This module implements an RFC 3164 IETF Syslog Protocol parser in Rust. The code is a modified fork of the Roguelazer's more complex 5424 parser.

Documentation

This tool supports serializing the parsed messages using serde.

Performance

On a recent system¹, a release build takes approximately 8µs to parse an average message and approximately 300ns to parse the smallest legal message. Debug timings are a bit worse -- about 60µs for an average message and about 8µs for the minimal message. A single-threaded Syslog server should be able to parse at least 100,000 messages/s, as long as you run a separate thread for the parser.

lib.rs:

Parser for RFC 5424 Syslog messages. Not to be confused with the older RFC 3164 BSD Syslog protocol, which many systems still emit.

In particular, supports the Structured Data fields.

Usually, you'll just call the (re-exported) parse_message function with a stringy object.

Example

A simple syslog server

use syslog_rfc3164::parse_message;
use std::net::UdpSocket;
use std::str;

let s = UdpSocket::bind("127.0.0.1:10514").unwrap();
let mut buf = [0u8; 2048];
loop {
    let (data_read, _) = s.recv_from(&mut buf).unwrap();
    let msg = parse_message(str::from_utf8(&buf[0..data_read]).unwrap()).unwrap();
    println!("{:?} {:?} {:?} {:?}", msg.facility, msg.severity, msg.hostname, msg.msg);
}

Unimplemented Features

• Theoretically, you can send arbitrary (non-unicode) bytes for the message part of a syslog message. Rust doesn't have a convenient way to only treat some of a buffer as utf-8, so I'm just not supporting that. Most "real" syslog servers barf on it anway.