[Filebeat] Accept syslog dates with leading 0#27775
Merged
andrewkroh merged 1 commit intoelastic:masterfrom Sep 7, 2021
Merged
[Filebeat] Accept syslog dates with leading 0#27775andrewkroh merged 1 commit intoelastic:masterfrom
andrewkroh merged 1 commit intoelastic:masterfrom
Conversation
This makes the RFC3164 parser accept dates with a leading 0. This makes the parser a little more liberal than the spec. From RFC3164 https://datatracker.ietf.org/doc/html/rfc3164#section-4.1.2 If the day of the month is less than 10, then it MUST be represented as a space and then the number. For example, the 7th day of August would be represented as "Aug 7", with two spaces between the "g" and the "7". So now it will accept both `Sep 01` and `Sep 1`.
7562d48 to
a49d6d4
Compare
Contributor
|
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
Contributor
|
Pinging @elastic/agent (Team:Agent) |
Contributor
|
While we are at it, shouldn't we also make the RFC 5424 format more lenient as well? |
Member
Author
|
I don't think so because it uses only the well-defined RFC3339 (e.g. 2003-10-11T22:14:15.003Z). https://datatracker.ietf.org/doc/html/rfc5424#section-6.2.3 |
Member
Author
|
run elasticsearch-ci/docs |
Contributor
💚 Build Succeeded
Expand to view the summary
Build stats
Test stats 🧪
Trends 🧪💚 Flaky test reportTests succeeded. Expand to view the summary
Test stats 🧪
|
mergify bot
pushed a commit
that referenced
this pull request
Sep 7, 2021
This makes the RFC3164 parser accept dates with a leading 0. This makes the parser a little more liberal than the spec. From RFC3164 https://datatracker.ietf.org/doc/html/rfc3164#section-4.1.2 If the day of the month is less than 10, then it MUST be represented as a space and then the number. For example, the 7th day of August would be represented as "Aug 7", with two spaces between the "g" and the "7". So now it will accept both `Sep 01` and `Sep 1`. (cherry picked from commit e66b4e6)
andrewkroh
added a commit
that referenced
this pull request
Sep 9, 2021
This makes the RFC3164 parser accept dates with a leading 0. This makes the parser a little more liberal than the spec. From RFC3164 https://datatracker.ietf.org/doc/html/rfc3164#section-4.1.2 If the day of the month is less than 10, then it MUST be represented as a space and then the number. For example, the 7th day of August would be represented as "Aug 7", with two spaces between the "g" and the "7". So now it will accept both `Sep 01` and `Sep 1`. (cherry picked from commit e66b4e6) Co-authored-by: Andrew Kroh <andrew.kroh@elastic.co>
mdelapenya
added a commit
to mdelapenya/beats
that referenced
this pull request
Sep 9, 2021
* master: (39 commits) [Heartbeat] Move JSON tests from python->go (elastic#27816) docs: simplify permissions for Dockerfile COPY (elastic#27754) Osquerybeat: Fix osquery logger plugin severy levels mapping (elastic#27789) [Filebeat] Update compatibility function to remove processor description on ES < 7.9.0 (elastic#27774) warn log entry and no validation failure when both queue_url and buck… (elastic#27612) libbeat/cmd/instance: ensure test config file has appropriate permissions (elastic#27178) [Heartbeat] Add httpcommon options to ZipURL (elastic#27699) Add a header round tripper option to httpcommon (elastic#27509) [Elastic Agent] Add validation to ensure certificate paths are absolute. (elastic#27779) Rename dashboards according to module.yml files for master (elastic#27749) Refactor vagrantfile, add scripts for provisioning with docker/kind (elastic#27726) Accept syslog dates with leading 0 (elastic#27775) [Filebeat] Add timezone config option to decode_cef and syslog input (elastic#27727) [Filebeat] Threatintel compatibility updates (elastic#27323) Add support for ephemeral containers in elastic agent dynamic provider (elastic#27707) [Filebeat] Integration tests in CI for AWS-S3 input (elastic#27491) Fix flakyness of TestFilestreamEmptyLine (elastic#27705) [Filebeat] kafka v2 using parsers (elastic#27335) Update Kafka version parsing / supported range (elastic#27720) Update Sarama to 1.29.1 (elastic#27717) ...
Icedroid
pushed a commit
to Icedroid/beats
that referenced
this pull request
Nov 1, 2021
This makes the RFC3164 parser accept dates with a leading 0. This makes the parser a little more liberal than the spec. From RFC3164 https://datatracker.ietf.org/doc/html/rfc3164#section-4.1.2 If the day of the month is less than 10, then it MUST be represented as a space and then the number. For example, the 7th day of August would be represented as "Aug 7", with two spaces between the "g" and the "7". So now it will accept both `Sep 01` and `Sep 1`.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What does this PR do?
This makes the RFC3164 parser accept dates with a leading 0. This makes the parser a little more liberal than the spec.
From RFC3164 https://datatracker.ietf.org/doc/html/rfc3164#section-4.1.2
So now it will accept both
Sep 01andSep 1.Checklist
CHANGELOG.next.asciidocorCHANGELOG-developer.next.asciidoc.