On Mon, 16 Apr 2012, Rainer Gerhards wrote:
-----Original Message-----
From: [email protected] [mailto:rsyslog-
[email protected]] On Behalf Of [email protected]
Sent: Saturday, April 14, 2012 4:10 AM
To: rsyslog-users
Subject: Re: [rsyslog] Incorrect hostname from %hostname%
doing a google search for 'all numeric hostname' I find lots of things
that break if you have an all numeric hostname, but a old RFC that
relaxes
the prior restriction that the first character of a hostname could not
be
a number.
so it looks like they are technically legal according to the RFCs, but
they will break all over the place.
given how rare an all-numeric hostname would be (and how much other
stuff
is broken by using one), I think it's reasonable for rsyslog to have a
heuristic that doesn't allow them and assums that a 4-digit number in
that
posisiton is the year portion of a timestamp. Especially since quite a
number of devices appear to be sending out logs with timestamps with
the
year added to them.
Makes sense. I'd still say that if an all-numeric string of size <> 4
occupies that position, I'd interpret it as hostname?
It's either that or decide that there is no hostname provided and that
it's part of the message instead.
when I get around to it, I'm going to do another Cisco fixup parser. I've
got some Cisco devices that put a sequence number ahead of the message (I
need to double check exactly what it is that they send when I get into the
office in the morning)
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
