Hello, I think the actual need for this functionality would be outside RFC5424. Or RFC3164 for that matter.
It sounds like Vicks (and also Ciprian and I) would need it as a function of mmnormalize/liblognorm so that we can parse logs from files. This different format in the Email is something I often see in Java logs. The more general use-case would be to parse all kinds of date formats (mysql, apache, whatever - it seems like there's a billion of them). Currently the only option I'm aware of is to hack around with parsing different parts of the date as a string and stitching it in the template. All very ugly. @Ciprian and Vicks: please let me know if I misinterpreted what you wanted. What I describe here is what I would find useful. Best regards, Radu P.S. Now that I think of it, it wouldn't be only useful for parsing logs from files. It could be that some apps just send logs over TCP (say, newline-delimited) that don't comply to either of the syslog RFCs. And then we could use mmnormalize to parse them. Goes into the direction of "rsyslog is not only for syslog". -- Performance Monitoring * Log Analytics * Search Analytics Solr & Elasticsearch Support * http://sematext.com/ On Tue, Nov 24, 2015 at 10:37 AM, Rainer Gerhards <[email protected]> wrote: > 2015-11-24 9:18 GMT+01:00 David Lang <[email protected]>: >> On Tue, 24 Nov 2015, Ciprian Hacman wrote: >> >>> I was actually thinking of creating a PR for accepting " " instead of "T" >>> between date and time. >>> @Rainer: Would it be ok? >> >> >> my reaction is that it depends on how paranoid the rest of the code is. Is >> there any chance that this will cause it to misinterpret something else as a >> match? > > No, but the current stance of the IETF is "if it's malformed, than > it's dangerous". I think that paradigm is correct to follow these > days. An option would work, but the default should be to comply with > RFC rules. > > Rainer >> >> David Lang >> >> _______________________________________________ >> rsyslog mailing list >> http://lists.adiscon.net/mailman/listinfo/rsyslog >> http://www.rsyslog.com/professional-services/ >> What's up with rsyslog? Follow https://twitter.com/rgerhards >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of >> sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T >> LIKE THAT. > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T > LIKE THAT. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
