On Fri, 6 Mar 2015, Thomas D. wrote:
Hi,
On 2015-03-05 15:16, Rainer Gerhards wrote:
Now that I have reviewed the code of logger 2.26, I would *strongly*
recommend to enforce < 2.26 with rsyslog. There are multiple format issues
in the new version, which will not only break rsyslog but probably others
as well. This also happens when sending remotely. I am creating bug
trackers and fixes at the util-linx project.
Thanks for the update. I created a bug for Gentoo:
https://bugs.gentoo.org/show_bug.cgi?id=542306
I was asked if I can provide a simple way to show the problem (comment
#5) which helps to check which implementations are affected.
The exact details are going to vary significantly amoung implimentations. You
need to write a message with logger, and then see what ends up in the message
portion of the resulting log message. To make this clear, you need to configure
an output format that clearly shows the message.
For Rsyslog, the format in the test just outputs $msg, so it clearly showed the
extra stuff in the output compared to what was expected
In logstash, if you output the message in JSON format, after doing a syslog
decode of the input (to separate out the pri, timestamp, and hostname), there
will be a field that has the message portion that should end up showing the
extra data.
Probably, looking at the JSON based output is your best bet across different
implementations.
The structured data (the stuff in []) should show up as separate variables from
the message, and the text being logged (in the rsyslog testbench, 'test') should
show up in a variable separate from anything else.
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
