[jira] [Updated] (FLUME-1666) Syslog source strips timestamp and hostname from log message body

Wed, 24 Oct 2012 02:24:17 -0700 

     [ 
https://issues.apache.org/jira/browse/FLUME-1666?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Josh West updated FLUME-1666:
-----------------------------

    Description: 
The syslog source parses incoming syslog messages.  In the process, it strips 
the timestamp and hostname from each log message, and places them as Event 
headers.

Thus, a syslog message that would normally look like so (when written via 
rsyslog or syslogd):

{noformat}
Wed Oct 24 09:18:01 UTC 2012 someserver /USR/SBIN/CRON[26981]: (root) CMD 
(/usr/local/sbin/somescript)
{noformat}

Appears in flume output as:

{noformat}
/USR/SBIN/CRON[26981]: (root) CMD (/usr/local/sbin/somescript)
{noformat}

  was:
The syslog source parses incoming syslog messages.  In the process, it strips 
the timestamp and hostname from each log message, and places them as Event 
headers.

Thus, a syslog message that would normally look like so (when written via 
rsyslog or syslogd):

{noformat}
Wed Oct 24 09:18:01 UTC 2012 someserver /USR/SBIN/CRON[26981]: (root) CMD 
(/usr/local/sbin/somescript)
{noformat}

Appears in flume output as:

{noformat}
/USR/SBIN/CRON[26981]: (root) CMD (/usr/local/sbin/varnish_log_monitor)
{noformat}

    
> Syslog source strips timestamp and hostname from log message body
> -----------------------------------------------------------------
>
>                 Key: FLUME-1666
>                 URL: https://issues.apache.org/jira/browse/FLUME-1666
>             Project: Flume
>          Issue Type: Bug
>          Components: Sinks+Sources
>    Affects Versions: v1.2.0, v1.3.0
>         Environment: This occurs with Flume all the way up through 1.3.0.
>            Reporter: Josh West
>
> The syslog source parses incoming syslog messages.  In the process, it strips 
> the timestamp and hostname from each log message, and places them as Event 
> headers.
> Thus, a syslog message that would normally look like so (when written via 
> rsyslog or syslogd):
> {noformat}
> Wed Oct 24 09:18:01 UTC 2012 someserver /USR/SBIN/CRON[26981]: (root) CMD 
> (/usr/local/sbin/somescript)
> {noformat}
> Appears in flume output as:
> {noformat}
> /USR/SBIN/CRON[26981]: (root) CMD (/usr/local/sbin/somescript)
> {noformat}

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to