srv-rr-github-token
commented
10 months ago :tada: This PR is included in version 3.4.6 :tada:
The release is available on GitHub release
Your semantic-release bot :package::rocket:
Closed mstopa-splunk closed 10 months ago
srv-rr-github-token
commented
10 months ago :tada: This PR is included in version 3.4.6 :tada:
The release is available on GitHub release
Your semantic-release bot :package::rocket:
solves https://github.com/splunk/splunk-connect-for-syslog/issues/2180
This Pull Request introduces a breaking change to the codebase that addresses an issue related to parsing logs from Dell EMC PowerSwitch N devices. Previously, the logs were parsed based on message content using the syslog parser located at
package/etc/conf.d/conflib/syslog/app-syslog-dell_switch_n.conf.Background
In issue #2180, it was reported that the existing parser had a bug and incorrectly classified events from various devices such as VMware vSphere, ISC BIND, Cisco IOS, and Aruba ClearPass. The root cause of the issue was identified as a flawed design of the parser, which did not rely on unique message characteristics of Dell PowerSwitch N devices. Instead, it improperly classified events based on the hyphen in the hostname, whenever the program name started with an uppercase letter.
Breaking Change Details
To rectify this issue and improve the accuracy of log parsing, a breaking change was introduced. The syslog parser
package/etc/conf.d/conflib/syslog/app-syslog-dell_switch_n.confhas been replaced with a new netsource parser located atpackage/etc/conf.d/conflib/netsource/app-netsource-dell_switch_n.conf.Impact
This breaking change will affect any existing functionality or configurations that relied on the previous syslog parser for Dell PowerSwitch N logs.