Uploaded image for project: 'OpenNMS'
  1. OpenNMS
  2. NMS-5242

syslog date parsing fails in non-English locales

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 1.10.0
    • Fix Version/s: 1.10.1
    • Security Level: Default (Default Security Scheme)
    • Labels:
      None

      Description

      openNMS doesn't create events from my syslog messages since the upgrade to 1.10

      Here's syslogd-configuration.xml:

      root@opennms:/etc/opennms/syslog# cat ../syslogd-configuration.xml
      <?xml version="1.0"?>
      <syslogd-configuration>
      <configuration
      syslog-port="10514"
      new-suspect-on-message="false"
      parser="org.opennms.netmgt.syslogd.CustomSyslogParser"
      forwarding-regexp="^((.+?) (.*))\n?$"
      matching-group-host="2"
      matching-group-message="3"
      discard-uei="DISCARD-MATCHING-MESSAGES"
      />

      <!--
      </snip>
      -->

      <import-file>syslog/ApacheHTTPD.syslog.xml</import-file>
      <import-file>syslog/LinuxKernel.syslog.xml</import-file>
      <import-file>syslog/OpenSSH.syslog.xml</import-file>
      <import-file>syslog/Sudo.syslog.xml</import-file>
      <import-file>syslog/Belnet.xml</import-file>
      <!-- <import-file>syslog/DiscardAll.xml</import-file> -->

      <hideMessage>
      <hideMatch>
      <match type="substr" expression="TEST"/>
      </hideMatch>
      </hideMessage>

      And here's a trace of syslogd when receiving a syslog message:

      012-03-14 17:10:20,711 DEBUG [Syslog Event Receiver[0.0.0.0:10514]] SyslogReceiver: Wating on a datagram to arrive
      2012-03-14 17:10:20,712 DEBUG [SyslogConnection] ConvertToEvent: Converting to event: org.opennms.netmgt.syslogd.ConvertToEvent@7fd38ffc[Sender=....,Port=45961,Acknowledged Events=[],Event=<null>]
      2012-03-14 17:10:20,713 TRACE [SyslogConnection] CustomSyslogParser: priority code = 81
      2012-03-14 17:10:20,713 TRACE [SyslogConnection] CustomSyslogParser: message = Mar 14 17:10:25 petrus sudo: cyrille : user NOT in sudoers ; TTY=pts/2 ; PWD=/home/cyrille ; USER=root ; COMMAND=/usr/bin/vi /etc/aliases
      2012-03-14 17:10:20,713 TRACE [SyslogConnection] CustomSyslogParser: stdMsg = true
      2012-03-14 17:10:20,713 TRACE [SyslogConnection] CustomSyslogParser: timestamp = Mar 14 17:10:25
      2012-03-14 17:10:20,713 DEBUG [SyslogConnection] CustomSyslogParser: Unable to parse date 'Mar 14 17:10:25'
      java.text.ParseException: Unparseable date: "Mar 14 17:10:25"
      at java.text.DateFormat.parse(DateFormat.java:337)
      at org.opennms.netmgt.syslogd.SyslogParser.parseDate(SyslogParser.java:120)
      at org.opennms.netmgt.syslogd.CustomSyslogParser.parse(CustomSyslogParser.java:139)
      at org.opennms.netmgt.syslogd.ConvertToEvent.make(ConvertToEvent.java:200)
      at org.opennms.netmgt.syslogd.ConvertToEvent.make(ConvertToEvent.java:139)
      at org.opennms.netmgt.syslogd.SyslogConnection.run(SyslogConnection.java:107)
      at java.lang.Thread.run(Thread.java:662)
      2012-03-14 17:10:20,714 TRACE [SyslogConnection] CustomSyslogParser: message = petrus sudo: cyrille : user NOT in sudoers ; TTY=pts/2 ; PWD=/home/cyrille ; USER=root ; COMMAND=/usr/bin/vi /etc/aliases
      2012-03-14 17:10:20,714 TRACE [SyslogConnection] CustomSyslogParser: pattern = ^((.+?) (.*))\n?$
      2012-03-14 17:10:20,714 TRACE [SyslogConnection] CustomSyslogParser: host group = 2
      2012-03-14 17:10:20,714 TRACE [SyslogConnection] CustomSyslogParser: message group = 3
      2012-03-14 17:10:20,714 TRACE [SyslogConnection] CustomSyslogParser: Syslog message 'petrus sudo: cyrille : user NOT in sudoers ; TTY=pts/2 ; PWD=/home/cyrille ; USER=root ; COMMAND=/usr/bin/vi /etc/aliases' matched regexp '^((.+?) (.*))\n?$'
      2012-03-14 17:10:20,714 TRACE [SyslogConnection] CustomSyslogParser: Found host 'petrus'
      2012-03-14 17:10:20,714 TRACE [SyslogConnection] CustomSyslogParser: Found message 'sudo: cyrille : user NOT in sudoers ; TTY=pts/2 ; PWD=/home/cyrille ; USER=root ; COMMAND=/usr/bin/vi /etc/aliases'
      2012-03-14 17:10:20,714 DEBUG [SyslogConnection] ConvertToEvent: got syslog message org.opennms.netmgt.syslogd.SyslogMessage@1a922af4[facility=authpriv,severity=Alert,version=<null>,date=<null>,hostname=petrus,message ID=<null>,process name=sudo,process ID=0,message= cyrille : user NOT in sudoers ; TTY=pts/2 ; PWD=/home/cyrille ; USER=root ; COMMAND=/usr/bin/vi /etc/aliases]

      Thanks for the help,

      Cyrille

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                ranger Benjamin Reed
                Reporter:
                stcyr Cyrille Bollu
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: