Syslog incorrect dates being parsed into database

Description

The events are being inserted into the database but the for some reason the datas are 1 year before (2019-03-06 is being interested as 2018-03-06). Note this issue tends to occur after a random amount of timeand not immediately when opennms is started.

Attachment Contains:

Database output of example issue (review years in eventtime column)
Example syslog message in wireshark (decode 10514 as syslog)
syslogd configuration and syslog parsers

Have been recommend to try org.opennms.netmgt.syslogd.RadixTreeSyslogParser by Jesse in IRC chat - Will try that and confirm if there is any difference in behaviour.

Acceptance / Success Criteria

None

Attachments

07 Mar 2019, 08:54 AM

Lucidchart Diagrams

Activity

Show:

Benjamin Reed December 2, 2019 at 7:04 PM

Can anyone think of a reason I shouldn't cherry-pick this back to foundation-2018? I'm waiting for a bamboo run on https://opennms.atlassian.net/browse/NMS-12390#icft=NMS-12390 but it failed because of these changes.

Patrick Schweizer September 20, 2019 at 1:35 PM

PR: https://github.com/OpenNMS/opennms/pull/2719

Patrick Schweizer September 18, 2019 at 4:03 PM

Assumptions for this bug as discussed with @Jesse White:

the problem occurs for small time differences when the OpenNMS system and the system sending the syslog messages are not in sync
we don't expect to get messages from a long time ago
we need to take into account the switch of the year (Dec 31st / Jan 1st)

Patrick Schweizer September 18, 2019 at 3:54 PM

See also patch here: https://github.com/OpenNMS/opennms/commit/a7052d07a9640698a3dd1fa17254b810fbd4cf80

Joe Madden May 9, 2019 at 8:49 AM

Jesse,

Thanks - I've worked around it for now by using the following setting rfc => "rfc5424" in logstash which forces the date to be set.

This with the org.opennms.netmgt.syslogd.RadixTreeSyslogParser works a treat and works around the issue.

Thanks

Joe.

Fixed

Details
Assignee
Patrick Schweizer
Reporter
Joe Madden
Components
Event Reception - Syslog
Fix versions
25.0.0
Meridian-2018.1.14
Affects versions
23.0.3
24.0.0
Priority
Major

PagerDuty

Created March 7, 2019 at 8:51 AM

Updated December 2, 2019 at 9:47 PM

Resolved September 22, 2019 at 1:41 PM

Syslog incorrect dates being parsed into database

Description

Acceptance / Success Criteria

Attachments

Lucidchart Diagrams

Activity

Benjamin Reed December 2, 2019 at 7:04 PM

Patrick Schweizer September 20, 2019 at 1:35 PM

Patrick Schweizer September 18, 2019 at 4:03 PM

Patrick Schweizer September 18, 2019 at 3:54 PM

Joe Madden May 9, 2019 at 8:49 AM

Details
Assignee
Patrick Schweizer
Reporter
Joe Madden
Components
Event Reception - Syslog
Fix versions
25.0.0
Meridian-2018.1.14
Affects versions
23.0.3
24.0.0
Priority
Major

Details

Assignee

Reporter

Components

Fix versions

Affects versions

Priority

PagerDuty

PagerDuty

Flag notifications

Something's gone wrong

Something's gone wrong

Syslog incorrect dates being parsed into database

Description

Acceptance / Success Criteria

Attachments

Lucidchart Diagrams

Activity

Benjamin Reed December 2, 2019 at 7:04 PM

Patrick Schweizer September 20, 2019 at 1:35 PM

Patrick Schweizer September 18, 2019 at 4:03 PM

Patrick Schweizer September 18, 2019 at 3:54 PM

Joe Madden May 9, 2019 at 8:49 AM

DetailsAssigneePatrick SchweizerPatrick SchweizerReporterJoe MaddenJoe MaddenComponentsEvent Reception - SyslogFix versions25.0.0Meridian-2018.1.14Affects versions23.0.324.0.0PriorityMajor

Details

Assignee

Reporter

Components

Fix versions

Affects versions

Priority

PagerDutyPagerDuty Incident

PagerDuty

Flag notifications

Something's gone wrong

Something's gone wrong

Details
Assignee
Patrick Schweizer
Reporter
Joe Madden
Components
Event Reception - Syslog
Fix versions
25.0.0
Meridian-2018.1.14
Affects versions
23.0.3
24.0.0
Priority
Major

PagerDuty