Ahh, didnt know that was overridden. Thanks :-) -Patrick Sent: Tue Dec 07 2010 17:17:42 GMT-0700 (Mountain Standard Time) From: Daniel Ojalvo <D.Ojalvo@F5.com> To: Patrick H. <syslogng@feystorm.net>, Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu> Subject: Re: [syslog-ng] [Bug 100] New: Hostnames that start with 4+ digits mess up the time system

Yes, but that is superseded by rfc 1123. http://tools.ietf.org/html/rfc1123#page-13

It's definitely an edge case though. I googled around for a while and I found no other mentions of a bug like this.

Daniel

*From:* feystorm@q.com [mailto:feystorm@q.com] *On Behalf Of *Patrick H. *Sent:* Tuesday, December 07, 2010 4:07 PM *To:* Syslog-ng users' and developers' mailing list; Daniel Ojalvo *Subject:* Re: [syslog-ng] [Bug 100] New: Hostnames that start with 4+ digits mess up the time system

Well to be fair, hostnames that start with a number are a violation of RFC 952. http://www.ietf.org/rfc/rfc952.txt "The first character must be an alpha character"

-Patrick

Sent: Tue Dec 07 2010 16:49:03 GMT-0700 (Mountain Standard Time) From: bugzilla@bugzilla.balabit.com <mailto:bugzilla@bugzilla.balabit.com> To: syslog-ng@lists.balabit.hu <mailto:syslog-ng@lists.balabit.hu> Subject: [syslog-ng] [Bug 100] New: Hostnames that start with 4+ digits mess up the time system

https://bugzilla.balabit.com/show_bug.cgi?id=100

Summary: Hostnames that start with 4+ digits mess up the time system Product: syslog-ng Version: 2.0.x Platform: PC OS/Version: Linux Status: NEW Severity: normal Priority: unspecified Component: syslog-ng AssignedTo: bazsi@balabit.hu <mailto:bazsi@balabit.hu> ReportedBy: D.Ojalvo@f5.com <mailto:D.Ojalvo@f5.com> Type of the Report: --- Estimated Hours: 0.0

Created an attachment (id=26) --> (https://bugzilla.balabit.com/attachment.cgi?id=26) My patch proposal

If syslog is handling a message with an rfc 3164-type timestamp then a hostname that begins with 4 digits, the time parser will mess up because it thinks that it is dealing with a linksys-style timestamp that includes the year, when the rfc3164 timestamp does not. I wrote a patch that adds a strict rfc3164 parsing option to the syslog startup.