Flume
  1. Flume
  2. FLUME-1277

Error parsing Syslog rfc 3164 messages with null values

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: v1.1.0, v1.2.0
    • Fix Version/s: v1.3.0
    • Component/s: Sinks+Sources
    • Labels:
      None

      Description

      The SyslogUtils class doesn't properly parse rfc 3164 style messages containing a null (hyphen) value. e.g.,
      <10>Apr 1 13:14:04 ubuntu-11.cloudera.com - rest_of_message

      It tries to parse it as a 5424 style message, skips over the date information, and interprets the first hyphen as a null timestamp. Part of the problem is the use of a Scanner and regex. This skips over a properly formatted 3164 style message until it finds anything that matches the 5424 regex, including a hyphen.

      1. FLUME-1277-test.patch
        2 kB
        Brent Halsey
      2. FLUME-1277-fix.patch
        5 kB
        Brent Halsey
      3. FLUME-1277-1a.patch
        7 kB
        Mike Percy
      4. FLUME-1277-1.patch
        7 kB
        Brock Noland

        Issue Links

          Activity

          No work has yet been logged on this issue.

            People

            • Assignee:
              Brock Noland
              Reporter:
              Brent Halsey
            • Votes:
              1 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development