[syslog-ng] [Bug 238] New: syslog-protocol: allow NILVALUE for TIMESTAMP as specified in rfc5424
bugzilla at bugzilla.balabit.com
bugzilla at bugzilla.balabit.com
Sat Jun 29 12:06:02 CEST 2013
https://bugzilla.balabit.com/show_bug.cgi?id=238
Summary: syslog-protocol: allow NILVALUE for TIMESTAMP as
specified in rfc5424
Product: syslog-ng
Version: 3.4.x
Platform: PC
OS/Version: Linux
Status: NEW
Severity: normal
Priority: unspecified
Component: syslog-ng
AssignedTo: bazsi at balabit.hu
ReportedBy: spam at lerya.net
Type of the Report: ---
Estimated Hours: 0.0
RFC5424 states:
- section 6:
"""
TIMESTAMP = NILVALUE / FULL-DATE "T" FULL-TIME
"""
- section 6.2.3
""
A syslog application MUST use the NILVALUE as TIMESTAMP if the syslog
application is incapable of obtaining system time.
""
But the 3.4 version of syslog-ng does not allow such a NILVALUE:
https://github.com/balabit/syslog-ng-3.4/blob/master/modules/syslogformat/syslog-format.c#L216
For example, the following message does not work:
<6>1 - - netlog - - - [ 775.895618] /bin/ping[2936] UDP 10.0.2.15:33285 -> 192.168.0.1:53 (uid=0)
Whereas this one works:
<6>1 2003-10-11T22:14:15.003Z - netlog - - - [ 775.895618] /bin/ping[2936] UDP 10.0.2.15:33285 -> 192.168.0.1:53 (uid=0)
--
Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the syslog-ng
mailing list