[syslog-ng] syslog parser modified in git head
Scheidler, Balázs
balazs.scheidler at balabit.com
Thu Aug 10 07:39:45 UTC 2017
Hi,
The pull request #1617 has just been merged, which adds a slight
modification to the way we parse RFC3164 syslog messages, by adding support
for IPV6 addresses in the host field.
Since changing that parser always makes me nervous (lot's of heuristics to
support a number of different logging formats), it would be great if any of
you having "strange" logging formats (appliances in general, Cisco, F5,
Juniper, Huawei, etc) devices could validate that we didn't break anything
major.
The change is pretty focused, e.g. we accept an IPV6 address as a hostname
if it matches the general format of IPv6 addresses. But the interpretation
of the ':' character has slightly changed.
This could cause hostnames and program names to be parsed incorrectly.
Any feedback would be appreciated.
--
Bazsi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20170810/bf8fba0d/attachment.html>
More information about the syslog-ng
mailing list