Anyone? -----Original Message----- From: Paul G. Manno [mailto:pma...@kinowerks.com] Sent: Monday, March 14, 2011 11:30 AM To: OpenNMS Code Development and Bugs Subject: Re: [opennms-devel] Syslogd issue
Hello Johan, Thank you for the reply. Ok, I see what you are talking about now. There is still a problem though. The m_syslogPattern matches, and the hostname is set to be group 5 of the syslogMatcher (CustomSyslogParser.java:83), which sets the hostname, in my case, as "sn=XXXXXXXXXXXX". From that point forward, the hostname cannot be changed and the system cannot process the syslog message (SyslogMessage.java:134: ConvertToEvent: could not parse the hostname: sn=XXXXXXXXXXXX). Maybe I'm doing something wrong, but I can't seem to get the code to use the forwarding-regex since the m_syslogPattern is setting values before the forwarding-regex even gets processed. Any thoughts? Perhaps, before the syslogMatcher sets the host address, it should be validated? Thanks for your help. Paul -----Original Message----- From: Johan Edstrom [mailto:johan.edst...@acj-consulting.com] Sent: Friday, March 11, 2011 1:32 PM To: OpenNMS Code Development and Bugs Subject: Re: [opennms-devel] Syslogd issue The <133> is the facility severity combo. On Mar 11, 2011, at 11:58 AM, Paul G. Manno wrote: > Hello, > > First some bookkeeping: > Version: > 1.9.6 > Server Time: > Fri Mar 11 12:50:22 CST 2011 > Client Time: > Fri Mar 11 12:48:36 CST 2011 > Java Version: > 1.6.0_24 Sun Microsystems Inc. > Java Virtual Machine: > 19.1-b02 Sun Microsystems Inc. > Operating System: > Linux 2.6.18-194.3.1.el5 (amd64) > Servlet Container: > jetty/6.1.24 (Servlet Spec 2.5) > User Agent: > Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR > 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) > > > Now the issue: > > Trying to convert syslog messages from a SonicWall firewall. Messages are > getting to the server (I've turned on the server's syslogd and enabled it for > receiving). This is what I see in /var/log/messages (I've substituted X for > sensitive info like IP and SerialNumber): > Mar 11 12:43:57 10.5.0.1 id=firewall sn=XXXXXXXXXXXX time="2011-03-11 > 12:43:57" fw=XX.XX.XX.XX pri=5 c=256 m=38 msg="ICMP packet dropped due to > policy" n=10906 src=XX.XX.XX.XX:3:X1:somehost.com dst=XX.XX.XX.XX:3:X1: > type=3 code=1 > > When I turn off the CentOS syslogd and turn on the OpenNMS syslogd, I see > this: > 2011-03-11 12:35:16,207 DEBUG [SyslogConnection] CustomSyslogParser: Unable > to parse date 'null' from text: <133>id=firewall sn=XXXXXXXXXXXX > time="2011-03-11 12:43:57" fw=XX.XX.XX.XX pri=5 c=256 m=38 msg="ICMP packet > dropped due to policy" n=10906 src=XX.XX.XX.XX:3:X1:somehost.com > dst=XX.XX.XX.XX:3:X1: type=3 code=1 > > I don't know where the "<133>" is coming from, but it's blowing up the > CustomSyslogParser because it's causing a match to the > CustomSyslogParser.m_syslogPattern where it shouldn't and it's throwing the > exception. Any ideas where the <133> string that is prepended to the actual > message could be coming from? > > Thanks, > Paul > > > > ------------------------------------------------------------------------------ > Colocation vs. Managed Hosting > A question and answer guide to determining the best fit > for your organization - today and in the future. > http://p.sf.net/sfu/internap-sfd2d_______________________________________________ > Please read the OpenNMS Mailing List FAQ: > http://www.opennms.org/index.php/Mailing_List_FAQ > > opennms-devel mailing list > > To *unsubscribe* or change your subscription options, see the bottom of this > page: > https://lists.sourceforge.net/lists/listinfo/opennms-devel ------------------------------------------------------------------------------ Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d _______________________________________________ Please read the OpenNMS Mailing List FAQ: http://www.opennms.org/index.php/Mailing_List_FAQ opennms-devel mailing list To *unsubscribe* or change your subscription options, see the bottom of this page: https://lists.sourceforge.net/lists/listinfo/opennms-devel ------------------------------------------------------------------------------ Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d _______________________________________________ Please read the OpenNMS Mailing List FAQ: http://www.opennms.org/index.php/Mailing_List_FAQ opennms-devel mailing list To *unsubscribe* or change your subscription options, see the bottom of this page: https://lists.sourceforge.net/lists/listinfo/opennms-devel ------------------------------------------------------------------------------ Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d _______________________________________________ Please read the OpenNMS Mailing List FAQ: http://www.opennms.org/index.php/Mailing_List_FAQ opennms-devel mailing list To *unsubscribe* or change your subscription options, see the bottom of this page: https://lists.sourceforge.net/lists/listinfo/opennms-devel
