Add test case for Juniper SRX 240 structured syslog message.

Refs #549.

graylog2-inputs/src/test/java/org/graylog2/inputs/codecs/SyslogCodecTest.java

@@ -44,6 +44,8 @@ public class SyslogCodecTest {
     public static String STRUCTURED = "<165>1 2012-12-25T22:14:15.003Z mymachine.example.com evntslog - ID47 [exampleSDID@32473 iut=\"3\" eventSource=\"Application\" eventID=\"1011\"] BOMAn application event log entry";
     public static String STRUCTURED_ISSUE_845 = "<190>1 2015-01-06T20:56:33.287Z app-1 app - - [mdc@18060 ip=\"::ffff:132.123.15.30\" logger=\"{c.corp.Handler}\" session=\"4ot7\" user=\"[email protected]\" user-agent=\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/600.2.5 (KHTML, like Gecko) Version/7.1.2 Safari/537.85.11\"] User page 13 requested";
     public static String STRUCTURED_ISSUE_845_EMPTY = "<128>1 2015-01-11T16:35:21.335797+01:00 s000000.example.com - - - - tralala";
+    // The folowing message from issue 549 is from a Juniper SRX 240 device.
+    public static String STRUCTURED_ISSUE_549 = "<14>1 2014-05-01T08:26:51.179Z fw01 RT_FLOW - RT_FLOW_SESSION_DENY [[email protected] source-address=\"1.2.3.4\" source-port=\"56639\" destination-address=\"5.6.7.8\" destination-port=\"2003\" service-name=\"None\" protocol-id=\"6\" icmp-type=\"0\" policy-name=\"log-all-else\" source-zone-name=\"campus\" destination-zone-name=\"mngmt\" application=\"UNKNOWN\" nested-application=\"UNKNOWN\" username=\"N/A\" roles=\"N/A\" packet-incoming-interface=\"reth6.0\" encrypted=\"No\"]";
     private final String UNSTRUCTURED = "<45>Oct 21 12:09:37 c4dc57ba1ebb syslog-ng[7208]: syslog-ng starting up; version='3.5.3'";
 
     @Mock private Configuration configuration;
@@ -148,6 +150,31 @@ public void testDecodeStructuredWithFullMessage() throws Exception {
         assertEquals(message.getField("application_name"), "evntslog");
     }
 
+    @Test
+    public void testDecodeStructuredIssue549() throws Exception {
+        final Message message = codec.decode(buildRawMessage(STRUCTURED_ISSUE_549));
+
+        assertNotNull(message);
+        assertEquals(message.getMessage(), "RT_FLOW_SESSION_DENY [[email protected] source-address=\"1.2.3.4\" source-port=\"56639\" destination-address=\"5.6.7.8\" destination-port=\"2003\" service-name=\"None\" protocol-id=\"6\" icmp-type=\"0\" policy-name=\"log-all-else\" source-zone-name=\"campus\" destination-zone-name=\"mngmt\" application=\"UNKNOWN\" nested-application=\"UNKNOWN\" username=\"N/A\" roles=\"N/A\" packet-incoming-interface=\"reth6.0\" encrypted=\"No\"]");
+        assertEquals(((DateTime) message.getField("timestamp")).withZone(DateTimeZone.UTC), new DateTime("2014-05-01T08:26:51.179Z", DateTimeZone.UTC));
+        assertEquals(message.getField("source-address"), "1.2.3.4");
+        assertEquals(message.getField("source-port"), "56639");
+        assertEquals(message.getField("destination-address"), "5.6.7.8");
+        assertEquals(message.getField("destination-port"), "2003");
+        assertEquals(message.getField("service-name"), "None");
+        assertEquals(message.getField("protocol-id"), "6");
+        assertEquals(message.getField("icmp-type"), "0");
+        assertEquals(message.getField("policy-name"), "log-all-else");
+        assertEquals(message.getField("source-zone-name"), "campus");
+        assertEquals(message.getField("destination-zone-name"), "mngmt");
+        assertEquals(message.getField("application"), "UNKNOWN");
+        assertEquals(message.getField("nested-application"), "UNKNOWN");
+        assertEquals(message.getField("username"), "N/A");
+        assertEquals(message.getField("roles"), "N/A");
+        assertEquals(message.getField("packet-incoming-interface"), "reth6.0");
+        assertEquals(message.getField("encrypted"), "No");
+    }
+
     @Test
     public void testDecodeUnstructured() throws Exception {
         final Message message = codec.decode(buildRawMessage(UNSTRUCTURED));