RFC5424 not always compliant
polaris940 opened this issue · 1 comments
polaris940 commented
Logs generated for RFC5424 only compliant about 40% of the time.
Sample set of 100 logs generated with flog
: https://regex101.com/r/nMlGtT/1
Testing using the Fluent Bit syslog-rfc5424 parser.
[PARSER]
Name syslog-rfc5424
Format regex
Regex ^\<(?<pri>[0-9]{1,5})\>1 (?<time>[^ ]+) (?<host>[^ ]+) (?<ident>[^ ]+) (?<pid>[-0-9]+) (?<msgid>[^ ]+) (?<extradata>(\[(.*?)\]|-)) (?<message>.+)$
Time_Key time
Time_Format %Y-%m-%dT%H:%M:%S.%L%z
Time_Keep On
polaris940 commented
This appears to be directly related to the version value.
As of writing, the only valid version is 1
per the IANA Registered Versions