linux-syslog error in %{SYSLOG5424LINE}

Question

linux-syslog error in %{SYSLOG5424LINE}

flysen opened this issue 8 years ago · 1 comments

According to https://www.rfc-editor.org/rfc/rfc5424.txt 6.2.4. HOSTNAME IP address (both ipv4 and ipv6) should be accepted 4. Dynamic IP address

Wrong line: %{HOSTNAME:syslog5424_host}
SYSLOG5424BASE %{SYSLOG5424PRI}%{NONNEGINT:syslog5424_ver} +(?:%{TIMESTAMP_ISO8601:syslog5424_ts}|-) +(?:%{HOSTNAME:syslog5424_host}|-) +(-|%{SYSLOG5424PRINTASCII:syslog5424_app}) +(-|%{SYSLOG5424PRINTASCII:syslog5424_proc}) +(-|%{SYSLOG5424PRINTASCII:syslog5424_msgid}) +(?:%{SYSLOG5424SD:syslog5424_sd}|-|)

Scould be: %{IPORHOST:syslog5424_host}
SYSLOG5424BASE %{SYSLOG5424PRI}%{NONNEGINT:syslog5424_ver} +(?:%{TIMESTAMP_ISO8601:syslog5424_ts}|-) +(?:%{IPORHOST:syslog5424_host}|-) +(-|%{SYSLOG5424PRINTASCII:syslog5424_app}) +(-|%{SYSLOG5424PRINTASCII:syslog5424_proc}) +(-|%{SYSLOG5424PRINTASCII:syslog5424_msgid}) +(?:%{SYSLOG5424SD:syslog5424_sd}|-|)

Version: 5.0
Operating System: RHEL7
Config File (if you have sensitive info, please remove it):
Sample Data:
Not working line:
<174>1 2016-11-14T09:49:23+01:00 2000:0:0:215:130:20:20:100 named 2255 - - info: client 130.100.100.93#63295 (i1.ytimg.com): query: i1.ytimg.com IN A + (10.10.10.10)
Workin line:
<174>1 2016-11-14T09:32:44+01:00 my_dns.com named 6344 - - info: client 10.11.11.11#63252: query: googlehosted.l.googleusercontent.com IN A + (10.10.10.10)

Answer 1 · 2016-11-14T12:05:59.000Z

closed by #184