David, there is now a patch available:
http://git.adiscon.com/?p=rsyslog.git;a=commit;h=59192611db992e7357337beb8e68 ec6cee5b3fec I will release a new devel today, and it will include the patch. I expect to release another one next week, which will then have the Solaris work plus the script engine with functions (feedback on that is still appreciated). Rainer > -----Original Message----- > From: [email protected] [mailto:rsyslog- > [email protected]] On Behalf Of [email protected] > Sent: Wednesday, March 11, 2009 1:51 PM > To: rsyslog-users > Subject: Re: [rsyslog] properties not getting filled in correctly > > On Wed, 11 Mar 2009, Rainer Gerhards wrote: > > > David, > > > > the issue is in v4 only (and so far UDP only, too). It was introduced > by the > > optimizations, which pass some wrong parameters to the now-decoupled > parser. > > Need to find root cause, though. > > > > Will keep you posted. > > thanks. > > David Lang > > > Rainer > > > >> -----Original Message----- > >> From: [email protected] [mailto:rsyslog- > >> [email protected]] On Behalf Of [email protected] > >> Sent: Tuesday, March 10, 2009 4:22 PM > >> To: rsyslog-users > >> Subject: Re: [rsyslog] properties not getting filled in correctly > >> > >> On Sat, 7 Mar 2009, Rainer Gerhards wrote: > >> > >>> The messages indeed look ok. I'll feed them into my parser and will > >> see what happens. > >> > >> any idea what's happening here yet? > >> > >> David Lang > >> > >>> rainer > >>> > >>> ----- Urspr?ngliche Nachricht ----- > >>> Von: "[email protected]" <[email protected]> > >>> An: "rsyslog-users" <[email protected]> > >>> Gesendet: 07.03.09 02:20 > >>> Betreff: Re: [rsyslog] properties not getting filled in correctly > >>> > >>> On Fri, 6 Mar 2009, Rainer Gerhards wrote: > >>> > >>>> That's why I am after the log samples :) I just termed a new > acronym > >>>> this afternoon: > >>>> YAMSF - yet another malformed syslog format ;) > >>>> > >>>> http://blog.gerhards.net/2009/02/calling-for-log-samples.html > >>>> > >>>> I try hard to get the fields right, but often this is impossible, > >>>> resulting in the issues you see. > >>> > >>> these logs come from several different servers, including different > >> OSs, > >>> but all are misparsed by rsyslog. > >>> > >>> I am not seeing anything obviously wrong with them > >>> > >>> <167>Mar 6 16:57:54 172.20.245.8 %PIX-7-710005: UDP request > >> discarded from SERVER1/2741 to test_app:255.255.255.255/61601 > >>> <29>Mar 6 16:57:54 methane1d-b plug-gw[25213]: connect host= > >> /192.168.243.37 destination=179.50.100.130/60029 > >>> <29>Mar 6 16:57:54 methane1a-b plug-gw[29368]: disconnect host= > >> /192.168.242.119 destination=179.50.100.52/14733 in=357 out=71 > >> duration=1 > >>> <29>Mar 6 16:57:54 happy1-b plug-gw[30259]: connect host= > >> /192.168.22.8 destination=192.168.104.31/5667 > >>> <22>Mar 6 16:57:54 192.168.242.66 sendmail[13328]: n270vrSH013326: > >> to=<[email protected]>, delay=00:00:01, xdelay=00:00:01, > mailer=esmtp, > >> pri=37052, relay=mx1.hotmail.com. [65.54.244.8], dsn=2.0.0, > stat=Sent ( > >> <[email protected]> Queued mail for > >> delivery) > >>> <29>Mar 6 16:57:54 corpmail1-p netacl[3839]: permit host= > >> /10.201.7.120 service=telnetd execute=/usr/local/etc/tn-gw > >>> > >>> David Lang > >>> > >>>> Rainer > >>>> > >>>>> -----Original Message----- > >>>>> From: [email protected] [mailto:rsyslog- > >>>>> [email protected]] On Behalf Of [email protected] > >>>>> Sent: Friday, March 06, 2009 7:54 PM > >>>>> To: rsyslog-users > >>>>> Subject: Re: [rsyslog] properties not getting filled in correctly > >>>>> > >>>>> On Fri, 6 Mar 2009, [email protected] wrote: > >>>>> > >>>>>> I'm running into problems trying to do filtering. it looks as if > >> the > >>>>> log > >>>>>> parsing is not properly filling in the properties. > >>>>>> > >>>>>> what I've run into so far > >>>>>> > >>>>>> when I use the property 'programname' the content that I see is > >> what > >>>>> I would > >>>>>> expect in 'hostname' > >>>>>> > >>>>>> when I use the property 'hostname' the content that I see is > what > >> I > >>>>> would > >>>>>> expect in 'fromhost' > >>>>>> > >>>>>> I haven't checked all the other properties, but my guess is that > >>>>> somehow > >>>>>> rsyslog is off-by-one in filling them in. > >>>>> > >>>>> having said this, date, fromhost, and from-ip appear to be filled > >> in > >>>>> correctly. > >>>>> > >>>>> David Lang > >>>>> _______________________________________________ > >>>>> rsyslog mailing list > >>>>> http://lists.adiscon.net/mailman/listinfo/rsyslog > >>>>> http://www.rsyslog.com > >>>> _______________________________________________ > >>>> rsyslog mailing list > >>>> http://lists.adiscon.net/mailman/listinfo/rsyslog > >>>> http://www.rsyslog.com > >>>> > >>> _______________________________________________ > >>> rsyslog mailing list > >>> http://lists.adiscon.net/mailman/listinfo/rsyslog > >>> http://www.rsyslog.com > >>> _______________________________________________ > >>> rsyslog mailing list > >>> http://lists.adiscon.net/mailman/listinfo/rsyslog > >>> http://www.rsyslog.com > >> _______________________________________________ > >> rsyslog mailing list > >> http://lists.adiscon.net/mailman/listinfo/rsyslog > >> http://www.rsyslog.com > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com > > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
