Uploaded image for project: 'Flume'
  1. Flume
  2. FLUME-1277

Error parsing Syslog rfc 3164 messages with null values

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 1.1.0, 1.2.0
    • Fix Version/s: 1.3.0
    • Component/s: Sinks+Sources
    • Labels:
      None

      Description

      The SyslogUtils class doesn't properly parse rfc 3164 style messages containing a null (hyphen) value. e.g.,
      <10>Apr 1 13:14:04 ubuntu-11.cloudera.com - rest_of_message

      It tries to parse it as a 5424 style message, skips over the date information, and interprets the first hyphen as a null timestamp. Part of the problem is the use of a Scanner and regex. This skips over a properly formatted 3164 style message until it finds anything that matches the 5424 regex, including a hyphen.

        Attachments

        1. FLUME-1277-test.patch
          2 kB
          Brent Halsey
        2. FLUME-1277-fix.patch
          5 kB
          Brent Halsey
        3. FLUME-1277-1.patch
          7 kB
          Brock Noland
        4. FLUME-1277-1a.patch
          7 kB
          Mike Percy

          Issue Links

            Activity

              People

              • Assignee:
                brocknoland Brock Noland
                Reporter:
                brenthalsey Brent Halsey
              • Votes:
                1 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: