[FLUME-1666] Syslog source strips timestamp and hostname from log message body - ASF JIRA

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 1.2.0, 1.3.0
Fix Version/s: 1.5.0
Component/s: Sinks+Sources
Labels:
None
Environment:

This occurs with Flume all the way up through 1.3.0.

Description

The syslog source parses incoming syslog messages. In the process, it strips the timestamp and hostname from each log message, and places them as Event headers.

Thus, a syslog message that would normally look like so (when written via rsyslog or syslogd):

Wed Oct 24 09:18:01 UTC 2012 someserver /USR/SBIN/CRON[26981]: (root) CMD (/usr/local/sbin/somescript)

Appears in flume output as:

/USR/SBIN/CRON[26981]: (root) CMD (/usr/local/sbin/somescript)

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending

Attachments

FLUME-1666-SyslogTextSerializer.patch
24/Oct/12 09:36
4 kB
Josh West
FLUME-1666-1.patch
02/Oct/13 00:57
13 kB
Jeff Lord
FLUME-1666-2.patch
06/Oct/13 19:09
14 kB
Jeff Lord
FLUME-1666-3.patch
10/Oct/13 01:14
14 kB
Jeff Lord
FLUME-1666-4.patch
10/Oct/13 01:31
14 kB
Jeff Lord

Issue Links

links to

ReviewBoard

Activity

People

Assignee:

Jeff Lord

Reporter:

Josh West

Votes:

1 Vote for this issue

Watchers:

6 Start watching this issue

Dates

Created:

24/Oct/12 09:21

Updated:

21/Oct/13 21:51

Resolved:

10/Oct/13 01:51