Details
-
Type:
Bug
-
Status: Resolved (View Workflow)
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 19.1.0, Meridian-2017.1.0
-
Fix Version/s: 21.0.0, Meridian-2017.1.1
-
Component/s: Event Reception - Syslog
-
Security Level: Default (Default Security Scheme)
-
Labels:None
-
Sprint:Horizon - September 27th
Description
Because hostname and timezone are both string types, they are being confused by the parser, even though timezone parsing should throw an exception if an invalid value (such as a hostname) is encountered.
If you observe here even though hostname is localhost it’s not considered as hostname since it was parsed as timezone and exception was thrown and further it has got parsed:
<14> Nov 16 00:01:25 localhost postfix/smtpd[1713]: connect from www.opennms.org[10.1.1.1] true UEI : uei.opennms.org/syslogd/user/Info Time : Wed Nov 16 00:01:25 IST 2016 NodeId : 0 Ip Address : null Host Name : null Log Message : connect from www.opennms.org[10.1.1.1] Syslog Message : connect from www.opennms.org[10.1.1.1] Nov 15 18:31:25 Facility : user Priority : Info
This is parsed correctly:
<19> Nov 17 14:28:48 CST %AUTHPRIV-3-SYSTEM_MSG[0]: Authentication failed from 10.10.10.10 - sshd[20189] true UEI : uei.opennms.org/syslogd/mail/Error Time : Thu Nov 17 14:28:48 IST 2016 NodeId : 0 Ip Address : null Host Name : null Log Message : Authentication failed from 10.10.10.10 - sshd[20189] Syslog Message : Authentication failed from 10.10.10.10 - sshd[20189] Nov 17 08:58:48 Facility : mail Priority : Error
If we keep hostname first and time zone we can see following, hostname is parsed correctly:
<14> Nov 16 00:01:25 localhost postfix/smtpd[1713]: connect from www.opennms.org[10.1.1.1] true UEI : uei.opennms.org/syslogd/user/Info Time : Wed Nov 16 00:01:25 IST 2016 NodeId : 0 Ip Address : 127.0.0.1 Host Name : localhost Log Message : connect from www.opennms.org[10.1.1.1] Syslog Message : connect from www.opennms.org[10.1.1.1] Nov 15 18:31:25 Facility : user Priority : Info Process : postfix/smtpd Processid : 1713
But here time zone is considered as hostname:
<19> Nov 17 14:28:48 CST %AUTHPRIV-3-SYSTEM_MSG[0]: Authentication failed from 10.10.10.10 - sshd[20189] true UEI : uei.opennms.org/syslogd/mail/Error Time : Thu Nov 17 14:28:48 IST 2016 NodeId : 0 Ip Address : 10.10.2.2 Host Name : CST Log Message : Authentication failed from 10.10.10.10 - sshd[20189] Syslog Message : Authentication failed from 10.10.10.10 - sshd[20189] Nov 17 08:58:48 Facility : mail Priority : Error Process : %AUTHPRIV-3-SYSTEM_MSG Processid : 0