diff --git a/pom.xml b/pom.xml
index 5ae632e..c7f7e17 100644
--- a/pom.xml
+++ b/pom.xml
@@ -10,7 +10,7 @@
com.wizecore.graylog2
graylog-output-syslog
- 3.3.2
+ 4.0.8
jar
graylog-output-syslog
@@ -23,7 +23,7 @@
true
true
true
- 3.3.0
+ 4.0.8
0.9.60
/usr/share/graylog-server/plugin
diff --git a/run-graylog b/run-graylog
index 6f481a4..54ee821 100755
--- a/run-graylog
+++ b/run-graylog
@@ -1,23 +1,27 @@
#!/bin/bash
HERE=$PWD
-GL=~/Downloads/graylog-3.3.1
+GL=~/Downloads/graylog-4.0.8
TT=$GL/tmp
mkdir -p $TT
-#sudo umount $TT
-#sudo mount -o bind,noexec $TT $TT
-#export JAVA_OPTS="-Djava.io.tmpdir=$TT"
-#rm -Rf $GL/data
+sudo umount $TT
+sudo mount -o bind,noexec $TT $TT
+export JAVA_OPTS="-Djava.io.tmpdir=$TT"
+rm -Rf $GL/data
mkdir -p $GL/data
mvn package -DskipTests
-cp target/graylog-output-syslog-3.3.1.jar $GL/plugin
+cp target/graylog-output-syslog-4.0.8.jar $GL/plugin
export GRAYLOG_CONF=$GL/graylog.conf
-#docker rm -f elastic
-#docker run --name elastic -p 9200:9200 -d elasticsearch:5
-#docker rm -f mongo
-#docker run --name mongo -p 27017:27017 -d mongo:3.6
-#docker start elastic
-#docker start mongo
-sleep 5
+sudo sysctl -w vm.max_map_count=262144
+
+docker rm -f elastic
+docker run --name elastic -p 9200:9200 -e "discovery.type=single-node" \
+ -e "cluster.routing.allocation.disk.threshold_enabled=false" \
+ -d elasticsearch:7.10.1
+docker rm -f mongo
+docker run --name mongo -p 27017:27017 -d mongo:3.6
+docker start elastic
+docker start mongo
+sleep 10
$GL/bin/graylogctl run
## Run two consoles additionally:
diff --git a/src/main/java/com/wizecore/graylog2/plugin/CEFSender.java b/src/main/java/com/wizecore/graylog2/plugin/CEFSender.java
index 44defab..ea766dc 100644
--- a/src/main/java/com/wizecore/graylog2/plugin/CEFSender.java
+++ b/src/main/java/com/wizecore/graylog2/plugin/CEFSender.java
@@ -1,147 +1,147 @@
-package com.wizecore.graylog2.plugin;
-
-import java.util.Map;
-
-import org.graylog2.plugin.Message;
-import org.graylog2.syslog4j.SyslogConstants;
-import org.graylog2.syslog4j.SyslogIF;
-
-/**
- * Using CEF format
- */
-
-/*
- * http://blog.rootshell.be/2011/05/11/ossec-speaks-arcsight/
- *
- *
- * CEF:Version|Device Vendor|Device Product|Device Version|Signature ID|Name|Severity|Extension
-
-CEF:0|ArcSight|Logger|5.0.0.5355.2|sensor:115|Logger Internal Event|1|\
-cat=/Monitor/Sensor/Fan5 cs2=Current Value cnt=1 dvc=10.0.0.1 cs3=Ok \
-cs1=null type=0 cs1Label=unit rt=1305034099211 cs3Label=Status cn1Label=value \
-cs2Label=timeframe
- */
-public class CEFSender implements MessageSender {
-
- @Override
- public void send(SyslogIF syslog, int level, Message msg) {
- StringBuilder out = new StringBuilder();
-
- // Header:
- // CEF:Version|Device Vendor|Device Product|Device Version|
- out.append("CEF:0|Graylog|graylog-output-syslog:cefsender|2.3.1|");
-
- // Device Event Class ID
- out.append("log:1");
- out.append("|");
-
- Map fields = msg.getFields();
- Object fv = fields.get("act");
-
- // Name
- String str = fv != null ? fv.toString() : null;
- if (str == null) {
- fv = fields.get("short_message");
- str = fv != null ? fv.toString() : null;
- }
- if (str == null) {
- str = msg.getId();
- }
- str = escape(str, false);
- out.append(str);
-
- // Severity
- // The valid integer values are 0-3=Low, 4-6=Medium, 7-8=High, and 9-10=Very-High.
- int cefLevel = 0;
- /** see {@link org.graylog2.syslog4j.SyslogConstants#LEVEL_INFO} */
- switch (level) {
- case (SyslogConstants.LEVEL_DEBUG):
- cefLevel = 1;
- break;
- case (SyslogConstants.LEVEL_NOTICE):
- cefLevel = 2;
- break;
- case (SyslogConstants.LEVEL_INFO):
- cefLevel = 3;
- break;
- case (SyslogConstants.LEVEL_WARN):
- cefLevel = 6;
- break;
- case (SyslogConstants.LEVEL_ERROR):
- cefLevel = 7;
- break;
- case (SyslogConstants.LEVEL_CRITICAL):
- cefLevel = 8;
- break;
- case (SyslogConstants.LEVEL_ALERT):
- cefLevel = 9;
- break;
- case (SyslogConstants.LEVEL_EMERGENCY):
- cefLevel = 10;
- break;
- default:
- // FIXME: Unknown level
- cefLevel = 10;
- break;
- }
- out.append("|").append(cefLevel) .append("|");
-
- // Extension
- boolean have = false;
- boolean haveExternalId = false;
- boolean haveMsg = false;
+package com.wizecore.graylog2.plugin;
+
+import java.util.Map;
+
+import org.graylog2.plugin.Message;
+import org.graylog2.syslog4j.SyslogConstants;
+import org.graylog2.syslog4j.SyslogIF;
+
+/**
+ * Using CEF format
+ */
+
+/*
+ * http://blog.rootshell.be/2011/05/11/ossec-speaks-arcsight/
+ *
+ *
+ * CEF:Version|Device Vendor|Device Product|Device Version|Signature ID|Name|Severity|Extension
+
+CEF:0|ArcSight|Logger|5.0.0.5355.2|sensor:115|Logger Internal Event|1|\
+cat=/Monitor/Sensor/Fan5 cs2=Current Value cnt=1 dvc=10.0.0.1 cs3=Ok \
+cs1=null type=0 cs1Label=unit rt=1305034099211 cs3Label=Status cn1Label=value \
+cs2Label=timeframe
+ */
+public class CEFSender implements MessageSender {
+
+ @Override
+ public void send(SyslogIF syslog, int level, Message msg) {
+ StringBuilder out = new StringBuilder();
+
+ // Header:
+ // CEF:Version|Device Vendor|Device Product|Device Version|
+ out.append("CEF:0|Graylog|graylog-output-syslog:cefsender|2.3.1|");
+
+ // Device Event Class ID
+ out.append("log:1");
+ out.append("|");
+
+ Map fields = msg.getFields();
+ Object fv = fields.get("act");
+
+ // Name
+ String str = fv != null ? fv.toString() : null;
+ if (str == null) {
+ fv = fields.get("short_message");
+ str = fv != null ? fv.toString() : null;
+ }
+ if (str == null) {
+ str = msg.getId();
+ }
+ str = escape(str, false);
+ out.append(str);
+
+ // Severity
+ // The valid integer values are 0-3=Low, 4-6=Medium, 7-8=High, and 9-10=Very-High.
+ int cefLevel = 0;
+ /** see {@link org.graylog2.syslog4j.SyslogConstants#LEVEL_INFO} */
+ switch (level) {
+ case (SyslogConstants.LEVEL_DEBUG):
+ cefLevel = 1;
+ break;
+ case (SyslogConstants.LEVEL_NOTICE):
+ cefLevel = 2;
+ break;
+ case (SyslogConstants.LEVEL_INFO):
+ cefLevel = 3;
+ break;
+ case (SyslogConstants.LEVEL_WARN):
+ cefLevel = 6;
+ break;
+ case (SyslogConstants.LEVEL_ERROR):
+ cefLevel = 7;
+ break;
+ case (SyslogConstants.LEVEL_CRITICAL):
+ cefLevel = 8;
+ break;
+ case (SyslogConstants.LEVEL_ALERT):
+ cefLevel = 9;
+ break;
+ case (SyslogConstants.LEVEL_EMERGENCY):
+ cefLevel = 10;
+ break;
+ default:
+ // FIXME: Unknown level
+ cefLevel = 10;
+ break;
+ }
+ out.append("|").append(cefLevel) .append("|");
+
+ // Extension
+ boolean have = false;
+ boolean haveExternalId = false;
+ boolean haveMsg = false;
boolean haveStart = false;
- for (String k: fields.keySet()) {
- Object v = fields.get(k);
- if (!k.equals("message") && !k.equals("full_message") && !k.equals("short_message")) {
+ for (String k: fields.keySet()) {
+ Object v = fields.get(k);
+ if (!k.equals("message") && !k.equals("full_message") && !k.equals("short_message")) {
String s = v != null ? v.toString() : "null";
- s = escape(s, true);
- if (have) {
- out.append(" ");
+ s = escape(s, true);
+ if (have) {
+ out.append(" ");
+ }
+ out.append(k).append('=').append(s);
+ have = true;
+
+ if (!haveExternalId && k.equals("externalId")) {
+ haveExternalId = true;
+ }
+
+ if (!haveMsg && k.equals("msg")) {
+ haveMsg = true;
}
- out.append(k).append('=').append(s);
- have = true;
-
- if (!haveExternalId && k.equals("externalId")) {
- haveExternalId = true;
- }
-
- if (!haveMsg && k.equals("msg")) {
- haveMsg = true;
- }
-
- if (!haveStart && k.equals("start")) {
- haveStart = true;
- }
- }
- }
-
- if (!haveStart) {
- out.append(" start=").append(msg.getTimestamp().getMillis());
- }
-
- if (!haveMsg) {
- out.append(" msg=").append(escape(msg.getMessage(), true));
- }
-
- if (!haveExternalId) {
- out.append(" externalId=").append(msg.getId());
+
+ if (!haveStart && k.equals("start")) {
+ haveStart = true;
+ }
+ }
+ }
+
+ if (!haveStart) {
+ out.append(" start=").append(msg.getTimestamp().getMillis());
+ }
+
+ if (!haveMsg) {
+ out.append(" msg=").append(escape(msg.getMessage(), true));
}
- syslog.log(level, out.toString());
- }
-
- public String escape(String s, boolean extension) {
- s = s.replace("\\", "\\\\");
+ if (!haveExternalId) {
+ out.append(" externalId=").append(msg.getId());
+ }
+
+ syslog.log(level, out.toString());
+ }
+
+ public String escape(String s, boolean extension) {
+ s = s.replace("\\", "\\\\");
if (extension) {
s = s.replace("=", "\\=");
s = s.replace("\r", "");
- s = s.replace("\n", "\\n");
- } else {
- s = s.replace("|", "\\|");
- s = s.replace("\r", "");
- s = s.replace("\n", "");
- }
- return s;
- }
-}
+ s = s.replace("\n", "\\n");
+ } else {
+ s = s.replace("|", "\\|");
+ s = s.replace("\r", "");
+ s = s.replace("\n", "");
+ }
+ return s;
+ }
+}
diff --git a/src/main/java/com/wizecore/graylog2/plugin/FullSender.java b/src/main/java/com/wizecore/graylog2/plugin/FullSender.java
index 0e91c57..9f6d083 100644
--- a/src/main/java/com/wizecore/graylog2/plugin/FullSender.java
+++ b/src/main/java/com/wizecore/graylog2/plugin/FullSender.java
@@ -1,90 +1,90 @@
-package com.wizecore.graylog2.plugin;
-
-import java.util.HashMap;
-import java.util.Map;
-import java.util.logging.Logger;
-
-import org.graylog2.plugin.Message;
-import org.graylog2.syslog4j.SyslogIF;
-import org.graylog2.syslog4j.impl.message.structured.StructuredSyslogMessage;
-
-import com.google.common.base.Joiner;
-import com.google.common.collect.Maps;
-
-/**
- * Sends full message to Syslog.
- *
- * <165>1 2003-10-11T22:14:15.003Z mymachine.example.com
- evntslog - ID47 [exampleSDID@0 iut="3" eventSource=
- "Application" eventID="1011"] BOMAn application
- event log entry...
-
- */
-public class FullSender implements MessageSender {
- private Logger log = Logger.getLogger(FullSender.class.getName());
-
- @Override
- public void send(SyslogIF syslog, int level, Message msg) {
- Map sdParams = new HashMap();
- Map fields = msg.getFields();
- for (String key: fields.keySet()) {
- if (key != Message.FIELD_MESSAGE && key != Message.FIELD_FULL_MESSAGE && key != Message.FIELD_SOURCE) {
- sdParams.put(key, fields.get(key).toString());
- }
- }
-
- // http://www.iana.org/assignments/enterprise-numbers/enterprise-numbers
- // @
- String sdId = "all@0";
- // log.info("Sending " + level + ", " + msg.getId() + ", " + msg.getSource() + ", " + sdId + "=" + sdParams + ", " + msg.getMessage());
- Map> sd = new HashMap>();
- sd.put(sdId, sdParams);
-
- String msgId = null;
- if (msgId == null) {
- String source = msg.getSource();
- if (source != null) {
- msgId = source;
- }
- }
- if (msgId == null) {
- msgId = "-";
- }
-
- String sourceId = null;
- if (sourceId == null) {
- Object facility = msg.getField("facility");
- if (facility != null) {
- sourceId = facility.toString();
- }
- }
- if (sourceId == null) {
- sourceId = "-";
- }
-
- syslog.log(level, new StructuredSyslogMessage(msgId, sourceId, sd, dumpMessage(msg)));
- }
-
- public static String dumpMessage(Message msg) {
- final StringBuilder sb = new StringBuilder();
- sb.append("source: ").append(msg.getField(Message.FIELD_SOURCE)).append(" | ");
-
- Object text = msg.getField(Message.FIELD_FULL_MESSAGE);
- if (text == null) {
- text = msg.getField(Message.FIELD_MESSAGE);
- }
- final String message = text.toString().replaceAll("\\n", "").replaceAll("\\t", "");
- sb.append("message: ");
- sb.append(message);
- sb.append(" { ");
-
- final Map filteredFields = Maps.newHashMap(msg.getFields());
- filteredFields.remove(Message.FIELD_SOURCE);
- filteredFields.remove(Message.FIELD_MESSAGE);
-
- Joiner.on(" | ").withKeyValueSeparator(": ").appendTo(sb, filteredFields);
-
- sb.append(" }");
- return sb.toString();
- }
-}
+package com.wizecore.graylog2.plugin;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.logging.Logger;
+
+import org.graylog2.plugin.Message;
+import org.graylog2.syslog4j.SyslogIF;
+import org.graylog2.syslog4j.impl.message.structured.StructuredSyslogMessage;
+
+import com.google.common.base.Joiner;
+import com.google.common.collect.Maps;
+
+/**
+ * Sends full message to Syslog.
+ *
+ * <165>1 2003-10-11T22:14:15.003Z mymachine.example.com
+ evntslog - ID47 [exampleSDID@0 iut="3" eventSource=
+ "Application" eventID="1011"] BOMAn application
+ event log entry...
+
+ */
+public class FullSender implements MessageSender {
+ private Logger log = Logger.getLogger(FullSender.class.getName());
+
+ @Override
+ public void send(SyslogIF syslog, int level, Message msg) {
+ Map sdParams = new HashMap();
+ Map fields = msg.getFields();
+ for (String key: fields.keySet()) {
+ if (key != Message.FIELD_MESSAGE && key != Message.FIELD_FULL_MESSAGE && key != Message.FIELD_SOURCE) {
+ sdParams.put(key, fields.get(key).toString());
+ }
+ }
+
+ // http://www.iana.org/assignments/enterprise-numbers/enterprise-numbers
+ // @
+ String sdId = "all@0";
+ // log.info("Sending " + level + ", " + msg.getId() + ", " + msg.getSource() + ", " + sdId + "=" + sdParams + ", " + msg.getMessage());
+ Map> sd = new HashMap>();
+ sd.put(sdId, sdParams);
+
+ String msgId = null;
+ if (msgId == null) {
+ String source = msg.getSource();
+ if (source != null) {
+ msgId = source;
+ }
+ }
+ if (msgId == null) {
+ msgId = "-";
+ }
+
+ String sourceId = null;
+ if (sourceId == null) {
+ Object facility = msg.getField("facility");
+ if (facility != null) {
+ sourceId = facility.toString();
+ }
+ }
+ if (sourceId == null) {
+ sourceId = "-";
+ }
+
+ syslog.log(level, new StructuredSyslogMessage(msgId, sourceId, sd, dumpMessage(msg)));
+ }
+
+ public static String dumpMessage(Message msg) {
+ final StringBuilder sb = new StringBuilder();
+ sb.append("source: ").append(msg.getField(Message.FIELD_SOURCE)).append(" | ");
+
+ Object text = msg.getField(Message.FIELD_FULL_MESSAGE);
+ if (text == null) {
+ text = msg.getField(Message.FIELD_MESSAGE);
+ }
+ final String message = text.toString().replaceAll("\\n", "").replaceAll("\\t", "");
+ sb.append("message: ");
+ sb.append(message);
+ sb.append(" { ");
+
+ final Map filteredFields = Maps.newHashMap(msg.getFields());
+ filteredFields.remove(Message.FIELD_SOURCE);
+ filteredFields.remove(Message.FIELD_MESSAGE);
+
+ Joiner.on(" | ").withKeyValueSeparator(": ").appendTo(sb, filteredFields);
+
+ sb.append(" }");
+ return sb.toString();
+ }
+}
diff --git a/src/main/java/com/wizecore/graylog2/plugin/MessageSender.java b/src/main/java/com/wizecore/graylog2/plugin/MessageSender.java
index e1c1e77..aaebe6c 100644
--- a/src/main/java/com/wizecore/graylog2/plugin/MessageSender.java
+++ b/src/main/java/com/wizecore/graylog2/plugin/MessageSender.java
@@ -1,11 +1,11 @@
-package com.wizecore.graylog2.plugin;
-
-import org.graylog2.plugin.Message;
-import org.graylog2.syslog4j.SyslogIF;
-
-/**
- * Optimized sender
- */
-public interface MessageSender {
- void send(SyslogIF syslog, int level, Message msg);
+package com.wizecore.graylog2.plugin;
+
+import org.graylog2.plugin.Message;
+import org.graylog2.syslog4j.SyslogIF;
+
+/**
+ * Optimized sender
+ */
+public interface MessageSender {
+ void send(SyslogIF syslog, int level, Message msg);
}
\ No newline at end of file
diff --git a/src/main/java/com/wizecore/graylog2/plugin/PlainSender.java b/src/main/java/com/wizecore/graylog2/plugin/PlainSender.java
index ea036fc..f281c59 100644
--- a/src/main/java/com/wizecore/graylog2/plugin/PlainSender.java
+++ b/src/main/java/com/wizecore/graylog2/plugin/PlainSender.java
@@ -1,101 +1,101 @@
-package com.wizecore.graylog2.plugin;
-
-import java.text.SimpleDateFormat;
-import java.util.Date;
-import java.util.Locale;
-import java.util.logging.Logger;
-
-import org.graylog2.plugin.Message;
-import org.graylog2.syslog4j.SyslogIF;
-
-/**
- * Formats fields into message text
- *
-
- <34>1 2003-10-11T22:14:15.003Z mymachine.example.com su - ID47 - BOM'su root' failed for lonvick on /dev/pts/8
- ^priority
- ^ version
- ^ date
- ^ host
- ^ APP-NAME
- ^ structured data?
- ^ MSGID
-
- */
-public class PlainSender implements MessageSender {
- private Logger log = Logger.getLogger(PlainSender.class.getName());
-
- public static final String SYSLOG_DATEFORMAT = "MMM dd HH:mm:ss";
-
- /**
- * From syslog4j
- *
- * @param dt
- * @return
- */
- public static void appendSyslogTimestamp(Date dt, StringBuilder buffer) {
- SimpleDateFormat dateFormat = new SimpleDateFormat(SYSLOG_DATEFORMAT,Locale.ENGLISH);
- String datePrefix = dateFormat.format(dt);
-
- int pos = buffer.length() + 4;
- buffer.append(datePrefix);
-
- // RFC 3164 requires leading space for days 1-9
- if (buffer.charAt(pos) == '0') {
- buffer.setCharAt(pos,' ');
- }
- }
-
- @Override
- public void send(SyslogIF syslog, int level, Message msg) {
- StringBuilder out = new StringBuilder();
- appendHeader(msg, out);
-
- out.append(msg.getMessage());
- String str = out.toString();
- // log.info("Sending plain message: " + level + ", " + str);
- syslog.log(level, str);
- }
-
- public static void appendHeader(Message msg, StringBuilder out) {
- Date dt = null;
- Object ts = msg.getField("timestamp");
- if (ts != null && ts instanceof Number) {
- dt = new Date(((Number) ts).longValue());
- }
-
- if (dt == null) {
- dt = new Date();
- }
-
- // Write time
- appendSyslogTimestamp(dt, out);
- out.append(" ");
-
- // Write source (host)
- String source = msg.getSource();
- if (source != null) {
- out.append(source).append(" ");
- } else {
- out.append("- ");
- }
-
- // Write service
- Object facility = msg.getField("facility");
- if (facility != null) {
- out.append(facility.toString()).append(" ");
- } else {
- out.append("- ");
- }
-
- // MSGID
- Object username = msg.getField("username");
- if (username != null) {
- out.append(username.toString()).append(" ");
- } else {
- out.append("- ");
- }
-
- out.append(' ');
- }
-}
+package com.wizecore.graylog2.plugin;
+
+import java.text.SimpleDateFormat;
+import java.util.Date;
+import java.util.Locale;
+import java.util.logging.Logger;
+
+import org.graylog2.plugin.Message;
+import org.graylog2.syslog4j.SyslogIF;
+
+/**
+ * Formats fields into message text
+ *
+
+ <34>1 2003-10-11T22:14:15.003Z mymachine.example.com su - ID47 - BOM'su root' failed for lonvick on /dev/pts/8
+ ^priority
+ ^ version
+ ^ date
+ ^ host
+ ^ APP-NAME
+ ^ structured data?
+ ^ MSGID
+
+ */
+public class PlainSender implements MessageSender {
+ private Logger log = Logger.getLogger(PlainSender.class.getName());
+
+ public static final String SYSLOG_DATEFORMAT = "MMM dd HH:mm:ss";
+
+ /**
+ * From syslog4j
+ *
+ * @param dt
+ * @return
+ */
+ public static void appendSyslogTimestamp(Date dt, StringBuilder buffer) {
+ SimpleDateFormat dateFormat = new SimpleDateFormat(SYSLOG_DATEFORMAT,Locale.ENGLISH);
+ String datePrefix = dateFormat.format(dt);
+
+ int pos = buffer.length() + 4;
+ buffer.append(datePrefix);
+
+ // RFC 3164 requires leading space for days 1-9
+ if (buffer.charAt(pos) == '0') {
+ buffer.setCharAt(pos,' ');
+ }
+ }
+
+ @Override
+ public void send(SyslogIF syslog, int level, Message msg) {
+ StringBuilder out = new StringBuilder();
+ appendHeader(msg, out);
+
+ out.append(msg.getMessage());
+ String str = out.toString();
+ // log.info("Sending plain message: " + level + ", " + str);
+ syslog.log(level, str);
+ }
+
+ public static void appendHeader(Message msg, StringBuilder out) {
+ Date dt = null;
+ Object ts = msg.getField("timestamp");
+ if (ts != null && ts instanceof Number) {
+ dt = new Date(((Number) ts).longValue());
+ }
+
+ if (dt == null) {
+ dt = new Date();
+ }
+
+ // Write time
+ appendSyslogTimestamp(dt, out);
+ out.append(" ");
+
+ // Write source (host)
+ String source = msg.getSource();
+ if (source != null) {
+ out.append(source).append(" ");
+ } else {
+ out.append("- ");
+ }
+
+ // Write service
+ Object facility = msg.getField("facility");
+ if (facility != null) {
+ out.append(facility.toString()).append(" ");
+ } else {
+ out.append("- ");
+ }
+
+ // MSGID
+ Object username = msg.getField("username");
+ if (username != null) {
+ out.append(username.toString()).append(" ");
+ } else {
+ out.append("- ");
+ }
+
+ out.append(' ');
+ }
+}
diff --git a/src/main/java/com/wizecore/graylog2/plugin/SnareWindowsSender.java b/src/main/java/com/wizecore/graylog2/plugin/SnareWindowsSender.java
index bec7245..628b93a 100644
--- a/src/main/java/com/wizecore/graylog2/plugin/SnareWindowsSender.java
+++ b/src/main/java/com/wizecore/graylog2/plugin/SnareWindowsSender.java
@@ -1,171 +1,171 @@
-package com.wizecore.graylog2.plugin;
-
-import java.text.SimpleDateFormat;
-import java.util.Date;
-import java.util.Locale;
-import java.util.logging.Logger;
-
-import org.graylog2.plugin.Message;
-import org.graylog2.syslog4j.SyslogIF;
-
-/**
- * Formats fields into message text
- *
-
- <34>1 2003-10-11T22:14:15.003Z mymachine.example.com su - ID47 - BOM'su root' failed for lonvick on /dev/pts/8
- ^priority
- ^ version
- ^ date
- ^ host
- ^ APP-NAME
- ^ structured data?
- ^ MSGID
-
- */
-public class SnareWindowsSender implements MessageSender {
- private Logger log = Logger.getLogger(SnareWindowsSender.class.getName());
-
- public static final String SYSLOG_DATEFORMAT = "MMM dd HH:mm:ss";
- public static final String MSEVENT_DATEFORMAT = "EEE MMM dd HH:mm:ss yyyy";
- public static final String SEPARATOR = "\t";
- /**
- * From syslog4j
- *
- * @param dt
- * @return
- */
- public static void appendSyslogTimestamp(Date dt, StringBuilder buffer) {
- SimpleDateFormat dateFormat = new SimpleDateFormat(SYSLOG_DATEFORMAT,Locale.ENGLISH);
- String datePrefix = dateFormat.format(dt);
-
- int pos = buffer.length() + 4;
- buffer.append(datePrefix);
-
- // RFC 3164 requires leading space for days 1-9
- if (buffer.charAt(pos) == '0') {
- buffer.setCharAt(pos,' ');
- }
- }
-
- public static void appendMSEventTimestamp(Date dt, StringBuilder buffer) {
- SimpleDateFormat dateFormat = new SimpleDateFormat(MSEVENT_DATEFORMAT,Locale.ENGLISH);
- String datePrefix = dateFormat.format(dt);
-
- int pos = buffer.length() + 4;
- buffer.append(datePrefix);
-
- // RFC 3164 requires leading space for days 1-9
- if (buffer.charAt(pos) == '0') {
- buffer.setCharAt(pos,' ');
- }
- }
-
- @Override
- public void send(SyslogIF syslog, int level, Message msg) {
- StringBuilder out = new StringBuilder();
- //appendHeader(msg, out);
-
-
- Date dt = null;
- Object ts = msg.getField("timestamp");
- if (ts != null && ts instanceof Number) {
- dt = new Date(((Number) ts).longValue());
- }
-
- if (dt == null) {
- dt = new Date();
- }
-
- out.append("MSWinEventLog").append(SEPARATOR);
- appendCriticality(msg, out);
- appendField(msg, out, "Channel");
- appendField(msg, out, "RecordNumber"); // we do not have snare counter
- // Write time
- appendMSEventTimestamp(dt, out);
- out.append(SEPARATOR);
-
- appendField(msg, out, "EventID");
-
- appendField(msg, out, "SourceName");
- appendWinUser(msg, out);
- appendField(msg, out, "AccountType");
-
- appendField(msg, out, "EventType");
-
- appendField(msg, out, "source");
- appendField(msg, out, "Category");
-
- // manca il data
- out.append(SEPARATOR);
-
- // ExtendedData
- appendField(msg, out, "message");
-
- Object fld = msg.getField("RecordNumber");
- if (fld == null){
- fld = new String("N/A");
- }
- out.append(fld.toString());
-
- //out.append(msg.getMessage());
- String str = out.toString();
- // log.info("Sending plain message: " + level + ", " + str);
- syslog.log(level, str);
- }
-
- public static void appendHeader(Message msg, StringBuilder out) {
- Date dt = null;
- Object ts = msg.getField("timestamp");
- if (ts != null && ts instanceof Number) {
- dt = new Date(((Number) ts).longValue());
- }
-
- if (dt == null) {
- dt = new Date();
- }
-
- //appendPriority(msg, out);
-
- // Write time
- appendSyslogTimestamp(dt, out);
- out.append(" ");
-
- Object fld = msg.getField("source");
- if (fld == null){
- fld = new String("N/A");
- }
- out.append(fld.toString());
- out.append(" ");
- }
-
- public static void appendField(Message msg, StringBuilder out, String field){
- Object fld = msg.getField(field.toString());
- if (fld == null){
- fld = new String("N/A");
- }
- String f = fld.toString().replaceAll("\t", " ");
- out.append(f).append(SEPARATOR);
- }
-
- public static void appendWinUser(Message msg, StringBuilder out){
- Object domain = msg.getField("Domain");
- if(domain != null){
- out.append(domain.toString()).append("\\");
- }
- appendField(msg, out, "AccountName");
- }
-
- public static void appendCriticality(Message msg, StringBuilder out){
- Object severityValue = msg.getField("SeverityValue");
- String criticality = "0";
- if(severityValue!=null){
- int i_severityValue = Integer.parseInt(severityValue.toString());
- criticality = String.valueOf(i_severityValue-1);
- }
- out.append(criticality.toString()).append(SEPARATOR);
- }
-
- public static void appendPriority(Message msg, StringBuilder out){
- out.append("<").append("14").append(">");
- }
-}
+package com.wizecore.graylog2.plugin;
+
+import java.text.SimpleDateFormat;
+import java.util.Date;
+import java.util.Locale;
+import java.util.logging.Logger;
+
+import org.graylog2.plugin.Message;
+import org.graylog2.syslog4j.SyslogIF;
+
+/**
+ * Formats fields into message text
+ *
+
+ <34>1 2003-10-11T22:14:15.003Z mymachine.example.com su - ID47 - BOM'su root' failed for lonvick on /dev/pts/8
+ ^priority
+ ^ version
+ ^ date
+ ^ host
+ ^ APP-NAME
+ ^ structured data?
+ ^ MSGID
+
+ */
+public class SnareWindowsSender implements MessageSender {
+ private Logger log = Logger.getLogger(SnareWindowsSender.class.getName());
+
+ public static final String SYSLOG_DATEFORMAT = "MMM dd HH:mm:ss";
+ public static final String MSEVENT_DATEFORMAT = "EEE MMM dd HH:mm:ss yyyy";
+ public static final String SEPARATOR = "\t";
+ /**
+ * From syslog4j
+ *
+ * @param dt
+ * @return
+ */
+ public static void appendSyslogTimestamp(Date dt, StringBuilder buffer) {
+ SimpleDateFormat dateFormat = new SimpleDateFormat(SYSLOG_DATEFORMAT,Locale.ENGLISH);
+ String datePrefix = dateFormat.format(dt);
+
+ int pos = buffer.length() + 4;
+ buffer.append(datePrefix);
+
+ // RFC 3164 requires leading space for days 1-9
+ if (buffer.charAt(pos) == '0') {
+ buffer.setCharAt(pos,' ');
+ }
+ }
+
+ public static void appendMSEventTimestamp(Date dt, StringBuilder buffer) {
+ SimpleDateFormat dateFormat = new SimpleDateFormat(MSEVENT_DATEFORMAT,Locale.ENGLISH);
+ String datePrefix = dateFormat.format(dt);
+
+ int pos = buffer.length() + 4;
+ buffer.append(datePrefix);
+
+ // RFC 3164 requires leading space for days 1-9
+ if (buffer.charAt(pos) == '0') {
+ buffer.setCharAt(pos,' ');
+ }
+ }
+
+ @Override
+ public void send(SyslogIF syslog, int level, Message msg) {
+ StringBuilder out = new StringBuilder();
+ //appendHeader(msg, out);
+
+
+ Date dt = null;
+ Object ts = msg.getField("timestamp");
+ if (ts != null && ts instanceof Number) {
+ dt = new Date(((Number) ts).longValue());
+ }
+
+ if (dt == null) {
+ dt = new Date();
+ }
+
+ out.append("MSWinEventLog").append(SEPARATOR);
+ appendCriticality(msg, out);
+ appendField(msg, out, "Channel");
+ appendField(msg, out, "RecordNumber"); // we do not have snare counter
+ // Write time
+ appendMSEventTimestamp(dt, out);
+ out.append(SEPARATOR);
+
+ appendField(msg, out, "EventID");
+
+ appendField(msg, out, "SourceName");
+ appendWinUser(msg, out);
+ appendField(msg, out, "AccountType");
+
+ appendField(msg, out, "EventType");
+
+ appendField(msg, out, "source");
+ appendField(msg, out, "Category");
+
+ // manca il data
+ out.append(SEPARATOR);
+
+ // ExtendedData
+ appendField(msg, out, "message");
+
+ Object fld = msg.getField("RecordNumber");
+ if (fld == null){
+ fld = new String("N/A");
+ }
+ out.append(fld.toString());
+
+ //out.append(msg.getMessage());
+ String str = out.toString();
+ // log.info("Sending plain message: " + level + ", " + str);
+ syslog.log(level, str);
+ }
+
+ public static void appendHeader(Message msg, StringBuilder out) {
+ Date dt = null;
+ Object ts = msg.getField("timestamp");
+ if (ts != null && ts instanceof Number) {
+ dt = new Date(((Number) ts).longValue());
+ }
+
+ if (dt == null) {
+ dt = new Date();
+ }
+
+ //appendPriority(msg, out);
+
+ // Write time
+ appendSyslogTimestamp(dt, out);
+ out.append(" ");
+
+ Object fld = msg.getField("source");
+ if (fld == null){
+ fld = new String("N/A");
+ }
+ out.append(fld.toString());
+ out.append(" ");
+ }
+
+ public static void appendField(Message msg, StringBuilder out, String field){
+ Object fld = msg.getField(field.toString());
+ if (fld == null){
+ fld = new String("N/A");
+ }
+ String f = fld.toString().replaceAll("\t", " ");
+ out.append(f).append(SEPARATOR);
+ }
+
+ public static void appendWinUser(Message msg, StringBuilder out){
+ Object domain = msg.getField("Domain");
+ if(domain != null){
+ out.append(domain.toString()).append("\\");
+ }
+ appendField(msg, out, "AccountName");
+ }
+
+ public static void appendCriticality(Message msg, StringBuilder out){
+ Object severityValue = msg.getField("SeverityValue");
+ String criticality = "0";
+ if(severityValue!=null){
+ int i_severityValue = Integer.parseInt(severityValue.toString());
+ criticality = String.valueOf(i_severityValue-1);
+ }
+ out.append(criticality.toString()).append(SEPARATOR);
+ }
+
+ public static void appendPriority(Message msg, StringBuilder out){
+ out.append("<").append("14").append(">");
+ }
+}
diff --git a/src/main/java/com/wizecore/graylog2/plugin/StructuredSender.java b/src/main/java/com/wizecore/graylog2/plugin/StructuredSender.java
index ef9c970..ba9e3c3 100644
--- a/src/main/java/com/wizecore/graylog2/plugin/StructuredSender.java
+++ b/src/main/java/com/wizecore/graylog2/plugin/StructuredSender.java
@@ -1,64 +1,64 @@
-package com.wizecore.graylog2.plugin;
-
-import java.util.HashMap;
-import java.util.Map;
-import java.util.logging.Logger;
-
-import org.graylog2.plugin.Message;
-import org.graylog2.syslog4j.SyslogIF;
-import org.graylog2.syslog4j.impl.message.structured.StructuredSyslogMessage;
-
-/**
- * https://tools.ietf.org/html/rfc5424
- *
- * <165>1 2003-10-11T22:14:15.003Z mymachine.example.com
- evntslog - ID47 [exampleSDID@0 iut="3" eventSource=
- "Application" eventID="1011"] BOMAn application
- event log entry...
-
- */
-public class StructuredSender implements MessageSender {
- private Logger log = Logger.getLogger(StructuredSender.class.getName());
-
- @Override
- public void send(SyslogIF syslog, int level, Message msg) {
- Map sdParams = new HashMap();
- Map fields = msg.getFields();
- for (String key: fields.keySet()) {
- if (key != Message.FIELD_MESSAGE && key != Message.FIELD_FULL_MESSAGE && key != Message.FIELD_SOURCE) {
- sdParams.put(key, fields.get(key).toString());
- }
- }
-
- // http://www.iana.org/assignments/enterprise-numbers/enterprise-numbers
- // @
- String sdId = "all@0";
- // log.info("Sending " + level + ", " + msg.getId() + ", " + msg.getSource() + ", " + sdId + "=" + sdParams + ", " + msg.getMessage());
- Map> sd = new HashMap>();
- sd.put(sdId, sdParams);
-
- String msgId = null;
- if (msgId == null) {
- String source = msg.getSource();
- if (source != null) {
- msgId = source;
- }
- }
- if (msgId == null) {
- msgId = "-";
- }
-
- String sourceId = null;
- if (sourceId == null) {
- Object facility = msg.getField("facility");
- if (facility != null) {
- sourceId = facility.toString();
- }
- }
- if (sourceId == null) {
- sourceId = "-";
- }
-
- syslog.log(level, new StructuredSyslogMessage(msgId, sourceId, sd, FullSender.dumpMessage(msg)));
- }
-}
+package com.wizecore.graylog2.plugin;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.logging.Logger;
+
+import org.graylog2.plugin.Message;
+import org.graylog2.syslog4j.SyslogIF;
+import org.graylog2.syslog4j.impl.message.structured.StructuredSyslogMessage;
+
+/**
+ * https://tools.ietf.org/html/rfc5424
+ *
+ * <165>1 2003-10-11T22:14:15.003Z mymachine.example.com
+ evntslog - ID47 [exampleSDID@0 iut="3" eventSource=
+ "Application" eventID="1011"] BOMAn application
+ event log entry...
+
+ */
+public class StructuredSender implements MessageSender {
+ private Logger log = Logger.getLogger(StructuredSender.class.getName());
+
+ @Override
+ public void send(SyslogIF syslog, int level, Message msg) {
+ Map sdParams = new HashMap();
+ Map fields = msg.getFields();
+ for (String key: fields.keySet()) {
+ if (key != Message.FIELD_MESSAGE && key != Message.FIELD_FULL_MESSAGE && key != Message.FIELD_SOURCE) {
+ sdParams.put(key, fields.get(key).toString());
+ }
+ }
+
+ // http://www.iana.org/assignments/enterprise-numbers/enterprise-numbers
+ // @
+ String sdId = "all@0";
+ // log.info("Sending " + level + ", " + msg.getId() + ", " + msg.getSource() + ", " + sdId + "=" + sdParams + ", " + msg.getMessage());
+ Map> sd = new HashMap>();
+ sd.put(sdId, sdParams);
+
+ String msgId = null;
+ if (msgId == null) {
+ String source = msg.getSource();
+ if (source != null) {
+ msgId = source;
+ }
+ }
+ if (msgId == null) {
+ msgId = "-";
+ }
+
+ String sourceId = null;
+ if (sourceId == null) {
+ Object facility = msg.getField("facility");
+ if (facility != null) {
+ sourceId = facility.toString();
+ }
+ }
+ if (sourceId == null) {
+ sourceId = "-";
+ }
+
+ syslog.log(level, new StructuredSyslogMessage(msgId, sourceId, sd, FullSender.dumpMessage(msg)));
+ }
+}
diff --git a/src/main/java/com/wizecore/graylog2/plugin/SyslogOutputMetaData.java b/src/main/java/com/wizecore/graylog2/plugin/SyslogOutputMetaData.java
index f190d07..63fda89 100644
--- a/src/main/java/com/wizecore/graylog2/plugin/SyslogOutputMetaData.java
+++ b/src/main/java/com/wizecore/graylog2/plugin/SyslogOutputMetaData.java
@@ -1,52 +1,52 @@
-package com.wizecore.graylog2.plugin;
-
-import java.net.URI;
-import java.util.Collections;
-import java.util.Set;
-
-import org.graylog2.plugin.PluginMetaData;
-import org.graylog2.plugin.ServerStatus.Capability;
-import org.graylog2.plugin.Version;
-
-public class SyslogOutputMetaData implements PluginMetaData {
-
- @Override
- public String getAuthor() {
- return "Wizecore. Based on work by Intelie.";
- }
-
- @Override
- public String getDescription() {
- return "Enables sending messages to syslog via TCP, UDP and TCP over SSL.";
- }
-
- @Override
- public String getName() {
- return "SyslogOutputPlugin";
- }
-
- @Override
- public Set getRequiredCapabilities() {
- return Collections.emptySet();
- }
-
- @Override
- public Version getRequiredVersion() {
- return Version.from(2, 1, 1);
- }
-
- @Override
- public URI getURL() {
- return URI.create("https://github.com/wizecore/graylog2-output-syslog");
- }
-
- @Override
- public String getUniqueId() {
- return SyslogOutput.class.getName();
- }
-
- @Override
- public Version getVersion() {
- return new Version(1, 0, 0);
- }
-}
+package com.wizecore.graylog2.plugin;
+
+import java.net.URI;
+import java.util.Collections;
+import java.util.Set;
+
+import org.graylog2.plugin.PluginMetaData;
+import org.graylog2.plugin.ServerStatus.Capability;
+import org.graylog2.plugin.Version;
+
+public class SyslogOutputMetaData implements PluginMetaData {
+
+ @Override
+ public String getAuthor() {
+ return "Wizecore. Based on work by Intelie.";
+ }
+
+ @Override
+ public String getDescription() {
+ return "Enables sending messages to syslog via TCP, UDP and TCP over SSL.";
+ }
+
+ @Override
+ public String getName() {
+ return "SyslogOutputPlugin";
+ }
+
+ @Override
+ public Set getRequiredCapabilities() {
+ return Collections.emptySet();
+ }
+
+ @Override
+ public Version getRequiredVersion() {
+ return Version.from(2, 1, 1);
+ }
+
+ @Override
+ public URI getURL() {
+ return URI.create("https://github.com/wizecore/graylog2-output-syslog");
+ }
+
+ @Override
+ public String getUniqueId() {
+ return SyslogOutput.class.getName();
+ }
+
+ @Override
+ public Version getVersion() {
+ return new Version(4, 0, 8);
+ }
+}
diff --git a/src/main/java/com/wizecore/graylog2/plugin/SyslogOutputModule.java b/src/main/java/com/wizecore/graylog2/plugin/SyslogOutputModule.java
index d81c995..45df7ec 100644
--- a/src/main/java/com/wizecore/graylog2/plugin/SyslogOutputModule.java
+++ b/src/main/java/com/wizecore/graylog2/plugin/SyslogOutputModule.java
@@ -1,25 +1,25 @@
-package com.wizecore.graylog2.plugin;
-
-import java.util.Collections;
-import java.util.Set;
-
-import org.graylog2.plugin.PluginConfigBean;
-import org.graylog2.plugin.PluginModule;
-import org.graylog2.plugin.outputs.MessageOutput;
-import org.graylog2.plugin.outputs.MessageOutput.Factory;
-
-import com.google.inject.multibindings.MapBinder;
-
-public class SyslogOutputModule extends PluginModule {
-
- @Override
- public Set getConfigBeans() {
- return Collections.emptySet();
- }
-
- @Override
- protected void configure() {
- MapBinder> outputMapBinder = outputsMapBinder();
- installOutput(outputMapBinder, SyslogOutput.class, SyslogOutput.Factory.class);
- }
-}
+package com.wizecore.graylog2.plugin;
+
+import java.util.Collections;
+import java.util.Set;
+
+import org.graylog2.plugin.PluginConfigBean;
+import org.graylog2.plugin.PluginModule;
+import org.graylog2.plugin.outputs.MessageOutput;
+import org.graylog2.plugin.outputs.MessageOutput.Factory;
+
+import com.google.inject.multibindings.MapBinder;
+
+public class SyslogOutputModule extends PluginModule {
+
+ @Override
+ public Set getConfigBeans() {
+ return Collections.emptySet();
+ }
+
+ @Override
+ protected void configure() {
+ MapBinder> outputMapBinder = outputsMapBinder();
+ installOutput(outputMapBinder, SyslogOutput.class, SyslogOutput.Factory.class);
+ }
+}
diff --git a/src/main/java/com/wizecore/graylog2/plugin/SyslogOutputPlugin.java b/src/main/java/com/wizecore/graylog2/plugin/SyslogOutputPlugin.java
index 562d92f..d0921ec 100644
--- a/src/main/java/com/wizecore/graylog2/plugin/SyslogOutputPlugin.java
+++ b/src/main/java/com/wizecore/graylog2/plugin/SyslogOutputPlugin.java
@@ -1,21 +1,21 @@
-package com.wizecore.graylog2.plugin;
-
-import java.util.Arrays;
-import java.util.Collection;
-
-import org.graylog2.plugin.Plugin;
-import org.graylog2.plugin.PluginMetaData;
-import org.graylog2.plugin.PluginModule;
-
-public class SyslogOutputPlugin implements Plugin {
-
- @Override
- public PluginMetaData metadata() {
- return new SyslogOutputMetaData();
- }
-
- @Override
- public Collection modules() {
- return Arrays.asList(new SyslogOutputModule());
- }
-}
+package com.wizecore.graylog2.plugin;
+
+import java.util.Arrays;
+import java.util.Collection;
+
+import org.graylog2.plugin.Plugin;
+import org.graylog2.plugin.PluginMetaData;
+import org.graylog2.plugin.PluginModule;
+
+public class SyslogOutputPlugin implements Plugin {
+
+ @Override
+ public PluginMetaData metadata() {
+ return new SyslogOutputMetaData();
+ }
+
+ @Override
+ public Collection modules() {
+ return Arrays.asList(new SyslogOutputModule());
+ }
+}
diff --git a/src/main/java/com/wizecore/graylog2/plugin/package.html b/src/main/java/com/wizecore/graylog2/plugin/package.html
index d00f426..50f9d25 100644
--- a/src/main/java/com/wizecore/graylog2/plugin/package.html
+++ b/src/main/java/com/wizecore/graylog2/plugin/package.html
@@ -1 +1 @@
-Implementation of plugin to Graylog 1.0 to send stream via Syslog
\ No newline at end of file
+Implementation of plugin to Graylog to send stream via Syslog
\ No newline at end of file
diff --git a/src/main/java/com/wizecore/graylog2/plugin/syslog.txt b/src/main/java/com/wizecore/graylog2/plugin/syslog.txt
index 14902c3..76173b7 100644
--- a/src/main/java/com/wizecore/graylog2/plugin/syslog.txt
+++ b/src/main/java/com/wizecore/graylog2/plugin/syslog.txt
@@ -1,42 +1,42 @@
- Numerical Facility
- Code
-
- 0 kernel messages
- 1 user-level messages
- 2 mail system
- 3 system daemons
- 4 security/authorization messages
- 5 messages generated internally by syslogd
- 6 line printer subsystem
- 7 network news subsystem
- 8 UUCP subsystem
- 9 clock daemon
- 10 security/authorization messages
- 11 FTP daemon
- 12 NTP subsystem
- 13 log audit
- 14 log alert
- 15 clock daemon (note 2)
- 16 local use 0 (local0)
- 17 local use 1 (local1)
- 18 local use 2 (local2)
- 19 local use 3 (local3)
- 20 local use 4 (local4)
- 21 local use 5 (local5)
- 22 local use 6 (local6)
- 23 local use 7 (local7)
-
- Numerical Severity
- Code
-
- 0 Emergency: system is unusable
- 1 Alert: action must be taken immediately
- 2 Critical: critical conditions
- 3 Error: error conditions
- 4 Warning: warning conditions
- 5 Notice: normal but significant condition
- 6 Informational: informational messages
- 7 Debug: debug-level messages
-
-The Priority value is calculated by first multiplying the Facility
+ Numerical Facility
+ Code
+
+ 0 kernel messages
+ 1 user-level messages
+ 2 mail system
+ 3 system daemons
+ 4 security/authorization messages
+ 5 messages generated internally by syslogd
+ 6 line printer subsystem
+ 7 network news subsystem
+ 8 UUCP subsystem
+ 9 clock daemon
+ 10 security/authorization messages
+ 11 FTP daemon
+ 12 NTP subsystem
+ 13 log audit
+ 14 log alert
+ 15 clock daemon (note 2)
+ 16 local use 0 (local0)
+ 17 local use 1 (local1)
+ 18 local use 2 (local2)
+ 19 local use 3 (local3)
+ 20 local use 4 (local4)
+ 21 local use 5 (local5)
+ 22 local use 6 (local6)
+ 23 local use 7 (local7)
+
+ Numerical Severity
+ Code
+
+ 0 Emergency: system is unusable
+ 1 Alert: action must be taken immediately
+ 2 Critical: critical conditions
+ 3 Error: error conditions
+ 4 Warning: warning conditions
+ 5 Notice: normal but significant condition
+ 6 Informational: informational messages
+ 7 Debug: debug-level messages
+
+The Priority value is calculated by first multiplying the Facility
number by 8 and then adding the numerical value of the Severity.
\ No newline at end of file