We noticed that the syslog traffic from our Enterasys SSR routers violates protocol slightly in its date format. Jun 07 09:56:46 ssrA %STP-I-PORT_STATUS, Port status change detected: et.2.3 - Port Down Jun 07 09:56:51 ssrA %STP-I-PORT_STATUS, Port status change detected: et.2.3 - Port Up Jun 07 09:59:10 ssrA %STP-I-PORT_STATUS, Port status change detected: et.2.3 - Port Down Jun 07 09:59:11 ssrA %STP-I-PORT_STATUS, Port status change detected: et.2.3 - Port Up i.e. it uses a leading zero on the day of month field where RFC3164 requires a leading space. It's hardly earth shattering, but it would be nice to make the field consistent for these routers. I've asked the manufacturer to fix their code, but in the meantime are there any good ways to fix this in syslog-ng - ( other than a global use_time_recvd() yes flag )? I'm currently still on a 1.5.24 syslog-ng code by the way, though more than will to go to 1.6 if need be. If no option is currently available to munge fix this, could someone give me some pointers as to where in the code I might be able to patch in a host-specific fixup? Since I would imagine a few other products also have slightly wonky date formats, is there some merit in adding some dateformat fixup code in future - maybe the development releases already address this issue? Thanks, Ted ************************************************************************************************ This E-mail message, including any attachments, is intended only for the person or entity to which it is addressed, and may contain confidential information. If you are not the intended recipient, any review, retransmission, disclosure, copying, modification or other use of this E-mail message or attachments is strictly forbidden. If you have received this E-mail message in error, please contact the author and delete the message and any attachments from your computer. You are also advised that the views and opinions expressed in this E-mail message and any attachments are the author's own, and may not reflect the views and opinions of FLEXTECH Television Limited. ************************************************************************************************
On Wed, Jun 11, 2003 at 09:40:16AM +0100, Ted_Rule@flextech.co.uk wrote:
We noticed that the syslog traffic from our Enterasys SSR routers violates protocol slightly in its date format.
Jun 07 09:56:46 ssrA %STP-I-PORT_STATUS, Port status change detected: et.2.3 - Port Down Jun 07 09:56:51 ssrA %STP-I-PORT_STATUS, Port status change detected: et.2.3 - Port Up Jun 07 09:59:10 ssrA %STP-I-PORT_STATUS, Port status change detected: et.2.3 - Port Down Jun 07 09:59:11 ssrA %STP-I-PORT_STATUS, Port status change detected: et.2.3 - Port Up
i.e. it uses a leading zero on the day of month field where RFC3164 requires a leading space.
It's hardly earth shattering, but it would be nice to make the field consistent for these routers. I've asked the manufacturer to fix their code, but in the meantime are there any good ways to fix this in syslog-ng - ( other than a global use_time_recvd() yes flag )? I'm currently still on a 1.5.24 syslog-ng code by the way, though more than will to go to 1.6 if need be.
If no option is currently available to munge fix this, could someone give me some pointers as to where in the code I might be able to patch in a host-specific fixup?
Since I would imagine a few other products also have slightly wonky date formats, is there some merit in adding some dateformat fixup code in future - maybe the development releases already address this issue?
I think this should be handled by the current date parsing code as the date is parsed using strptime(): strptime(lm->date->data, "%b %e %H:%M:%S", &tm); the description of %e %d or %e day of month (1-31; leading zeroes are permitted but not required) -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
participants (2)
-
Balazs Scheidler
-
Ted_Rule@flextech.co.uk