On Thu, 2011-02-24 at 12:07 +0100, Valentijn Sessink wrote:
Hi,
Just a small remark. If you run pdbtool with "patternize" on a log file with logs from an IPv6 host, pdbtool thinks that everything after the first ":" is the log message. For example, the log message:
Feb 24 11:39:26 2a01:4f8:8a0:5141::3c2 named[31090]: lame server resolving ....
... will be patternized as if the logging host were "2a01" and if the pattern should be: <pattern>4f8:8a0:5141::3c2 named[31090]: lame server resolving ....</pattern>
I searched around in the patternize code, but could not find the particular code where the host got cut off. However, for someone a bit at home in this code, I think the fix should be trivial.
hmm.. this is not the patternize code that has a problem, but rather the RFC3164 message parsing code, which assumes that ':' is terminating the hostname and marks the beginning of the log message. And this is quite impossible to get out as it'd break a lot of applications out there. wow, I don't know how to solve this properly within the scope of RFC3164 style parsing. RFC5424 should be ok though, but I guess this is written in the logfile now. -- Bazsi