vche
commented
2 years ago Hi, That is absolutely correct, thanks for raising this. I'll provide a fix for this as soon as possible.
Closed gearnode closed 2 years ago
vche
commented
2 years ago Hi, That is absolutely correct, thanks for raising this. I'll provide a fix for this as soon as possible.
vche
commented
2 years ago Fixed in rev 0.2.12
The decoder RFC 5424 does not correctly parse structured data. Currently, the parser parses only one structured data, which completely breaks the specification. As defined by the RFC 5424 ABF a Syslog message can contain no, one or more than one structured data.
Here is an example of a not properly parsed message:
In this example, the message contains two structured data (but we can have a message with more than two) but the flowgger decoder only parses the first one and consider the rest a message, which is not correct too as the structured data and the message must be separated with a space.