[FLUME-1666] Syslog source strips timestamp and hostname from log message body - ASF JIRA

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: v1.2.0, v1.3.0
Fix Version/s: v1.5.0
Component/s: Sinks+Sources
Labels:
None
Environment:

This occurs with Flume all the way up through 1.3.0.

Description

The syslog source parses incoming syslog messages. In the process, it strips the timestamp and hostname from each log message, and places them as Event headers.

Thus, a syslog message that would normally look like so (when written via rsyslog or syslogd):

Wed Oct 24 09:18:01 UTC 2012 someserver /USR/SBIN/CRON[26981]: (root) CMD (/usr/local/sbin/somescript)

Appears in flume output as:

/USR/SBIN/CRON[26981]: (root) CMD (/usr/local/sbin/somescript)

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending

Attachments

FLUME-1666-SyslogTextSerializer.patch

24/Oct/12 10:36

4 kB

Josh West
FLUME-1666-4.patch

10/Oct/13 02:31

14 kB

Jeff Lord
FLUME-1666-3.patch

10/Oct/13 02:14

14 kB

Jeff Lord
FLUME-1666-2.patch

06/Oct/13 20:09

14 kB

Jeff Lord
FLUME-1666-1.patch

02/Oct/13 01:57

13 kB

Jeff Lord

Issue Links

links to

ReviewBoard

Activity

No work has yet been logged on this issue.

People

Assignee:

Jeff Lord

Reporter:

Josh West

Votes:

1 Vote for this issue

Watchers:

8 Start watching this issue

Dates

Created:

24/Oct/12 10:21

Updated:

21/Oct/13 22:51

Resolved:

10/Oct/13 02:51

Development

Agile

View on Board