Your message dated Tue, 23 Jul 2024 18:19:42 +0000
with message-id <[email protected]>
and subject line Bug#1076809: fixed in libparse-syslog-perl 1.10-5
has caused the Debian Bug report #1076809,
regarding libparse-syslog-perl: does not support RFC3339 timestamps
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1076809: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076809
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libparse-syslog-perl
Version: 1.10-4
Severity: normal
Forwarded: https://rt.cpan.org/Ticket/Display.html?id=63897
Tags: patch upstream
X-Debbugs-Cc: [email protected]
Dear Maintainer,
in Debian 12 rsyslog generates RFC3339 timestamps in the logs, which
looks like
2024-07-22T06:25:47.214320+02:00
that cannot be parsed by Parse::Syslog 1.10.
This issue is known upstream (see
https://rt.cpan.org/Ticket/Display.html?id=63897).
I extracted the patch to fix this from upstream bug report, added a
little test fixup (to the tests work with time zone different to CET)
and this looks good for me.
If you like, I could do a team upload with these patches applied and
maybe some housekeeping...
(maybe including a backports upload, since this hurts with the time
format change in rsyslog in Debian 12).
Or is it bad style to fix upstream "missing features" in Debian
package if upstream seems to be "inactive"? I don't know the team
policy here...
Greetings
Roland
From: Martin Schütte <[email protected]>
Date: Sun, 10 Apr 2021 18:56:47 +0200
Subject: Support for RFC3339 Timestamps
Bug: https://rt.cpan.org/Public/Bug/Display.html?id=63897
Origin: https://rt.cpan.org/Public/Bug/Display.html?id=63897
--- a/lib/Parse/Syslog.pm
+++ b/lib/Parse/Syslog.pm
@@ -82,6 +82,12 @@
my $time;
if($GMT) {
$time = timegm(@_);
+ # with explicit timezone:
+ if($GMT =~ /^([\+\-])(\d\d):(\d\d)$/) {
+ my $off_secs = 60 * (60*$2 + $3);
+ $off_secs *= -1 if ($1 eq '+');
+ $time += $off_secs;
+ }
}
else {
$time = timelocal(@_);
@@ -236,19 +242,33 @@
\s+
(?:\[LOG_[A-Z]+\]\s+)? # FreeBSD
(.*) # text -- 7
+ $/x or
+ $str =~ /^
+ (\d\d\d\d)-(\d\d)-(\d\d) # RFC3339 or syslog-ng ISO date -- 1, 2, 3
+ T
+ (\d+):(\d+):(\d+)(?:\.\d+)? # time (optional frac_sec) -- 4, 5, 6
+ (Z|[\+\-]\d\d:\d\d) # TZ -- 7
+ \s
+ ([-\w\.\@:]+) # host -- 8
+ \s+
+ (.*) # text -- 9
$/x or do
{
warn "WARNING: line not in syslog format: $str";
next line;
};
-
- my $mon = $months_map{$1};
- defined $mon or croak "unknown month $1\n";
-
- $self->_year_increment($mon);
-
+ my ($time, $host, $text);
# convert to unix time
- my $time = $self->str2time($5,$4,$3,$2,$mon,$self->{year}-1900,$self->{GMT});
+ if (defined($months_map{$1})) { # BSD Syslog
+ my $mon = $months_map{$1};
+ defined $mon or croak "unknown month $1\n";
+ $self->_year_increment($mon);
+ $time = $self->str2time($5,$4,$3,$2,$mon,$self->{year}-1900,$self->{GMT});
+ ($host, $text) = ($6, $7);
+ } else { # RFC3339/syslog-ng
+ $time = $self->str2time($6,$5,$4,$3,$2-1,$1-1900,$7);
+ ($host, $text) = ($8, $9);
+ }
if(not $self->{allow_future}) {
# accept maximum one day in the present future
if($time - time > 86400) {
@@ -256,9 +276,6 @@
next line;
}
}
-
- my ($host, $text) = ($6, $7);
-
# last message repeated ... times
if($text =~ /^(?:last message repeated|above message repeats) (\d+) time/) {
next line if defined $self->{repeat} and not $self->{repeat};
--- /dev/null
+++ b/t/linux-rfc3339syslog
@@ -0,0 +1,12 @@
+2001-08-12T04:55:36Z hathi last message repeated 6 times
+2001-08-12T04:55:06Z hathi sshd[1966]: error: Hm, dispatch protocol error: type 32 plen 4
+2001-08-12T04:55:36Z hathi last message repeated 6 times
+2001-08-12T04:56:36.123456Z hathi last message repeated 12 times
+2001-08-12T04:59:16Z hathi last message repeated 8 times
+2001-08-12T06:59:19+02:00 avalon avalon snort[2176]: IDS552/web-iis_IIS ISAPI Overflow ida: 212.217.33.195:4850 -> 192.168.17.1:80
+2001-08-12T05:59:19+01:00 avalon avalon snort[2176]: IDS243/web-cgi_http-cgi-pipe: 212.217.33.195:4850 -> 192.168.17.1:80
+2001-08-12T00:59:21.0-04:00 hathi sshd[1966]: error: Hm, dispatch protocol error: type 32 plen 4
+2001-08-12T00:59:56.98-04:00 hathi last message repeated 7 times
+2001-08-12T14:00:01+09:00 hathi sshd[1966]: error: Hm, dispatch protocol error: type 32 plen 4
+2001-01-27T17:59:28+00:00 saturne keytable: Loading keymap: fr-latin1 succeeded
+2001-01-28T19:21:28+03:30 pluton syslogd 1.3-3#33.1: restart (remote reception).
--- /dev/null
+++ b/t/rfc3339.t
@@ -0,0 +1,32 @@
+use Test;
+use lib "lib";
+BEGIN { plan tests => 41 };
+use Parse::Syslog;
+ok(1); # If we made it this far, we're ok.
+
+#########################
+
+my $parser = Parse::Syslog->new("t/linux-rfc3339syslog");
+open(PARSED, "<t/linux-parsed") or die "can't open t/linux-parsed: $!\n";
+while(my $sl = $parser->next) {
+ my $is = '';
+ $is .= "time : ".(localtime($sl->{timestamp}))."\n";
+ $is .= "host : $sl->{host}\n";
+ $is .= "program : $sl->{program}\n";
+ $is .= "pid : ".(defined $sl->{pid} ? $sl->{pid} : 'undef')."\n";
+ $is .= "text : $sl->{text}\n";
+ $is .= "\n";
+ print "$is";
+
+ my $shouldbe = '';
+ $shouldbe .= <PARSED>;
+ $shouldbe .= <PARSED>;
+ $shouldbe .= <PARSED>;
+ $shouldbe .= <PARSED>;
+ $shouldbe .= <PARSED>;
+ $shouldbe .= <PARSED>;
+
+ ok($is, $shouldbe);
+}
+
+# vim: set filetype=perl:
From: Roland Rosenfeld <[email protected]>
Date: Tue, 23 Jul 2024 13:54:29 +0200
Subject: Fix t/rfc3339.t if timezone is not CET.
Same fix as in t/dst.t (fix released there in 1.06).
--- a/t/rfc3339.t
+++ b/t/rfc3339.t
@@ -1,10 +1,13 @@
use Test;
+use POSIX;
use lib "lib";
BEGIN { plan tests => 41 };
use Parse::Syslog;
ok(1); # If we made it this far, we're ok.
#########################
+$ENV{TZ} = 'CET-1CEST-2,M3.5.0/02:00:00,M10.5.0/03:00:00';
+POSIX::tzset();
my $parser = Parse::Syslog->new("t/linux-rfc3339syslog");
open(PARSED, "<t/linux-parsed") or die "can't open t/linux-parsed: $!\n";
--- End Message ---
--- Begin Message ---
Source: libparse-syslog-perl
Source-Version: 1.10-5
Done: Roland Rosenfeld <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libparse-syslog-perl, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Roland Rosenfeld <[email protected]> (supplier of updated libparse-syslog-perl
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 23 Jul 2024 19:53:13 +0200
Source: libparse-syslog-perl
Architecture: source
Version: 1.10-5
Distribution: unstable
Urgency: medium
Maintainer: Debian Perl Group <[email protected]>
Changed-By: Roland Rosenfeld <[email protected]>
Closes: 1076809
Changes:
libparse-syslog-perl (1.10-5) unstable; urgency=medium
.
* Team upload.
* 01_rfc3339: Add support for RFC3339 timestamps (Closes: #1076809).
* 02_rfc3339_tztest: Fix test with timezone other then CET.
* Upgrade Standards-Version to 4.7.0 (no changes).
* Set Rules-Requires-Root: no.
* Add debian/upstream/metadata.
* Add debian/salsa-ci.yml pipeline.
* Lintian override missing upstream repository.
Checksums-Sha1:
bb8b299dd0aa649314db54b7d85f831f098e3329 2199 libparse-syslog-perl_1.10-5.dsc
8ded43268bfadae29f8ed35ec908261bb78f602b 5596
libparse-syslog-perl_1.10-5.debian.tar.xz
03aef1adb2ba320ecb3ba5b7ee1aa55658e8c850 6243
libparse-syslog-perl_1.10-5_source.buildinfo
Checksums-Sha256:
b62aacf0530248e33425699de822e3bdb7550d9e73a18ae14fbdc41ee3c21c45 2199
libparse-syslog-perl_1.10-5.dsc
b7f03c018129e404d31ea955199d8366803dcfd2564b6a27f992dfea6ee61fd3 5596
libparse-syslog-perl_1.10-5.debian.tar.xz
e6f0d447b01a85153c6d9a75114d4ba8505522a8fa89e99db733b8d10e69476c 6243
libparse-syslog-perl_1.10-5_source.buildinfo
Files:
c2e9987c273eb721758f1f244ee01315 2199 perl optional
libparse-syslog-perl_1.10-5.dsc
9798e4ecc4056ae120baecb1b573fc72 5596 perl optional
libparse-syslog-perl_1.10-5.debian.tar.xz
07e7f8e58198e7f6f9eba6dacfd4a255 6243 perl optional
libparse-syslog-perl_1.10-5_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEErC+9sQSUPYpEoCEdAnE7z8pUELIFAmaf7kIACgkQAnE7z8pU
ELKZWBAAmblyHLI/gnlpacOMw0KTYxg3Af4qWcUpQj2A2ooiSSpshTJfReXgEsg/
J4lg1eDv0rdfLrRqZr1g1yhJZlpd/JeuKUuNHkgVeiHhWMqD856ahtVwH7ZXRF+W
VwH8h0CqRzbWBoxWmC7bLD8jy10O9cY3Ys4rbM2xTZTEkVIdoGbYFNJUeX/43euQ
MIi3px/sAgvqWwJSYBkZax2B4Dgjjf1ivwF9xJxV/NVpUZIUQ4AOeOGqRIsHZItM
+GjLukZRnjPUC2SuSqyBsZlgMThybmQGsJC5reOzVqrqBlOgrH8mtMvhYeG+v8Qp
FnmrPpV85sLJqrWgZotllwqKgisxQ5vFSNtd7ZYFJbatl8n35R2zCfXNNLRPhsi0
u0Fue6WtnEaLD1ilc6Tcb/bA3LvBzCVuI1TmBwC3VF3/fjPseaRWb37F06cL8VCk
IB/utI0xaKEO47fb8np2nLqQQsJ6+CM0h7FA4n8FJ3QX1WxtUsQp4MaCWRRZAzv+
aLu5lWD/SK1KTtJIp2QsD9tvbaW4Nb/rX8BzrIq8CLgzT8mSxwec03x7iUAZKIjc
ULcLsJ7jld8qPgZ4BivvWwqt3WmU49eIwgLWvX9MzZb66ykp6tJ/A98RaCMKbNoS
jGcivJumsVPG5RiKhDyXOFTsvIAcrwgOJbYXZAnOS5TtEqkX85U=
=udT4
-----END PGP SIGNATURE-----
pgp7faq6hS0Xo.pgp
Description: PGP signature
--- End Message ---
