Allow syslog parser to either match multiline or provide custom regexes

[mlasevich]

Check CONTRIBUTING guideline first and here is the list to help us investigate the problem.

Is your feature request related to a problem? Please describe.

Although technically it is not to spec, sometimes syslog input manages to sneak in some newlines in syslog messages. That is not a problem, it is actually very nice, but it does tend to confuse the syslog parser, which cannot parse such messages.

Describe the solution you'd like

Solution to immediate issue is pretty simple, simply adding multiline flag (/m) to the regex fixes it, but I could not find an easy way to replace the regex in the standard syslog plugin.

It would be nice if one or more of these can be done:

1 - Multiline flag added to the hardcoded regexes for syslog parser. I don't think this would break anything. 2 - A configuration parameter is added to parser config that optionally adds the multiline flag, in case there is still fear that 1 will break something 3 - Configuration parameters are added that would allow to optionally replace hardcoded regexes

Describe alternatives you've considered

An obvious alternative is to not use syslog and use regex parser, They are not that far apart and it should be easy, but syslog offers one thing that is handy - detection of which rfc format message is in before parsing. That too can be implemented without syslog plugin, but it will lead to an unnecessarily convoluted configuration

Thank you.

[github-actions[bot]]

This issue has been automatically marked as stale because it has been open 90 days with no activity. Remove stale label or comment or this issue will be closed in 30 days