Uploaded image for project: 'OpenNMS'
  1. OpenNMS
  2. NMS-9251

Handle RFC 5424 structured data when parsing syslog messages

    XMLWordPrintable

    Details

    • Type: Enhancement
    • Status: Open (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 19.0.0
    • Fix Version/s: None
    • Security Level: Default (Default Security Scheme)
    • Labels:
      None

      Description

      In current syslog parsers, we are discarding the RFC 5424 structured data (SD) portion of the datagram. Instead of this, we should assign all structured data params as OpenNMS event params. I suggest using the following method of prepending the SD-ID to each PARAM-NAME, for example:

      [myParamId@12345 class="high" style="wide"]
      

      could become:

      <parm parmName="myParamId.class" value="high"/>
      <parm parmName="myParamId.style" value="wide"/>
      

      This would discard the enterpriseId ("12345" in the example): we'll have to see how crucial that field is to understanding the SD content.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              seth Seth Leger (Inactive)
              Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated: