Details

    • Type: Change Request (Sub-task)
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Agent (G), Frontend (F)
    • Environment:
      N/A

      Description

      When using rsyslog log files formatted in RFC5424 (http://tools.ietf.org/html/rfc5424), date stamps are prepended with facility/severity/version information. Currently the placeholder syntax can't deal with arbitrary positions so the following causes problems for timestamp parsing.

      <6>1 2014-05-01T00:10:40.427496-07:00 localhost kernel - - - [644618.429326] ata1.00: configured for UDMA/133
      <86>1 2014-05-15T06:05:01.363510-07:00 localhost crond 7443 - - pam_unix(crond:session): session opened for user root by (uid=0)

      Perhaps using selectable regex patterns (similar to currently functionality in adm.regexps.php) would be appropriate for time stamp parsing.

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            don.harrop Don Harrop
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated: