[
https://issues.apache.org/jira/browse/FLUME-1666?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13486595#comment-13486595
]
Mike Percy commented on FLUME-1666:
-----------------------------------
Why don't we make stripping hostname and timestamp optional in the syslog
sources? I think that's a better solution.
The problem with the solution here is that syslog source supports several
different timestamp input formats, so in order to be comprehensive we would
have to support them all. Better to just add a flag to the syslog sources to
use the whole line as the Event body instead of just the parsed "content"
portion.
> Syslog source strips timestamp and hostname from log message body
> -----------------------------------------------------------------
>
> Key: FLUME-1666
> URL: https://issues.apache.org/jira/browse/FLUME-1666
> Project: Flume
> Issue Type: Bug
> Components: Sinks+Sources
> Affects Versions: v1.2.0, v1.3.0
> Environment: This occurs with Flume all the way up through 1.3.0.
> Reporter: Josh West
> Attachments: FLUME-1666-SyslogTextSerializer.patch
>
>
> The syslog source parses incoming syslog messages. In the process, it strips
> the timestamp and hostname from each log message, and places them as Event
> headers.
> Thus, a syslog message that would normally look like so (when written via
> rsyslog or syslogd):
> {noformat}
> Wed Oct 24 09:18:01 UTC 2012 someserver /USR/SBIN/CRON[26981]: (root) CMD
> (/usr/local/sbin/somescript)
> {noformat}
> Appears in flume output as:
> {noformat}
> /USR/SBIN/CRON[26981]: (root) CMD (/usr/local/sbin/somescript)
> {noformat}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
