RFC5424 not always compliant

mingrammer / flog

:tophat: A fake log generator for common log formats

MIT License

1.09k stars 133 forks source link

RFC5424 not always compliant #60

Open polaris940 opened 7 months ago

polaris940 commented 7 months ago

Logs generated for RFC5424 only compliant about 40% of the time.

Sample set of 100 logs generated with flog: https://regex101.com/r/nMlGtT/1

Testing using the Fluent Bit syslog-rfc5424 parser.

[PARSER]
    Name        syslog-rfc5424
    Format      regex
    Regex       ^\<(?<pri>[0-9]{1,5})\>1 (?<time>[^ ]+) (?<host>[^ ]+) (?<ident>[^ ]+) (?<pid>[-0-9]+) (?<msgid>[^ ]+) (?<extradata>(\[(.*?)\]|-)) (?<message>.+)$
    Time_Key    time
    Time_Format %Y-%m-%dT%H:%M:%S.%L%z
    Time_Keep   On

polaris940 commented 7 months ago

This appears to be directly related to the version value.

As of writing, the only valid version is 1 per the IANA Registered Versions