New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RFC5424 not always compliant #60

Open

polaris940 opened this issue Feb 8, 2024 · 1 comment

polaris940 commented Feb 8, 2024

Logs generated for RFC5424 only compliant about 40% of the time.

Sample set of 100 logs generated with flog: https://regex101.com/r/nMlGtT/1

Testing using the Fluent Bit syslog-rfc5424 parser.

[PARSER]
    Name        syslog-rfc5424
    Format      regex
    Regex       ^\<(?<pri>[0-9]{1,5})\>1 (?<time>[^ ]+) (?<host>[^ ]+) (?<ident>[^ ]+) (?<pid>[-0-9]+) (?<msgid>[^ ]+) (?<extradata>(\[(.*?)\]|-)) (?<message>.+)$
    Time_Key    time
    Time_Format %Y-%m-%dT%H:%M:%S.%L%z
    Time_Keep   On

The text was updated successfully, but these errors were encountered:

Author

polaris940 commented Feb 8, 2024

This appears to be directly related to the version value.

As of writing, the only valid version is 1 per the IANA Registered Versions

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment