Josh West created FLUME-1666:
--------------------------------
Summary: Syslog source strips timestamp and hostname from log
message body
Key: FLUME-1666
URL: https://issues.apache.org/jira/browse/FLUME-1666
Project: Flume
Issue Type: Bug
Components: Sinks+Sources
Affects Versions: v1.2.0, v1.3.0
Environment: This occurs with Flume all the way up through 1.3.0.
Reporter: Josh West
The syslog source parses incoming syslog messages. In the process, it strips
the timestamp and hostname from each log message, and places them as Event
headers.
Thus, a syslog message that would normally look like so (when written via
rsyslog or syslogd):
Wed Oct 24 09:18:01 UTC 2012 someserver /USR/SBIN/CRON[26981]: (root) CMD
(/usr/local/sbin/somescript)
Appears in flume output as:
/USR/SBIN/CRON[26981]: (root) CMD (/usr/local/sbin/varnish_log_monitor)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
