From 782ede5db5ad601e44468c9ca32bd201e5c75aaa Mon Sep 17 00:00:00 2001
From: Keith Hall <kingkeith+github@gmail.com>
Date: Mon, 5 Apr 2021 22:17:47 +0300
Subject: [PATCH] improve syslog syntax

---
 .../syntaxes/02_Extra/syslog.sublime-syntax   | 51 +++++++++++++++++--
 .../highlighted/Syslog/example.syslog         | 16 ++++--
 .../syntax-tests/source/Syslog/example.syslog |  6 +++
 3 files changed, 63 insertions(+), 10 deletions(-)

diff --git a/assets/syntaxes/02_Extra/syslog.sublime-syntax b/assets/syntaxes/02_Extra/syslog.sublime-syntax
index 6233da17..9b243c9c 100644
--- a/assets/syntaxes/02_Extra/syslog.sublime-syntax
+++ b/assets/syntaxes/02_Extra/syslog.sublime-syntax
@@ -5,10 +5,15 @@ name: syslog
 file_extensions:
   - syslog
 scope: text.syslog
+variables:
+  ipv4_part: (?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)
 contexts:
   main:
-    - match: '^\w+\s+\d+\s+\d{2}:\d{2}:\d{2}'
+    - match: ^(\w+\s+\d+)\s+(\d{2}:\d{2}:\d{2})
       scope: meta.datetime.syslog constant.numeric.syslog
+      captures:
+        1: meta.date.syslog
+        2: meta.time.syslog
       push: loghost
   loghost:
     - match: '[\w-]+'
@@ -20,7 +25,8 @@ contexts:
         1: support.function.process.syslog
         2: punctuation.separator.pid.begin.syslog
         3: meta.pid.syslog meta.number.integer.syslog constant.numeric.value.syslog
-        4: punctuation.separator.mapping.syslog
+        4: punctuation.separator.pid.end.syslog
+        5: punctuation.separator.mapping.syslog
       set: structured-data
   structured-data:
     - match: '\['
@@ -56,15 +62,50 @@ contexts:
       captures:
         1: punctuation.definition.string.begin.syslog
         3: punctuation.definition.string.end.syslog
-    - match: \d+
-      scope: meta.number.integer.syslog constant.numeric.value.syslog
+    - include: numbers
     - match: \b(CMD)\b\s+(\()
       captures:
         1: entity.name.label.syslog
         2: punctuation.section.block.begin.syslog
       embed: scope:source.shell.bash
-      escape: \)
+      escape: \)$
       escape_captures:
         0: punctuation.section.block.end.syslog
+    - match: '<\w+>'
+      scope: constant.language.syslog
+    - match: (?i:fail(?:ure|ed)?|error)
+      scope: invalid.illegal.error.syslog
     - match: $
       pop: true
+  numbers:
+    - match: (?=(?:{{ipv4_part}}\.){3}{{ipv4_part}})
+      push:
+        - meta_scope: meta.ipaddress.v4.syslog meta.number.integer.decimal.syslog
+        - match: \d+
+          scope: constant.numeric.value.syslog
+        - match: \.
+          scope: punctuation.separator.sequence.syslog
+        - match: ''
+          pop: true
+    - match: (?=(?:\h{0,4}:){2,6}\h{1,4})
+      push:
+        - meta_scope: meta.ipaddress.v6.syslog meta.number.integer.hexadecimal.syslog
+        - match: \h{1,4}
+          scope: constant.numeric.value.syslog
+        - match: ':'
+          scope: punctuation.separator.sequence.syslog
+        - match: ''
+          pop: true
+    - match: (0x)(\h+)(?:(\.)(\h+))?
+      scope: meta.number.float.hexadecimal.syslog
+      captures:
+        1: constant.numeric.base.syslog
+        2: constant.numeric.value.syslog
+        3: constant.numeric.value.syslog punctuation.separator.decimal.syslog
+        4: constant.numeric.value.syslog
+    - match: \b\d+(\.)\d+\b
+      scope: meta.number.float.syslog constant.numeric.value.syslog
+      captures:
+        1: punctuation.separator.decimal.syslog
+    - match: \b\d+\b
+      scope: meta.number.integer.syslog constant.numeric.value.syslog
diff --git a/tests/syntax-tests/highlighted/Syslog/example.syslog b/tests/syntax-tests/highlighted/Syslog/example.syslog
index 5ea6d9eb..35002a83 100644
--- a/tests/syntax-tests/highlighted/Syslog/example.syslog
+++ b/tests/syntax-tests/highlighted/Syslog/example.syslog
@@ -1,5 +1,11 @@
-Apr  4 00:00:01 hostname-here systemd[1]: logrotate.service: Succeeded.
-Apr  4 00:00:01 hostname-here systemd[1]: Finished Rotate log files.
-Apr  4 00:00:21 hostname-here kernel: [55604.908232] audit: type=1400 audit(1617483621.094:28): apparmor="DENIED" operation="capable" profile="/usr/sbin/cups-browsed" pid=59311 comm="cups-browsed" capability=23  capname="sys_nice"
-Apr  4 09:30:01 hostname-here CRON[89278]: (root) CMD ([ -x /etc/init.d/anacron ] && if [ ! -d /run/systemd/system ]; then /usr/sbin/invoke-rc.d anacron start >/dev/null; fi)
-Apr  4 22:00:45 hostname-here dbus-daemon[1094]: [session uid=1000 pid=1094] Successfully activated service 'io.github.celluloid_player.Celluloid'
+Apr  4 00:00:01 hostname-here systemd[1]: logrotate.service: Succeeded.
+Apr  4 00:00:01 hostname-here systemd[1]: Finished Rotate log files.
+Apr  4 00:00:01 hostname-here colord[920]: failed to get session [pid 137485]: No data available
+Apr  4 00:00:21 hostname-here kernel: [55604.908232] audit: type=1400 audit(1617483621.094:28): apparmor="DENIED" operation="capable" profile="/usr/sbin/cups-browsed" pid=59311 comm="cups-browsed" capability=23  capname="sys_nice"
+Apr  4 00:01:38 hostname-here systemd-resolved[721]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.
+Apr  4 00:04:46 hostname-here ntpd[952]: Soliciting pool server 255.76.59.37
+Apr  4 00:05:21 hostname-here ntpd[952]: ::1 local addr 0:0:0:0:0:0:0:1 -> <null>
+Apr  4 00:06:29 hostname-here ntpd[952]: receive: Unexpected origin timestamp 0xe414a8d1.82e825f5 does not match aorg 0xe414a8d5.82c50d8c from server@127.0.0.1 xmt 0xe414a8d1.e671d7c4
+Apr  4 09:30:01 hostname-here CRON[89278]: (root) CMD ([ -x /etc/init.d/anacron ] && if [ ! -d /run/systemd/system ]; then /usr/sbin/invoke-rc.d anacron start >/dev/null; fi)
+Apr  4 16:32:07 hostname-here NetworkManager[740]: <info>  [1617629527.1101] manager: NetworkManager state is now CONNECTED_GLOBAL
+Apr  4 22:00:45 hostname-here dbus-daemon[1094]: [session uid=1000 pid=1094] Successfully activated service 'io.github.celluloid_player.Celluloid'
diff --git a/tests/syntax-tests/source/Syslog/example.syslog b/tests/syntax-tests/source/Syslog/example.syslog
index 944bd7dd..337f1434 100644
--- a/tests/syntax-tests/source/Syslog/example.syslog
+++ b/tests/syntax-tests/source/Syslog/example.syslog
@@ -1,5 +1,11 @@
 Apr  4 00:00:01 hostname-here systemd[1]: logrotate.service: Succeeded.
 Apr  4 00:00:01 hostname-here systemd[1]: Finished Rotate log files.
+Apr  4 00:00:01 hostname-here colord[920]: failed to get session [pid 137485]: No data available
 Apr  4 00:00:21 hostname-here kernel: [55604.908232] audit: type=1400 audit(1617483621.094:28): apparmor="DENIED" operation="capable" profile="/usr/sbin/cups-browsed" pid=59311 comm="cups-browsed" capability=23  capname="sys_nice"
+Apr  4 00:01:38 hostname-here systemd-resolved[721]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.
+Apr  4 00:04:46 hostname-here ntpd[952]: Soliciting pool server 255.76.59.37
+Apr  4 00:05:21 hostname-here ntpd[952]: ::1 local addr 0:0:0:0:0:0:0:1 -> <null>
+Apr  4 00:06:29 hostname-here ntpd[952]: receive: Unexpected origin timestamp 0xe414a8d1.82e825f5 does not match aorg 0xe414a8d5.82c50d8c from server@127.0.0.1 xmt 0xe414a8d1.e671d7c4
 Apr  4 09:30:01 hostname-here CRON[89278]: (root) CMD ([ -x /etc/init.d/anacron ] && if [ ! -d /run/systemd/system ]; then /usr/sbin/invoke-rc.d anacron start >/dev/null; fi)
+Apr  4 16:32:07 hostname-here NetworkManager[740]: <info>  [1617629527.1101] manager: NetworkManager state is now CONNECTED_GLOBAL
 Apr  4 22:00:45 hostname-here dbus-daemon[1094]: [session uid=1000 pid=1094] Successfully activated service 'io.github.celluloid_player.Celluloid'