[NMS-9522] RadixTreeSyslogParser confuses timezone and hostname fields - The OpenNMS Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Resolved (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 19.1.0, Meridian-2017.1.0
Fix Version/s: 21.0.0, Meridian-2017.1.1
Component/s: Event Reception - Syslog
Security Level: Default (Default Security Scheme)
Labels:
None

Sprint:
Horizon - September 27th

Description

Because hostname and timezone are both string types, they are being confused by the parser, even though timezone parsing should throw an exception if an invalid value (such as a hostname) is encountered.

If you observe here even though hostname is localhost it’s not considered as hostname since it was parsed as timezone and exception was thrown and further it has got parsed:

<14> Nov 16 00:01:25 localhost postfix/smtpd[1713]: connect from www.opennms.org[10.1.1.1]
true
UEI : uei.opennms.org/syslogd/user/Info
Time : Wed Nov 16 00:01:25 IST 2016
NodeId : 0
Ip Address : null
Host Name : null
Log Message : connect from www.opennms.org[10.1.1.1]
Syslog Message : connect from www.opennms.org[10.1.1.1]
Nov 15 18:31:25
Facility : user
Priority : Info

This is parsed correctly:

<19> Nov 17 14:28:48 CST %AUTHPRIV-3-SYSTEM_MSG[0]: Authentication failed from 10.10.10.10 - sshd[20189]
true
UEI : uei.opennms.org/syslogd/mail/Error
Time : Thu Nov 17 14:28:48 IST 2016
NodeId : 0
Ip Address : null
Host Name : null
Log Message : Authentication failed from 10.10.10.10 - sshd[20189]
Syslog Message : Authentication failed from 10.10.10.10 - sshd[20189]
Nov 17 08:58:48
Facility : mail
Priority : Error

If we keep hostname first and time zone we can see following, hostname is parsed correctly:

<14> Nov 16 00:01:25 localhost postfix/smtpd[1713]: connect from www.opennms.org[10.1.1.1]
true
UEI : uei.opennms.org/syslogd/user/Info
Time : Wed Nov 16 00:01:25 IST 2016
NodeId : 0
Ip Address : 127.0.0.1
Host Name : localhost
Log Message : connect from www.opennms.org[10.1.1.1]
Syslog Message : connect from www.opennms.org[10.1.1.1]
Nov 15 18:31:25
Facility : user
Priority : Info
Process : postfix/smtpd
Processid : 1713

But here time zone is considered as hostname:

<19> Nov 17 14:28:48 CST %AUTHPRIV-3-SYSTEM_MSG[0]: Authentication failed from 10.10.10.10 - sshd[20189]
true
UEI : uei.opennms.org/syslogd/mail/Error
Time : Thu Nov 17 14:28:48 IST 2016
NodeId : 0
Ip Address : 10.10.2.2
Host Name : CST
Log Message : Authentication failed from 10.10.10.10 - sshd[20189]
Syslog Message : Authentication failed from 10.10.10.10 - sshd[20189]
Nov 17 08:58:48
Facility : mail
Priority : Error
Process : %AUTHPRIV-3-SYSTEM_MSG
Processid : 0

Attachments

Activity

People

Assignee:

Seth Leger

Reporter:

Malatesh

Votes:

0 Vote for this issue

Watchers:

2 Start watching this issue

Dates

Created:

19/Jul/17 2:46 PM

Updated:

10/Oct/17 3:29 PM

Resolved:

10/Oct/17 3:29 PM