[pkg/stanza] Support parsing raw syslog data

[Caleb-Hurshman]

Component(s)

pkg/stanza

Is your feature request related to a problem? Please describe.

The syslog parser only supports parsing in RFC3164 and RFC5424 protocols, but certain platforms (e.g., Google SecOps) expect raw, unparsed syslog data.

Describe the solution you'd like

Add a third supported protocol to the syslog parser named none (or something similar), which will parse timestamp, but pass the log unparsed.

Output:

{
  "timestamp": "2020-01-12T06:30:00Z",
  "message": "<34>Jan 12 06:30:00 1.2.3.4 apache_server: test message"
}

Describe alternatives you've considered

It's possible to get around this by using the TCP log receiver to send raw data to SecOps, but this is unintuitive, as the syslog receiver should be sufficient for syslog data.

Additional context

No response

Tip

_{React with 👍 to help prioritize this issue. Please use comments to provide useful context, avoiding +1 or me too, to help us triage it. Learn more here.}

[github-actions]

Pinging code owners:

• pkg/stanza: @andrzej-stencel

See Adding Labels via Comments if you do not have permissions to add labels yourself.