Check CONTRIBUTING guideline first and here is the list to help us investigate the problem.
Describe the bug
When RFC3164 formatted message contains '>' character followed by a number, it is incorrectly detected as RFC5425 message due to an issue with regex here
Simple fix is to make the detection regex match the parsing regex - i.e.
instead of
REGEXP_DETECT_RFC5424 = /^\<.*\>[1-9]\d{0,2}/use this:
REGEXP_DETECT_RFC5424 = /^\<.[0-9]+\>[1-9]\d{0,2}/To Reproduce
setup syslog parser plugin and run through it a message like:
<15>Mar 12 21:58:53 localhost service: Connection established 1.2.3.4:1234<->4..2.1:4321
Expected behavior
Expected to be parsed as RFC3164 message:
{
"pri": 15,
"time": "Mar 12 21:58:53",
"host": "localhost",
"ident": "service",
"message": "Connection established 1.2.3.4:1234<->4..2.1:4321"
}Actual behavior
Parser error due to attempt to parse it as RFC5424 message
Check CONTRIBUTING guideline first and here is the list to help us investigate the problem.
Describe the bug
When RFC3164 formatted message contains '>' character followed by a number, it is incorrectly detected as RFC5425 message due to an issue with regex here
Simple fix is to make the detection regex match the parsing regex - i.e.
instead of
use this:
To Reproduce
setup syslog parser plugin and run through it a message like:
Expected behavior
Expected to be parsed as RFC3164 message:
{ "pri": 15, "time": "Mar 12 21:58:53", "host": "localhost", "ident": "service", "message": "Connection established 1.2.3.4:1234<->4..2.1:4321" }Actual behavior
Parser error due to attempt to parse it as RFC5424 message