[syslog-ng]Enterasys SSR syslog message date format.
Balazs Scheidler
syslog-ng@lists.balabit.hu
Wed, 11 Jun 2003 11:16:55 +0200
On Wed, Jun 11, 2003 at 09:40:16AM +0100, Ted_Rule@flextech.co.uk wrote:
>
>
> We noticed that the syslog traffic from our Enterasys SSR routers violates
> protocol slightly in
> its date format.
>
> Jun 07 09:56:46 ssrA %STP-I-PORT_STATUS, Port status change detected: et.2.3 -
> Port Down
> Jun 07 09:56:51 ssrA %STP-I-PORT_STATUS, Port status change detected: et.2.3 -
> Port Up
> Jun 07 09:59:10 ssrA %STP-I-PORT_STATUS, Port status change detected: et.2.3 -
> Port Down
> Jun 07 09:59:11 ssrA %STP-I-PORT_STATUS, Port status change detected: et.2.3 -
> Port Up
>
> i.e. it uses a leading zero on the day of month field where RFC3164 requires a
> leading space.
>
> It's hardly earth shattering, but it would be nice to make the field consistent
> for these routers.
> I've asked the manufacturer to fix their code, but in the meantime are there any
> good ways to
> fix this in syslog-ng - ( other than a global use_time_recvd() yes flag )? I'm
> currently still on a 1.5.24
> syslog-ng code by the way, though more than will to go to 1.6 if need be.
>
> If no option is currently available to munge fix this, could someone give me
> some pointers as
> to where in the code I might be able to patch in a host-specific fixup?
>
> Since I would imagine a few other products also have slightly wonky date
> formats, is there some
> merit in adding some dateformat fixup code in future - maybe the development
> releases already
> address this issue?
I think this should be handled by the current date parsing code as the date
is parsed using strptime():
strptime(lm->date->data, "%b %e %H:%M:%S", &tm);
the description of %e
%d or %e
day of month (1-31; leading zeroes are permitted
but not required)
--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1