[FLUME-1666] Syslog source strips timestamp and hostname from log message body - ASF JIRA

Attach files

Attach Screenshot

Voters

Watch issue

Watchers

Create sub-task

Link

Clone

Update Comment Author

Replace String in Comment

Update Comment Visibility

Delete Comments

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 1.2.0, 1.3.0
Fix Version/s: 1.5.0
Component/s: Sinks+Sources
Labels:
None
Environment:

This occurs with Flume all the way up through 1.3.0.

Description

The syslog source parses incoming syslog messages. In the process, it strips the timestamp and hostname from each log message, and places them as Event headers.

Thus, a syslog message that would normally look like so (when written via rsyslog or syslogd):

Wed Oct 24 09:18:01 UTC 2012 someserver /USR/SBIN/CRON[26981]: (root) CMD (/usr/local/sbin/somescript)

Appears in flume output as:

/USR/SBIN/CRON[26981]: (root) CMD (/usr/local/sbin/somescript)

Attachments

FLUME-1666-1.patch
02/Oct/13 04:57
13 kB
Jeff Lord
FLUME-1666-2.patch
06/Oct/13 23:09
14 kB
Jeff Lord
FLUME-1666-3.patch
10/Oct/13 05:14
14 kB
Jeff Lord
FLUME-1666-4.patch
10/Oct/13 05:31
14 kB
Jeff Lord
FLUME-1666-SyslogTextSerializer.patch
24/Oct/12 13:36
4 kB
Josh West

Add Link

Issue Links

links to

ReviewBoard

Delete this link

Activity

Comment

$i18n.getText('security.level.explanation', $currentSelection) Viewable by All Users

Cancel

People

Assignee:

Jeff Lord

Reporter:

Josh West

Votes:

1 Vote for this issue

Watchers:

7 Start watching this issue

Dates

Created:

24/Oct/12 13:21

Updated:

22/Oct/13 01:51

Resolved:

10/Oct/13 05:51

Agile

View on Board

Details

Description

Attachments

Attachments

Issue Links

Activity

People

Dates

Agile

Issue deployment