From 27e14d456729b1d4d30778987ee25ec76098ef5f Mon Sep 17 00:00:00 2001 From: Vitalii Parfonov Date: Wed, 1 Jul 2026 19:58:09 +0300 Subject: [PATCH] feat(syslog): fix syslog severity short-form aliases not recognized by encoder The Severity enum only accepted full-form names (e.g. "critical", "emergency", "informational") but VRL functions to_syslog_severity and to_syslog_level use short-form names ("crit", "emerg", "info"). This caused user-configured severity values like "crit" to silently fall back to "informational" (severity 6). Add strum serialize aliases so the encoder accepts both short-form and full-form severity names: emerg/emergency, crit/critical, err/error, warn/warning, info/informational, and the deprecated "panic" alias. Co-Authored-By: Claude Opus 4.6 (1M context) Signed-off-by: Vitalii Parfonov --- lib/codecs/src/encoding/format/syslog.rs | 39 ++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/lib/codecs/src/encoding/format/syslog.rs b/lib/codecs/src/encoding/format/syslog.rs index 188ecb0d4cb52..fa24e018c9c09 100644 --- a/lib/codecs/src/encoding/format/syslog.rs +++ b/lib/codecs/src/encoding/format/syslog.rs @@ -588,19 +588,24 @@ pub enum Facility { #[configurable_component] pub enum Severity { /// Emergency + #[strum(serialize = "emergency", serialize = "emerg", serialize = "panic")] Emergency = 0, /// Alert Alert = 1, /// Critical + #[strum(serialize = "critical", serialize = "crit")] Critical = 2, /// Error + #[strum(serialize = "error", serialize = "err")] Error = 3, /// Warning + #[strum(serialize = "warning", serialize = "warn")] Warning = 4, /// Notice Notice = 5, /// Informational #[default] + #[strum(serialize = "informational", serialize = "info")] Informational = 6, /// Debug Debug = 7, @@ -744,6 +749,40 @@ mod tests { assert_eq!(facility, Facility::Daemon); assert_eq!(severity, Severity::Critical); + //check short-form severity aliases + log.insert(event_path!("syslog_severity"), "crit"); + let decanter = ConfigDecanter::new(&log); + assert_eq!(decanter.get_severity(&config_sev), Severity::Critical); + + log.insert(event_path!("syslog_severity"), "emerg"); + let decanter = ConfigDecanter::new(&log); + assert_eq!(decanter.get_severity(&config_sev), Severity::Emergency); + + log.insert(event_path!("syslog_severity"), "err"); + let decanter = ConfigDecanter::new(&log); + assert_eq!(decanter.get_severity(&config_sev), Severity::Error); + + log.insert(event_path!("syslog_severity"), "info"); + let decanter = ConfigDecanter::new(&log); + assert_eq!(decanter.get_severity(&config_sev), Severity::Informational); + + log.insert(event_path!("syslog_severity"), "warn"); + let decanter = ConfigDecanter::new(&log); + assert_eq!(decanter.get_severity(&config_sev), Severity::Warning); + + log.insert(event_path!("syslog_severity"), "panic"); + let decanter = ConfigDecanter::new(&log); + assert_eq!(decanter.get_severity(&config_sev), Severity::Emergency); + + //check uppercase short-form aliases + log.insert(event_path!("syslog_severity"), "CRIT"); + let decanter = ConfigDecanter::new(&log); + assert_eq!(decanter.get_severity(&config_sev), Severity::Critical); + + log.insert(event_path!("syslog_severity"), "EMERG"); + let decanter = ConfigDecanter::new(&log); + assert_eq!(decanter.get_severity(&config_sev), Severity::Emergency); + //check defaults with empty config let empty_config = toml::from_str::(r#"facility = ".missing_field""#).unwrap();