["msgid"] = *msg.MsgID
+		}
+		if msg.Message != nil {
+			fields["message"] = strings.TrimRightFunc(*msg.Message, func(r rune) bool {
+				return unicode.IsSpace(r)
+			})
+		}
+	}
+
+	return fields
+}
+
+func init() {
+	inputs.Add("syslog", func() telegraf.Input {
+		return &Syslog{
+			Trailer: nontransparent.LF,
+		}
+	})
+}

plugins/inputs/syslog/syslog_test.go

@@ -0,0 +1,357 @@
+package syslog
+
+import (
+	"crypto/tls"
+	"net"
+	"os"
+	"path/filepath"
+	"runtime"
+	"sort"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/leodido/go-syslog/v4/nontransparent"
+	"github.com/stretchr/testify/require"
+
+	"github.com/influxdata/telegraf"
+	"github.com/influxdata/telegraf/config"
+	"github.com/influxdata/telegraf/metric"
+	"github.com/influxdata/telegraf/plugins/common/socket"
+	"github.com/influxdata/telegraf/plugins/inputs"
+	parsers_influx_upstream "github.com/influxdata/telegraf/plugins/parsers/influx/influx_upstream"
+	"github.com/influxdata/telegraf/testutil"
+)
+
+var pki = testutil.NewPKI("../../../testutil/pki")
+
+func TestAddressMissingProtocol(t *testing.T) {
+	plugin := &Syslog{
+		Address: "localhost:6514",
+		Log:     testutil.Logger{},
+	}
+	require.ErrorContains(t, plugin.Init(), "missing protocol within address")
+}
+
+func TestAddressUnknownProtocol(t *testing.T) {
+	plugin := &Syslog{
+		Address: "unsupported://example.com:6514",
+		Log:     testutil.Logger{},
+	}
+	require.ErrorContains(t, plugin.Init(), "unknown protocol")
+}
+
+func TestAddressDefault(t *testing.T) {
+	plugin := &Syslog{Log: testutil.Logger{}}
+	require.NoError(t, plugin.Init())
+
+	require.Equal(t, "tcp://127.0.0.1:6514", plugin.url.String())
+}
+
+func TestAddressDefaultPort(t *testing.T) {
+	plugin := &Syslog{
+		Address: "tcp://localhost",
+		Log:     testutil.Logger{},
+	}
+	require.NoError(t, plugin.Init())
+
+	// Default port is 6514
+	require.Equal(t, "tcp://localhost:6514", plugin.url.String())
+}
+
+func TestReadTimeoutWarning(t *testing.T) {
+	logger := &testutil.CaptureLogger{}
+	plugin := &Syslog{
+		Address: "tcp://localhost:6514",
+		Config: socket.Config{
+			ReadTimeout: config.Duration(time.Second),
+		},
+		Log: logger,
+	}
+	require.NoError(t, plugin.Init())
+
+	var acc testutil.Accumulator
+	require.NoError(t, plugin.Start(&acc))
+	plugin.Stop()
+
+	require.Eventually(t, func() bool {
+		return logger.NMessages() > 0
+	}, 3*time.Second, 100*time.Millisecond)
+
+	warnings := logger.Warnings()
+	require.Contains(t, warnings, "W! [] "+readTimeoutMsg)
+}
+
+func TestUnixgram(t *testing.T) {
+	if runtime.GOOS == "windows" {
+		t.Skip("Skipping test as unixgram is not supported on Windows")
+	}
+
+	// Create the socket
+	sock := testutil.TempSocket(t)
+	f, err := os.Create(sock)
+	require.NoError(t, err)
+	defer f.Close()
+
+	// Setup plugin and start it
+	plugin := &Syslog{
+		Address: "unixgram://" + sock,
+		Trailer: nontransparent.LF,
+		Log:     testutil.Logger{},
+	}
+	require.NoError(t, plugin.Init())
+
+	var acc testutil.Accumulator
+	require.NoError(t, plugin.Start(&acc))
+	defer plugin.Stop()
+
+	// Send the message
+	//nolint:lll // conditionally long lines allowed
+	msg := `<29>1 2016-02-21T04:32:57+00:00 web1 someservice 2341 2 [origin][meta sequence="14125553" service="someservice"] "GET /v1/ok HTTP/1.1" 200 145 "-" "hacheck 0.9.0" 24306 127.0.0.1:40124 575`
+	client, err := net.Dial("unixgram", sock)
+	require.NoError(t, err)
+	defer client.Close()
+	_, err = client.Write([]byte(msg))
+	require.NoError(t, err)
+
+	// Do the comparison
+	expected := []telegraf.Metric{
+		metric.New(
+			"syslog",
+			map[string]string{
+				"severity": "notice",
+				"facility": "daemon",
+				"hostname": "web1",
+				"appname":  "someservice",
+			},
+			map[string]interface{}{
+				"version":       uint16(1),
+				"timestamp":     time.Unix(1456029177, 0).UnixNano(),
+				"procid":        "2341",
+				"msgid":         "2",
+				"message":       `"GET /v1/ok HTTP/1.1" 200 145 "-" "hacheck 0.9.0" 24306 127.0.0.1:40124 575`,
+				"origin":        true,
+				"meta_sequence": "14125553",
+				"meta_service":  "someservice",
+				"severity_code": 5,
+				"facility_code": 3,
+			},
+			time.Unix(0, 0),
+		),
+	}
+
+	client.Close()
+
+	// Check the metric nevertheless as we might get some metrics despite errors.
+	require.Eventually(t, func() bool {
+		return int(acc.NMetrics()) >= len(expected)
+	}, 3*time.Second, 100*time.Millisecond)
+	plugin.Stop()
+
+	actual := acc.GetTelegrafMetrics()
+	testutil.RequireMetricsEqual(t, expected, actual, testutil.IgnoreTime())
+}
+
+func TestCases(t *testing.T) {
+	// Get all directories in testdata
+	folders, err := os.ReadDir("testcases")
+	require.NoError(t, err)
+
+	// Register the plugin
+	inputs.Add("syslog", func() telegraf.Input {
+		return &Syslog{
+			Trailer: nontransparent.LF,
+			Log:     testutil.Logger{},
+		}
+	})
+
+	for _, f := range folders {
+		// Only handle folders
+		if !f.IsDir() {
+			continue
+		}
+
+		t.Run(f.Name(), func(t *testing.T) {
+			testcasePath := filepath.Join("testcases", f.Name())
+			configFilename := filepath.Join(testcasePath, "telegraf.conf")
+			inputFilenamePattern := filepath.Join(testcasePath, "input*.txt")
+			expectedFilename := filepath.Join(testcasePath, "expected.out")
+			expectedErrorFilename := filepath.Join(testcasePath, "expected.err")
+
+			// Prepare the influx parser for expectations
+			parser := &parsers_influx_upstream.Parser{}
+			require.NoError(t, parser.Init())
+
+			// Read the input data
+			inputFiles, err := filepath.Glob(inputFilenamePattern)
+			require.NoError(t, err)
+			require.NotEmpty(t, inputFiles)
+			sort.Strings(inputFiles)
+			messages := make([][]byte, 0, len(inputFiles))
+			for _, fn := range inputFiles {
+				data, err := os.ReadFile(fn)
+				require.NoErrorf(t, err, "failed file: %s", fn)
+				messages = append(messages, data)
+			}
+
+			// Read the expected output if any
+			var expected []telegraf.Metric
+			if _, err := os.Stat(expectedFilename); err == nil {
+				var err error
+				expected, err = testutil.ParseMetricsFromFile(expectedFilename, parser)
+				require.NoError(t, err)
+			}
+
+			// Read the expected error if any
+			var expectedError string
+			if _, err := os.Stat(expectedErrorFilename); err == nil {
+				buf, err := os.ReadFile(expectedErrorFilename)
+				require.NoError(t, err)
+				require.NotEmpty(t, buf)
+				expectedError = string(buf)
+			}
+
+			// Configure the plugin and start it
+			cfg := config.NewConfig()
+			require.NoError(t, cfg.LoadConfig(configFilename))
+			require.Len(t, cfg.Inputs, 1)
+			plugin := cfg.Inputs[0].Input.(*Syslog)
+			// Replace the TLS config with the known PKI infrastructure
+			if plugin.ServerConfig.TLSCert != "" {
+				plugin.ServerConfig = *pki.TLSServerConfig()
+			}
+
+			// Determine server properties. We need to parse the address before
+			// calling Start() as it is modified in this function.
+			if strings.HasPrefix(plugin.Address, "unix://") {
+				// Use a random socket
+				sock := filepath.ToSlash(testutil.TempSocket(t))
+				if !strings.HasPrefix(sock, "/") {
+					sock = "/" + sock
+				}
+				plugin.Address = "unix://" + sock
+			}
+			require.NoError(t, plugin.Init())
+
+			var acc testutil.Accumulator
+			require.NoError(t, plugin.Start(&acc))
+			defer plugin.Stop()
+
+			// Get the address
+			addr := plugin.socket.Address().String()
+
+			// Create a fake sender
+			var client net.Conn
+			srvTLS, err := plugin.TLSConfig()
+			require.NoError(t, err)
+			if srvTLS != nil {
+				tlscfg, err := pki.TLSClientConfig().TLSConfig()
+				require.NoError(t, err)
+				tlscfg.ServerName = "localhost"
+
+				client, err = tls.Dial(plugin.url.Scheme, addr, tlscfg)
+				require.NoError(t, err)
+			} else {
+				client, err = net.Dial(plugin.url.Scheme, addr)
+				require.NoError(t, err)
+			}
+			defer client.Close()
+
+			// Send the data and afterwards stop client and plugin
+			for i, msg := range messages {
+				_, err := client.Write(msg)
+				require.NoErrorf(t, err, "message %d failed with content %q", i, string(msg))
+			}
+			client.Close()
+
+			// Check the metric nevertheless as we might get some metrics despite errors.
+			require.Eventually(t, func() bool {
+				return int(acc.NMetrics()) >= len(expected)
+			}, 3*time.Second, 100*time.Millisecond)
+			plugin.Stop()
+
+			actual := acc.GetTelegrafMetrics()
+			testutil.RequireMetricsEqual(t, expected, actual, testutil.IgnoreTime())
+
+			// Check for errors
+			if expectedError != "" {
+				require.NotEmpty(t, acc.Errors)
+				var found bool
+				for _, err := range acc.Errors {
+					found = found || strings.Contains(err.Error(), expectedError)
+				}
+				require.Truef(t, found, "expected error %q not found in errors %v", expectedError, acc.Errors)
+			} else {
+				require.Empty(t, acc.Errors)
+			}
+		})
+	}
+}
+
+func TestSocketClosed(t *testing.T) {
+	// Setup the plugin
+	plugin := &Syslog{
+		Address: "tcp://127.0.0.1:0",
+		Config: socket.Config{
+			ReadTimeout: config.Duration(10 * time.Millisecond),
+		},
+		Log: testutil.Logger{},
+	}
+	require.NoError(t, plugin.Init())
+
+	var acc testutil.Accumulator
+	require.NoError(t, plugin.Start(&acc))
+	defer plugin.Stop()
+
+	// Get the address
+	addr := plugin.socket.Address().String()
+
+	// Create a fake sender
+	client, err := net.Dial("tcp", addr)
+	require.NoError(t, err)
+	defer client.Close()
+
+	// Send a message to check if the socket is really active
+	msg := []byte(`72 <13>1 2024-02-15T11:12:24.718151+01:00 Hugin sven - - [] Connection test`)
+	_, err = client.Write(msg)
+	require.NoError(t, err)
+
+	// Stop the plugin and check if the socket is closed and unreachable
+	plugin.Stop()
+
+	require.Eventually(t, func() bool {
+		_, err := client.Write(msg)
+		return err != nil
+	}, 3*time.Second, 100*time.Millisecond)
+}
+
+func TestIssue10121(t *testing.T) {
+	// Setup the plugin
+	plugin := &Syslog{
+		Address: "tcp://127.0.0.1:0",
+		Config: socket.Config{
+			ReadTimeout: config.Duration(10 * time.Millisecond),
+		},
+		Log: testutil.Logger{},
+	}
+	require.NoError(t, plugin.Init())
+
+	var acc testutil.Accumulator
+	require.NoError(t, plugin.Start(&acc))
+	defer plugin.Stop()
+
+	// Get the address
+	addr := plugin.socket.Address().String()
+
+	// Create a fake sender
+	client, err := net.Dial("tcp", addr)
+	require.NoError(t, err)
+	defer client.Close()
+
+	// Messages should eventually timeout
+	msg := []byte(`72 <13>1 2024-02-15T11:12:24.718151+01:00 Hugin sven - - [] Connection test`)
+	require.Eventually(t, func() bool {
+		_, err := client.Write(msg)
+		return err != nil
+	}, 3*time.Second, 250*time.Millisecond)
+}

plugins/inputs/syslog/testcases/non_transparent_best_effort_tcp_1st_avg_ok/expected.out

@@ -0,0 +1 @@
+syslog,appname=someservice,facility=daemon,hostname=web1,severity=notice,source=127.0.0.1 facility_code=3i,message="\"GET /v1/ok HTTP/1.1\" 200 145 \"-\" \"hacheck 0.9.0\" 24306 127.0.0.1:40124 575",meta_sequence="14125553",meta_service="someservice",msgid="2",origin=true,procid="2341",severity_code=5i,timestamp=1456029177000000000i,version=1u 0

plugins/inputs/syslog/testcases/non_transparent_best_effort_tcp_1st_avg_ok/input.txt

@@ -0,0 +1 @@
+<29>1 2016-02-21T04:32:57+00:00 web1 someservice 2341 2 [origin][meta sequence="14125553" service="someservice"] "GET /v1/ok HTTP/1.1" 200 145 "-" "hacheck 0.9.0" 24306 127.0.0.1:40124 575

plugins/inputs/syslog/testcases/non_transparent_best_effort_tcp_1st_avg_ok/telegraf.conf

@@ -0,0 +1,4 @@
+[[inputs.syslog]]
+  server = "tcp://127.0.0.1:0"
+  framing = "non-transparent"
+  best_effort = true

plugins/inputs/syslog/testcases/non_transparent_best_effort_tcp_1st_min_ok_2nd_min_ok/expected.out

@@ -0,0 +1,2 @@
+syslog,facility=kern,severity=alert,source=127.0.0.1 facility_code=0i,severity_code=1i,version=2u 0
+syslog,facility=kern,severity=warning,source=127.0.0.1 facility_code=0i,severity_code=4i,version=11u 1

plugins/inputs/syslog/testcases/non_transparent_best_effort_tcp_1st_min_ok_2nd_min_ok/input.txt

@@ -0,0 +1,2 @@
+<1>2 - - - - - -
+<4>11 - - - - - -

plugins/inputs/syslog/testcases/non_transparent_best_effort_tcp_1st_min_ok_2nd_min_ok/telegraf.conf

@@ -0,0 +1,4 @@
+[[inputs.syslog]]
+  server = "tcp://127.0.0.1:0"
+  framing = "non-transparent"
+  best_effort = true

plugins/inputs/syslog/testcases/non_transparent_best_effort_tcptls_1st_avg_ok/expected.out

@@ -0,0 +1 @@
+syslog,appname=someservice,facility=daemon,hostname=web1,severity=notice,source=127.0.0.1 facility_code=3i,message="\"GET /v1/ok HTTP/1.1\" 200 145 \"-\" \"hacheck 0.9.0\" 24306 127.0.0.1:40124 575",meta_sequence="14125553",meta_service="someservice",msgid="2",origin=true,procid="2341",severity_code=5i,timestamp=1456029177000000000i,version=1u 0

plugins/inputs/syslog/testcases/non_transparent_best_effort_tcptls_1st_avg_ok/input.txt

@@ -0,0 +1 @@
+<29>1 2016-02-21T04:32:57+00:00 web1 someservice 2341 2 [origin][meta sequence="14125553" service="someservice"] "GET /v1/ok HTTP/1.1" 200 145 "-" "hacheck 0.9.0" 24306 127.0.0.1:40124 575

plugins/inputs/syslog/testcases/non_transparent_best_effort_tcptls_1st_avg_ok/telegraf.conf

@@ -0,0 +1,5 @@
+[[inputs.syslog]]
+  server = "tcp://127.0.0.1:0"
+  framing = "non-transparent"
+  best_effort = true
+  tls_cert = "dummy.cert"

plugins/inputs/syslog/testcases/non_transparent_best_effort_tcptls_1st_min_ok_2nd_min_ok/expected.out

@@ -0,0 +1,2 @@
+syslog,facility=kern,severity=alert,source=127.0.0.1 facility_code=0i,severity_code=1i,version=2u 0
+syslog,facility=kern,severity=warning,source=127.0.0.1 facility_code=0i,severity_code=4i,version=11u 1

plugins/inputs/syslog/testcases/non_transparent_best_effort_tcptls_1st_min_ok_2nd_min_ok/input.txt

@@ -0,0 +1,2 @@
+<1>2 - - - - - -
+<4>11 - - - - - -

plugins/inputs/syslog/testcases/non_transparent_best_effort_tcptls_1st_min_ok_2nd_min_ok/telegraf.conf

@@ -0,0 +1,5 @@
+[[inputs.syslog]]
+  server = "tcp://127.0.0.1:0"
+  framing = "non-transparent"
+  best_effort = true
+  tls_cert = "dummy.cert"

plugins/inputs/syslog/testcases/non_transparent_best_effort_unix/expected.out

@@ -0,0 +1 @@
+syslog,appname=someservice,facility=daemon,hostname=web1,severity=notice facility_code=3i,message="\"GET /v1/ok HTTP/1.1\" 200 145 \"-\" \"hacheck 0.9.0\" 24306 127.0.0.1:40124 575",meta_sequence="14125553",meta_service="someservice",msgid="2",origin=true,procid="2341",severity_code=5i,timestamp=1456029177000000000i,version=1u 0

plugins/inputs/syslog/testcases/non_transparent_best_effort_unix/input.txt

@@ -0,0 +1 @@
+<29>1 2016-02-21T04:32:57+00:00 web1 someservice 2341 2 [origin][meta sequence="14125553" service="someservice"] "GET /v1/ok HTTP/1.1" 200 145 "-" "hacheck 0.9.0" 24306 127.0.0.1:40124 575

plugins/inputs/syslog/testcases/non_transparent_best_effort_unix/telegraf.conf

@@ -0,0 +1,4 @@
+[[inputs.syslog]]
+  server = "unix:///some/random/socket"
+  framing = "non-transparent"
+  best_effort = true

plugins/inputs/syslog/testcases/non_transparent_best_effort_unixtls/expected.out

@@ -0,0 +1 @@
+syslog,appname=someservice,facility=daemon,hostname=web1,severity=notice facility_code=3i,message="\"GET /v1/ok HTTP/1.1\" 200 145 \"-\" \"hacheck 0.9.0\" 24306 127.0.0.1:40124 575",meta_sequence="14125553",meta_service="someservice",msgid="2",origin=true,procid="2341",severity_code=5i,timestamp=1456029177000000000i,version=1u 0

plugins/inputs/syslog/testcases/non_transparent_best_effort_unixtls/input.txt

@@ -0,0 +1 @@
+<29>1 2016-02-21T04:32:57+00:00 web1 someservice 2341 2 [origin][meta sequence="14125553" service="someservice"] "GET /v1/ok HTTP/1.1" 200 145 "-" "hacheck 0.9.0" 24306 127.0.0.1:40124 575

plugins/inputs/syslog/testcases/non_transparent_best_effort_unixtls/telegraf.conf

@@ -0,0 +1,5 @@
+[[inputs.syslog]]
+  server = "unix:///some/random/socket"
+  framing = "non-transparent"
+  best_effort = true
+  tls_cert = "dummy.cert"

plugins/inputs/syslog/testcases/non_transparent_strict_tcp_1st_avg_ok/expected.out

@@ -0,0 +1 @@
+syslog,appname=someservice,facility=daemon,hostname=web1,severity=notice,source=127.0.0.1 facility_code=3i,message="\"GET /v1/ok HTTP/1.1\" 200 145 \"-\" \"hacheck 0.9.0\" 24306 127.0.0.1:40124 575",meta_sequence="14125553",meta_service="someservice",msgid="2",origin=true,procid="2341",severity_code=5i,timestamp=1456029177000000000i,version=1u 0

plugins/inputs/syslog/testcases/non_transparent_strict_tcp_1st_avg_ok/input.txt

@@ -0,0 +1 @@
+<29>1 2016-02-21T04:32:57+00:00 web1 someservice 2341 2 [origin][meta sequence="14125553" service="someservice"] "GET /v1/ok HTTP/1.1" 200 145 "-" "hacheck 0.9.0" 24306 127.0.0.1:40124 575

plugins/inputs/syslog/testcases/non_transparent_strict_tcp_1st_avg_ok/telegraf.conf

@@ -0,0 +1,3 @@
+[[inputs.syslog]]
+  server = "tcp://127.0.0.1:0"
+  framing = "non-transparent"

plugins/inputs/syslog/testcases/non_transparent_strict_tcp_1st_min_ok_2nd_min_ok/expected.out

@@ -0,0 +1,2 @@
+syslog,facility=kern,severity=alert,source=127.0.0.1 facility_code=0i,severity_code=1i,version=2u 0
+syslog,facility=kern,severity=warning,source=127.0.0.1 facility_code=0i,severity_code=4i,version=11u 1

plugins/inputs/syslog/testcases/non_transparent_strict_tcp_1st_min_ok_2nd_min_ok/input.txt

@@ -0,0 +1,2 @@
+<1>2 - - - - - -
+<4>11 - - - - - -

plugins/inputs/syslog/testcases/non_transparent_strict_tcp_1st_min_ok_2nd_min_ok/telegraf.conf

@@ -0,0 +1,3 @@
+[[inputs.syslog]]
+  server = "tcp://127.0.0.1:0"
+  framing = "non-transparent"

plugins/inputs/syslog/testcases/non_transparent_strict_tcptls_1st_avg_ok/expected.out

@@ -0,0 +1 @@
+syslog,appname=someservice,facility=daemon,hostname=web1,severity=notice,source=127.0.0.1 facility_code=3i,message="\"GET /v1/ok HTTP/1.1\" 200 145 \"-\" \"hacheck 0.9.0\" 24306 127.0.0.1:40124 575",meta_sequence="14125553",meta_service="someservice",msgid="2",origin=true,procid="2341",severity_code=5i,timestamp=1456029177000000000i,version=1u 0

plugins/inputs/syslog/testcases/non_transparent_strict_tcptls_1st_avg_ok/input.txt

@@ -0,0 +1 @@
+<29>1 2016-02-21T04:32:57+00:00 web1 someservice 2341 2 [origin][meta sequence="14125553" service="someservice"] "GET /v1/ok HTTP/1.1" 200 145 "-" "hacheck 0.9.0" 24306 127.0.0.1:40124 575

plugins/inputs/syslog/testcases/non_transparent_strict_tcptls_1st_avg_ok/telegraf.conf

@@ -0,0 +1,4 @@
+[[inputs.syslog]]
+  server = "tcp://127.0.0.1:0"
+  framing = "non-transparent"
+  tls_cert = "dummy.cert"

plugins/inputs/syslog/testcases/non_transparent_strict_tcptls_1st_min_ok_2nd_min_ok/expected.out

@@ -0,0 +1,2 @@
+syslog,facility=kern,severity=alert,source=127.0.0.1 facility_code=0i,severity_code=1i,version=2u 0
+syslog,facility=kern,severity=warning,source=127.0.0.1 facility_code=0i,severity_code=4i,version=11u 1

plugins/inputs/syslog/testcases/non_transparent_strict_tcptls_1st_min_ok_2nd_min_ok/input.txt

@@ -0,0 +1,2 @@
+<1>2 - - - - - -
+<4>11 - - - - - -

plugins/inputs/syslog/testcases/non_transparent_strict_tcptls_1st_min_ok_2nd_min_ok/telegraf.conf

@@ -0,0 +1,4 @@
+[[inputs.syslog]]
+  server = "tcp://127.0.0.1:0"
+  framing = "non-transparent"
+  tls_cert = "dummy.cert"

plugins/inputs/syslog/testcases/non_transparent_strict_unix/expected.out

@@ -0,0 +1 @@
+syslog,appname=someservice,facility=daemon,hostname=web1,severity=notice facility_code=3i,message="\"GET /v1/ok HTTP/1.1\" 200 145 \"-\" \"hacheck 0.9.0\" 24306 127.0.0.1:40124 575",meta_sequence="14125553",meta_service="someservice",msgid="2",origin=true,procid="2341",severity_code=5i,timestamp=1456029177000000000i,version=1u 0

plugins/inputs/syslog/testcases/non_transparent_strict_unix/input.txt

@@ -0,0 +1 @@
+<29>1 2016-02-21T04:32:57+00:00 web1 someservice 2341 2 [origin][meta sequence="14125553" service="someservice"] "GET /v1/ok HTTP/1.1" 200 145 "-" "hacheck 0.9.0" 24306 127.0.0.1:40124 575

plugins/inputs/syslog/testcases/non_transparent_strict_unix/telegraf.conf

@@ -0,0 +1,3 @@
+[[inputs.syslog]]
+  server = "unix:///some/random/socket"
+  framing = "non-transparent"

plugins/inputs/syslog/testcases/non_transparent_strict_unixtls/expected.out

@@ -0,0 +1 @@
+syslog,appname=someservice,facility=daemon,hostname=web1,severity=notice facility_code=3i,message="\"GET /v1/ok HTTP/1.1\" 200 145 \"-\" \"hacheck 0.9.0\" 24306 127.0.0.1:40124 575",meta_sequence="14125553",meta_service="someservice",msgid="2",origin=true,procid="2341",severity_code=5i,timestamp=1456029177000000000i,version=1u 0

plugins/inputs/syslog/testcases/non_transparent_strict_unixtls/input.txt

@@ -0,0 +1 @@
+<29>1 2016-02-21T04:32:57+00:00 web1 someservice 2341 2 [origin][meta sequence="14125553" service="someservice"] "GET /v1/ok HTTP/1.1" 200 145 "-" "hacheck 0.9.0" 24306 127.0.0.1:40124 575

plugins/inputs/syslog/testcases/non_transparent_strict_unixtls/telegraf.conf

@@ -0,0 +1,4 @@
+[[inputs.syslog]]
+  server = "unix:///some/random/socket"
+  framing = "non-transparent"
+  tls_cert = "dummy.cert"

plugins/inputs/syslog/testcases/octet_counting_best_effort_tcp_1st_avg_ok/expected.out

@@ -0,0 +1 @@
+syslog,appname=someservice,facility=daemon,hostname=web1,severity=notice,source=127.0.0.1 facility_code=3i,message="\"GET /v1/ok HTTP/1.1\" 200 145 \"-\" \"hacheck 0.9.0\" 24306 127.0.0.1:40124 575",meta_sequence="14125553",meta_service="someservice",msgid="2",origin=true,procid="2341",severity_code=5i,timestamp=1456029177000000000i,version=1u 0

plugins/inputs/syslog/testcases/octet_counting_best_effort_tcp_1st_avg_ok/input.txt

@@ -0,0 +1 @@
+188 <29>1 2016-02-21T04:32:57+00:00 web1 someservice 2341 2 [origin][meta sequence="14125553" service="someservice"] "GET /v1/ok HTTP/1.1" 200 145 "-" "hacheck 0.9.0" 24306 127.0.0.1:40124 575

plugins/inputs/syslog/testcases/octet_counting_best_effort_tcp_1st_avg_ok/telegraf.conf

@@ -0,0 +1,3 @@
+[[inputs.syslog]]
+  server = "tcp://127.0.0.1:0"
+  best_effort = true

plugins/inputs/syslog/testcases/octet_counting_best_effort_tcp_1st_max_ok/telegraf.conf

@@ -0,0 +1,3 @@
+[[inputs.syslog]]
+  server = "tcp://127.0.0.1:0"
+  best_effort = true

plugins/inputs/syslog/testcases/octet_counting_best_effort_tcp_1st_min_ok/expected.out

@@ -0,0 +1 @@
+syslog,facility=kern,severity=alert,source=127.0.0.1 facility_code=0i,severity_code=1i,version=1u 0

plugins/inputs/syslog/testcases/octet_counting_best_effort_tcp_1st_min_ok/input.txt

@@ -0,0 +1 @@
+16 <1>1 - - - - - -

plugins/inputs/syslog/testcases/octet_counting_best_effort_tcp_1st_min_ok/telegraf.conf

@@ -0,0 +1,3 @@
+[[inputs.syslog]]
+  server = "tcp://127.0.0.1:0"
+  best_effort = true

plugins/inputs/syslog/testcases/octet_counting_best_effort_tcp_1st_min_ok_2nd_min_ok/expected.out

@@ -0,0 +1,2 @@
+syslog,facility=kern,severity=alert,source=127.0.0.1 facility_code=0i,severity_code=1i,version=2u 0
+syslog,facility=kern,severity=warning,source=127.0.0.1 facility_code=0i,severity_code=4i,version=11u 1

plugins/inputs/syslog/testcases/octet_counting_best_effort_tcp_1st_min_ok_2nd_min_ok/input.txt

@@ -0,0 +1 @@
+16 <1>2 - - - - - -17 <4>11 - - - - - -

plugins/inputs/syslog/testcases/octet_counting_best_effort_tcp_1st_min_ok_2nd_min_ok/telegraf.conf

@@ -0,0 +1,3 @@
+[[inputs.syslog]]
+  server = "tcp://127.0.0.1:0"
+  best_effort = true

plugins/inputs/syslog/testcases/octet_counting_best_effort_tcp_1st_newline_ok/expected.out

@@ -0,0 +1 @@
+syslog,facility=kern,severity=alert,source=127.0.0.1 facility_code=0i,message="hello\nworld",severity_code=1i,version=3u 0

plugins/inputs/syslog/testcases/octet_counting_best_effort_tcp_1st_newline_ok/input.txt

@@ -0,0 +1,2 @@
+28 <1>3 - - - - - - hello
+world

plugins/inputs/syslog/testcases/octet_counting_best_effort_tcp_1st_newline_ok/telegraf.conf

@@ -0,0 +1,3 @@
+[[inputs.syslog]]
+  server = "tcp://127.0.0.1:0"
+  best_effort = true

plugins/inputs/syslog/testcases/octet_counting_best_effort_tcp_1st_underflow_malfunction/expected.err

@@ -0,0 +1 @@
+expecting a RFC3339MICRO timestamp or a nil value

plugins/inputs/syslog/testcases/octet_counting_best_effort_tcp_1st_underflow_malfunction/expected.out

@@ -0,0 +1 @@
+syslog,facility=kern,severity=alert,source=127.0.0.1 facility_code=0i,severity_code=1i,version=217u 0

plugins/inputs/syslog/testcases/octet_counting_best_effort_tcp_1st_underflow_malfunction/input.txt

@@ -0,0 +1 @@
+16 <1>217 <11>1 - - - - - -

plugins/inputs/syslog/testcases/octet_counting_best_effort_tcp_1st_underflow_malfunction/telegraf.conf

@@ -0,0 +1,3 @@
+[[inputs.syslog]]
+  server = "tcp://127.0.0.1:0"
+  best_effort = true

plugins/inputs/syslog/testcases/octet_counting_best_effort_tcp_1st_underflow_nok/expected.err

@@ -0,0 +1 @@
+parsing error [col 4]

plugins/inputs/syslog/testcases/octet_counting_best_effort_tcp_1st_underflow_nok/expected.out

@@ -0,0 +1 @@
+syslog,facility=kern,severity=alert,source=127.0.0.1 facility_code=0i,severity_code=1i,version=2u 0

plugins/inputs/syslog/testcases/octet_counting_best_effort_tcp_1st_underflow_nok/input.txt

@@ -0,0 +1 @@
+16 <1>2

plugins/inputs/syslog/testcases/octet_counting_best_effort_tcp_1st_underflow_nok/telegraf.conf

@@ -0,0 +1,3 @@
+[[inputs.syslog]]
+  server = "tcp://127.0.0.1:0"
+  best_effort = true

plugins/inputs/syslog/testcases/octet_counting_best_effort_tcp_1st_utf8_ok/expected.out

@@ -0,0 +1 @@
+syslog,facility=kern,severity=alert,source=127.0.0.1 facility_code=0i,message="hellø",severity_code=1i,version=1u 0

plugins/inputs/syslog/testcases/octet_counting_best_effort_tcp_1st_utf8_ok/input.txt

@@ -0,0 +1 @@
+23 <1>1 - - - - - - hellø

plugins/inputs/syslog/testcases/octet_counting_best_effort_tcp_1st_utf8_ok/telegraf.conf

@@ -0,0 +1,3 @@
+[[inputs.syslog]]
+  server = "tcp://127.0.0.1:0"
+  best_effort = true

plugins/inputs/syslog/testcases/octet_counting_best_effort_tcptls/expected.out

@@ -0,0 +1 @@
+syslog,appname=someservice,facility=daemon,hostname=web1,severity=notice,source=127.0.0.1 facility_code=3i,message="\"GET /v1/ok HTTP/1.1\" 200 145 \"-\" \"hacheck 0.9.0\" 24306 127.0.0.1:40124 575",meta_sequence="14125553",meta_service="someservice",msgid="2",origin=true,procid="2341",severity_code=5i,timestamp=1456029177000000000i,version=1u 0

plugins/inputs/syslog/testcases/octet_counting_best_effort_tcptls/input.txt

@@ -0,0 +1 @@
+188 <29>1 2016-02-21T04:32:57+00:00 web1 someservice 2341 2 [origin][meta sequence="14125553" service="someservice"] "GET /v1/ok HTTP/1.1" 200 145 "-" "hacheck 0.9.0" 24306 127.0.0.1:40124 575

plugins/inputs/syslog/testcases/octet_counting_best_effort_tcptls/telegraf.conf

@@ -0,0 +1,4 @@
+[[inputs.syslog]]
+  server = "tcp://127.0.0.1:0"
+  tls_cert = "dummy.cert"
+  best_effort = true

plugins/inputs/syslog/testcases/octet_counting_best_effort_unix/expected.out

@@ -0,0 +1 @@
+syslog,appname=someservice,facility=daemon,hostname=web1,severity=notice facility_code=3i,message="\"GET /v1/ok HTTP/1.1\" 200 145 \"-\" \"hacheck 0.9.0\" 24306 127.0.0.1:40124 575",meta_sequence="14125553",meta_service="someservice",msgid="2",origin=true,procid="2341",severity_code=5i,timestamp=1456029177000000000i,version=1u 0

plugins/inputs/syslog/testcases/octet_counting_best_effort_unix/input.txt

@@ -0,0 +1 @@
+188 <29>1 2016-02-21T04:32:57+00:00 web1 someservice 2341 2 [origin][meta sequence="14125553" service="someservice"] "GET /v1/ok HTTP/1.1" 200 145 "-" "hacheck 0.9.0" 24306 127.0.0.1:40124 575

plugins/inputs/syslog/testcases/octet_counting_best_effort_unix/telegraf.conf

@@ -0,0 +1,3 @@
+[[inputs.syslog]]
+  server = "unix:///some/random/socket"
+  best_effort = true

plugins/inputs/syslog/testcases/octet_counting_best_effort_unixtls/expected.out

@@ -0,0 +1 @@
+syslog,appname=someservice,facility=daemon,hostname=web1,severity=notice facility_code=3i,message="\"GET /v1/ok HTTP/1.1\" 200 145 \"-\" \"hacheck 0.9.0\" 24306 127.0.0.1:40124 575",meta_sequence="14125553",meta_service="someservice",msgid="2",origin=true,procid="2341",severity_code=5i,timestamp=1456029177000000000i,version=1u 0

plugins/inputs/syslog/testcases/octet_counting_best_effort_unixtls/input.txt

@@ -0,0 +1 @@
+188 <29>1 2016-02-21T04:32:57+00:00 web1 someservice 2341 2 [origin][meta sequence="14125553" service="someservice"] "GET /v1/ok HTTP/1.1" 200 145 "-" "hacheck 0.9.0" 24306 127.0.0.1:40124 575

plugins/inputs/syslog/testcases/octet_counting_best_effort_unixtls/telegraf.conf

@@ -0,0 +1,4 @@
+[[inputs.syslog]]
+  server = "unix:///some/random/socket"
+  tls_cert = "dummy.cert"
+  best_effort = true

plugins/inputs/syslog/testcases/octet_counting_strict_tcp_1st_avg_ok/expected.out

@@ -0,0 +1 @@
+syslog,appname=someservice,facility=daemon,hostname=web1,severity=notice,source=127.0.0.1 facility_code=3i,message="\"GET /v1/ok HTTP/1.1\" 200 145 \"-\" \"hacheck 0.9.0\" 24306 127.0.0.1:40124 575",meta_sequence="14125553",meta_service="someservice",msgid="2",origin=true,procid="2341",severity_code=5i,timestamp=1456029177000000000i,version=1u 0

plugins/inputs/syslog/testcases/octet_counting_strict_tcp_1st_avg_ok/input.txt

@@ -0,0 +1 @@
+188 <29>1 2016-02-21T04:32:57+00:00 web1 someservice 2341 2 [origin][meta sequence="14125553" service="someservice"] "GET /v1/ok HTTP/1.1" 200 145 "-" "hacheck 0.9.0" 24306 127.0.0.1:40124 575

plugins/inputs/syslog/testcases/octet_counting_strict_tcp_1st_avg_ok/telegraf.conf

@@ -0,0 +1,2 @@
+[[inputs.syslog]]
+  server = "tcp://127.0.0.1:0"

plugins/inputs/syslog/testcases/octet_counting_strict_tcp_1st_max_ok/telegraf.conf

@@ -0,0 +1,2 @@
+[[inputs.syslog]]
+  server = "tcp://127.0.0.1:0"

plugins/inputs/syslog/testcases/octet_counting_strict_tcp_1st_min_ok/expected.out

@@ -0,0 +1 @@
+syslog,facility=kern,severity=alert,source=127.0.0.1 facility_code=0i,severity_code=1i,version=1u 0

plugins/inputs/syslog/testcases/octet_counting_strict_tcp_1st_min_ok/input.txt

@@ -0,0 +1 @@
+16 <1>1 - - - - - -

plugins/inputs/syslog/testcases/octet_counting_strict_tcp_1st_min_ok/telegraf.conf

@@ -0,0 +1,2 @@
+[[inputs.syslog]]
+  server = "tcp://127.0.0.1:0"

plugins/inputs/syslog/testcases/octet_counting_strict_tcp_1st_min_ok_2nd_min_ok/expected.out

@@ -0,0 +1,2 @@
+syslog,facility=kern,severity=alert,source=127.0.0.1 facility_code=0i,severity_code=1i,version=2u 0
+syslog,facility=kern,severity=warning,source=127.0.0.1 facility_code=0i,severity_code=4i,version=11u 1

plugins/inputs/syslog/testcases/octet_counting_strict_tcp_1st_min_ok_2nd_min_ok/input.txt

@@ -0,0 +1 @@
+16 <1>2 - - - - - -17 <4>11 - - - - - -

plugins/inputs/syslog/testcases/octet_counting_strict_tcp_1st_min_ok_2nd_min_ok/telegraf.conf

@@ -0,0 +1,2 @@
+[[inputs.syslog]]
+  server = "tcp://127.0.0.1:0"

plugins/inputs/syslog/testcases/octet_counting_strict_tcp_1st_newline_ok/expected.out

@@ -0,0 +1 @@
+syslog,facility=kern,severity=alert,source=127.0.0.1 facility_code=0i,message="hello\nworld",severity_code=1i,version=3u 0

plugins/inputs/syslog/testcases/octet_counting_strict_tcp_1st_newline_ok/input.txt

@@ -0,0 +1,2 @@
+28 <1>3 - - - - - - hello
+world

plugins/inputs/syslog/testcases/octet_counting_strict_tcp_1st_newline_ok/telegraf.conf

@@ -0,0 +1,2 @@
+[[inputs.syslog]]
+  server = "tcp://127.0.0.1:0"

plugins/inputs/syslog/testcases/octet_counting_strict_tcp_1st_underflow_malfunction/expected.err

@@ -0,0 +1 @@
+expecting a RFC3339MICRO timestamp or a nil value

plugins/inputs/syslog/testcases/octet_counting_strict_tcp_1st_underflow_malfunction/input.txt

@@ -0,0 +1 @@
+16 <1>217 <11>1 - - - - - -

plugins/inputs/syslog/testcases/octet_counting_strict_tcp_1st_underflow_malfunction/telegraf.conf

@@ -0,0 +1,2 @@
+[[inputs.syslog]]
+  server = "tcp://127.0.0.1:0"

plugins/inputs/syslog/testcases/octet_counting_strict_tcp_1st_underflow_nok/expected.err

@@ -0,0 +1 @@
+found EOF after "<1>2", expecting a SYSLOGMSG containing 16 octets

plugins/inputs/syslog/testcases/octet_counting_strict_tcp_1st_underflow_nok/input.txt

@@ -0,0 +1 @@
+16 <1>2

plugins/inputs/syslog/testcases/octet_counting_strict_tcp_1st_underflow_nok/telegraf.conf

@@ -0,0 +1,2 @@
+[[inputs.syslog]]
+  server = "tcp://127.0.0.1:0"

plugins/inputs/syslog/testcases/octet_counting_strict_tcp_1st_utf8_ok/expected.out

@@ -0,0 +1 @@
+syslog,facility=kern,severity=alert,source=127.0.0.1 facility_code=0i,message="hellø",severity_code=1i,version=1u 0

plugins/inputs/syslog/testcases/octet_counting_strict_tcp_1st_utf8_ok/input.txt

@@ -0,0 +1 @@
+23 <1>1 - - - - - - hellø

plugins/inputs/syslog/testcases/octet_counting_strict_tcp_1st_utf8_ok/telegraf.conf

@@ -0,0 +1,2 @@
+[[inputs.syslog]]
+  server = "tcp://127.0.0.1:0"