search

mcuadros / go-syslog

Syslog server library for go.
http://godoc.org/gopkg.in/mcuadros/go-syslog.v2
MIT License
523 stars 143 forks source link

Parsing timestamp #61

Closed rauizab closed 5 years ago

rauizab commented 5 years ago

Hi

For syslog message:

<28>1 2019-03-08T20:52:54.230969489Z a.b.org an-app 119 MsgID1  - msgSyslogPefClient

Result

map[client:172.17.0.3:35224 hostname: app_name: msg_id: structured_data: timestamp:0001-01-01 00:00:00 +0000 UTC proc_id: message: tls_peer: priority:0 facility:0 severity:0 version:0]

It is having problems parsing the timestamp. Is there a way to config the time formatting?

I dont know why but when running in Mac it works but doing it on linux not. In mac I get this message. It looks that in mac there 2 digits less of precision in the timestamp.

<28>1 2019-03-08T21:04:18.262132Z a.b.org an-app 119 msg1 - a message

Thanks in advanced

rauizab commented 5 years ago

Changing this line from 6 to 9 seems to work for both timestamp. https://github.com/mcuadros/go-syslog/blob/master/internal/syslogparser/rfc5424/rfc5424.go#L427

brandond commented 5 years ago

RFC5424 specifies TIME-SECFRAC can be at most 6 digits, so whatever client you're using is not RFC-compliant. This is even covered in an example.

TIME-SECFRAC = "." 1*6DIGIT

   Example 5 - An Invalid TIMESTAMP

         2003-08-24T05:14:15.000000003-07:00

   This example is nearly the same as Example 4, but it is specifying
   TIME-SECFRAC in nanoseconds.  This results in TIME-SECFRAC being
   longer than the allowed 6 digits, which invalidates it.
rauizab commented 5 years ago

Thanks for the clarification.