When using rsyslog log files formatted in RFC5424 (http://tools.ietf.org/html/rfc5424), date stamps are prepended with facility/severity/version information. Currently the placeholder syntax can't deal with arbitrary positions so the following causes problems for timestamp parsing.

      <6>1 2014-05-01T00:10:40.427496-07:00 localhost kernel - - - [644618.429326] ata1.00: configured for UDMA/133
      <86>1 2014-05-15T06:05:01.363510-07:00 localhost crond 7443 - - pam_unix(crond:session): session opened for user root by (uid=0)

      Perhaps using selectable regex patterns (similar to currently functionality in adm.regexps.php) would be appropriate for time stamp parsing.

            Unassigned Unassigned
            don.harrop Don Harrop
            0 Vote for this issue
            0 Start watching this issue