[Bug 4] New: Year not being parsed
https://bugzilla.balabit.com/show_bug.cgi?id=4 Summary: Year not being parsed Product: syslog-ng Version: 2.0.x Platform: PC OS/Version: Linux Status: NEW Severity: normal Priority: unspecified Component: syslog-ng AssignedTo: bazsi@balabit.hu ReportedBy: justin.mr.smith@gmail.com Type of the Report: bug Estimated Hours: 0.0 Created an attachment (id=1) --> (https://bugzilla.balabit.com/attachment.cgi?id=1) Packet capture of logs being sent to server There seems to be an issue with the parsing of the logs being sent to syslog-ng server in a way that it is unable to parse out the year out of the udp packet being sent to it. After taking a packet capture of the log being sent yes indeed the year is in the packet. Configs: Ubuntu 7.10 - Syslog-ng 2.0.0 & 2.0.6 Sender: Linksys RV042,RV082 routers Packet Capture: Message: Dec 12 11:49:14 2007 RV042 RGFW-IN: BLOCK-RULES (TCP 69.xxx.xxx.xxx:1639->69.xxx.xxx.xxx:1433 on ixp1) [0,0] -- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
https://bugzilla.balabit.com/show_bug.cgi?id=4 --- Comment #1 from Balazs Scheidler <bazsi@balabit.hu> 2007-12-17 15:13:26 --- patch committed here: http://git.balabit.hu/?p=bazsi/syslog-ng-2.0.git;a=commit;h=93ede29f8d91a1d3... -- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
https://bugzilla.balabit.com/show_bug.cgi?id=4 Balazs Scheidler <bazsi@balabit.hu> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|--- |2.0.7 Resolution| |FIXED Type of the Report|bug |enhancement Status|NEW |RESOLVED --- Comment #2 from Balazs Scheidler <bazsi@balabit.hu> 2007-12-17 15:15:27 --- Targeting 2.0.7 with this one. Can you please check and report back whether it works? Thanks. -- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
https://bugzilla.balabit.com/show_bug.cgi?id=4 Justin <justin.mr.smith@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|FIXED | Status|RESOLVED |REOPENED --- Comment #3 from Justin <justin.mr.smith@gmail.com> 2007-12-18 18:05:47 --- Got the newest snapshot installed. There is still a problem, still no year and now it is cutting off a portion of the Syslog message that was previously there. Before (v.2.0.0-1) (ubuntu rep) ------ Dec 18 10:45:42 192.xxx.xxx.1 RV042 RGFW-IN: BLOCK-RULES (TCP 69.47.208.149:4019->69.xxx.xxx.6:1433 on ixp1) [0,0] Dec 18 10:45:45 192.xxx.xxx.1 RV042 RGFW-IN: BLOCK-RULES (TCP 69.47.208.149:4019->69.xxx.xxx.6:1433 on ixp1) [0,0] After (v.2.0.6+20071812) (src snapshot) ----- Dec 18 10:50:44 192.xxx.xxx.1 RGFW-IN: BLOCK-RULES (TCP 69.70.73.66:2726->69.xxx.xxx.6:2967 on ixp1) [0,0] Dec 18 10:51:12 192.xxx.xxx.1 RGFW-IN: BLOCK-RULES (TCP 218.234.41.8:6000->69.xxx.xxx.6:6588 on ixp1) [0,0] As you can see this new version is cutting out the "RV042" in this log, and still no year is included. -- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
https://bugzilla.balabit.com/show_bug.cgi?id=4 Balazs Scheidler <bazsi@balabit.hu> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution| |FIXED Status|REOPENED |RESOLVED --- Comment #4 from Balazs Scheidler <bazsi@balabit.hu> 2007-12-20 10:26:47 --- syslog-ng converts timestamps to a uniform format, BSD by default, which has no year information. If you want year in your messages change the timestamp format either by using the ts_format() option or by using a custom template. ts_format(iso) in your global options should do the trick. The information that syslog-ng "removes" is the hostname, that you requested to be rewritten using an IP address. If you want to keep the hostname use keep_hostname(no). So, I still think this problem is fixed, but feel free to reopen if you disagree. -- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
https://bugzilla.balabit.com/show_bug.cgi?id=4 --- Comment #5 from Justin <justin.mr.smith@gmail.com> 2007-12-20 17:46:29 --- Works perfect! Thank you so much for looking into this and spending the time needed to resolve this issue. Many thanks from us here. -- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
https://bugzilla.balabit.com/show_bug.cgi?id=4 Balazs Scheidler <bazsi@balabit.hu> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |TESTED --- Comment #6 from Balazs Scheidler <bazsi@balabit.hu> 2007-12-20 21:38:11 --- This means that the fix was tested -> TESTED -- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
https://bugzilla.balabit.com/show_bug.cgi?id=4 Balazs Scheidler <bazsi@balabit.hu> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|TESTED |INTEGRATED --- Comment #7 from Balazs Scheidler <bazsi@balabit.hu> 2007-12-20 21:39:42 --- And as I committed this patch to mainline, this is already integrated -- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
participants (1)
-
bugzilla@bugzilla.balabit.com