On Wed, 11 Mar 2009, Rainer Gerhards wrote: > David, > > the issue is in v4 only (and so far UDP only, too). It was introduced by the > optimizations, which pass some wrong parameters to the now-decoupled parser. > Need to find root cause, though. > > Will keep you posted.
thanks. David Lang > Rainer > >> -----Original Message----- >> From: [email protected] [mailto:rsyslog- >> [email protected]] On Behalf Of [email protected] >> Sent: Tuesday, March 10, 2009 4:22 PM >> To: rsyslog-users >> Subject: Re: [rsyslog] properties not getting filled in correctly >> >> On Sat, 7 Mar 2009, Rainer Gerhards wrote: >> >>> The messages indeed look ok. I'll feed them into my parser and will >> see what happens. >> >> any idea what's happening here yet? >> >> David Lang >> >>> rainer >>> >>> ----- Urspr?ngliche Nachricht ----- >>> Von: "[email protected]" <[email protected]> >>> An: "rsyslog-users" <[email protected]> >>> Gesendet: 07.03.09 02:20 >>> Betreff: Re: [rsyslog] properties not getting filled in correctly >>> >>> On Fri, 6 Mar 2009, Rainer Gerhards wrote: >>> >>>> That's why I am after the log samples :) I just termed a new acronym >>>> this afternoon: >>>> YAMSF - yet another malformed syslog format ;) >>>> >>>> http://blog.gerhards.net/2009/02/calling-for-log-samples.html >>>> >>>> I try hard to get the fields right, but often this is impossible, >>>> resulting in the issues you see. >>> >>> these logs come from several different servers, including different >> OSs, >>> but all are misparsed by rsyslog. >>> >>> I am not seeing anything obviously wrong with them >>> >>> <167>Mar 6 16:57:54 172.20.245.8 %PIX-7-710005: UDP request >> discarded from SERVER1/2741 to test_app:255.255.255.255/61601 >>> <29>Mar 6 16:57:54 methane1d-b plug-gw[25213]: connect host= >> /192.168.243.37 destination=179.50.100.130/60029 >>> <29>Mar 6 16:57:54 methane1a-b plug-gw[29368]: disconnect host= >> /192.168.242.119 destination=179.50.100.52/14733 in=357 out=71 >> duration=1 >>> <29>Mar 6 16:57:54 happy1-b plug-gw[30259]: connect host= >> /192.168.22.8 destination=192.168.104.31/5667 >>> <22>Mar 6 16:57:54 192.168.242.66 sendmail[13328]: n270vrSH013326: >> to=<[email protected]>, delay=00:00:01, xdelay=00:00:01, mailer=esmtp, >> pri=37052, relay=mx1.hotmail.com. [65.54.244.8], dsn=2.0.0, stat=Sent ( >> <[email protected]> Queued mail for >> delivery) >>> <29>Mar 6 16:57:54 corpmail1-p netacl[3839]: permit host= >> /10.201.7.120 service=telnetd execute=/usr/local/etc/tn-gw >>> >>> David Lang >>> >>>> Rainer >>>> >>>>> -----Original Message----- >>>>> From: [email protected] [mailto:rsyslog- >>>>> [email protected]] On Behalf Of [email protected] >>>>> Sent: Friday, March 06, 2009 7:54 PM >>>>> To: rsyslog-users >>>>> Subject: Re: [rsyslog] properties not getting filled in correctly >>>>> >>>>> On Fri, 6 Mar 2009, [email protected] wrote: >>>>> >>>>>> I'm running into problems trying to do filtering. it looks as if >> the >>>>> log >>>>>> parsing is not properly filling in the properties. >>>>>> >>>>>> what I've run into so far >>>>>> >>>>>> when I use the property 'programname' the content that I see is >> what >>>>> I would >>>>>> expect in 'hostname' >>>>>> >>>>>> when I use the property 'hostname' the content that I see is what >> I >>>>> would >>>>>> expect in 'fromhost' >>>>>> >>>>>> I haven't checked all the other properties, but my guess is that >>>>> somehow >>>>>> rsyslog is off-by-one in filling them in. >>>>> >>>>> having said this, date, fromhost, and from-ip appear to be filled >> in >>>>> correctly. >>>>> >>>>> David Lang >>>>> _______________________________________________ >>>>> rsyslog mailing list >>>>> http://lists.adiscon.net/mailman/listinfo/rsyslog >>>>> http://www.rsyslog.com >>>> _______________________________________________ >>>> rsyslog mailing list >>>> http://lists.adiscon.net/mailman/listinfo/rsyslog >>>> http://www.rsyslog.com >>>> >>> _______________________________________________ >>> rsyslog mailing list >>> http://lists.adiscon.net/mailman/listinfo/rsyslog >>> http://www.rsyslog.com >>> _______________________________________________ >>> rsyslog mailing list >>> http://lists.adiscon.net/mailman/listinfo/rsyslog >>> http://www.rsyslog.com >> _______________________________________________ >> rsyslog mailing list >> http://lists.adiscon.net/mailman/listinfo/rsyslog >> http://www.rsyslog.com > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
