Module Syslog_message

Syslog message parser and unparser

Syslog-message is a module for handling syslog messages, as defined in RFC 3164.

The parse function transforms a string to a syslog message t, using a context of default parameters. Such a message can be transformed into a string to_string or pretty printed pp_string, pp.

1.1.0 - homepage

type facility =
| Kernel_Message
| User_Level_Messages
| Mail_System
| System_Daemons
| Security_Authorization_Messages
| Messages_Generated_Internally_By_Syslogd
| Line_Printer_Subsystem
| Network_News_Subsystem
| UUCP_subsystem
| Clock_Daemon
| Security_Authorization_Messages_10
| Ftp_Daemon
| Ntp_Subsystem
| Log_Audit
| Log_Alert
| Clock_Daemon_15
| Local0
| Local1
| Local2
| Local3
| Local4
| Local5
| Local6
| Local7

The type for Facilities

val int_of_facility : facility -> int
val facility_of_int : int -> facility option
val string_of_facility : facility -> string

string_of_facility f is data, the string representation of f.

val pp_print_facility : Stdlib.Format.formatter -> facility -> unit
type severity =
| Emergency
| Alert
| Critical
| Error
| Warning
| Notice
| Informational
| Debug

The type for Severity levels

val int_of_severity : severity -> int
val severity_of_int : int -> severity option
val string_of_severity : severity -> string

string_of_severity s is data, the string representation of s.

val pp_print_severity : Stdlib.Format.formatter -> severity -> unit
type ctx = {
timestamp : Ptime.t;
hostname : string;
set_hostname : bool;
}

ctx provides additional information to the parse function in case one of the sub-parsers fails.

  • timestamp: A timestamp
  • hostname: Hostname, IPv4 or IPv6 address of the sender. "-" if unknown.
  • set_hostname: If true, the parse function will skip its hostname sub-parser and use the hostname from ctx instead.

set_hostname is automatically set by the timestamp sub-parser when it fails, because at this point it is no longer possible to determine the hostname from the input string.

type t = {
facility : facility;
severity : severity;
timestamp : Ptime.t;
hostname : string;
tag : string;
content : string;
}

The type for Syslog messages

val pp : Stdlib.Format.formatter -> t -> unit

pp ppf t prints the syslog message t on ppf.

val to_string : t -> string

to_string t is str, a pretty printed string of syslog message t.

val decode : ctx:ctx -> string -> (t[> Rresult.R.msg ]) Stdlib.result

decode ~ctx data is t, either Ok t, a successfully decoded syslog message, or Error e.

val encode : ?⁠len:int -> t -> string

encode ~len t is data, the encoded syslog message t, truncated to len bytes. If len is 0 the output is not truncated.

Warning: Since version 1.0.0, messages are no longer truncated to 1024 bytes by default.

val encode_local : ?⁠len:int -> t -> string

encode_local ~len t behaves as encode except that the message is formatted for sending to the local syslog daemon (e.g. on /dev/log).

module Rfc3164_Timestamp : sig ... end

RFC 3164 Timestamps