> -Original Message-
> From: Rick Brown [mailto:rick.br...@oit.gatech.edu]
> Sent: Thursday, December 13, 2012 7:06 PM
> To: Rainer Gerhards
> Subject: Re: [rsyslog] imfile and omudpspoof
>
> You're right, it's rather large. I gzipp'd the output and posted it
> at
Mhhh... That lo
We have several log sources which omit the optional ":" separator in
the
timezone. We've developed the attached patch to improve Rsyslog's
support for valid RFC-3339 timezones.
--Scott
What are the sources of the problem logs? if they are a common enough
vendor, it may be worth the risk of m
On 12/13/2012 01:23 PM, Rainer Gerhards wrote:
Per RFC-3339, these timezones are legal:
Z
+06:00
+0600
+06
Mhhh... This is a bit complicated. As far as I read 3339, the last two
formats are incorrect. In section 5.6 (inside the normative part of the RFC) it
says:
time-numoffset = ("+" / "-")
On Thu, 13 Dec 2012, Rainer Gerhards wrote:
-Original Message-
From: rsyslog-boun...@lists.adiscon.com [mailto:rsyslog-
boun...@lists.adiscon.com] On Behalf Of Scott Severtson
Sent: Monday, December 10, 2012 5:28 PM
To: rsyslog-users
Subject: [rsyslog] Patch: RFC-3339 timezone parsing fi
Hi Rainer,
would you have time (and will) to also backport to v5-stable the little
fix about parsing of RFC3339 that I sent to you a few days ago ? I'd like
to have it backported to RHEL6 and this would probably ease the work of
the package maintainer.
Thanks a lot !
Sebastien
PS : in
> > > Per RFC-3339, these timezones are legal:
> > > Z
> > > +06:00
> > > +0600
> > > +06
> >
> > Mhhh... This is a bit complicated. As far as I read 3339, the last
> two
> > formats are incorrect. In section 5.6 (inside the normative part of
> the
> > RFC) it says:
> >
> > time-numoffset = ("+" /
> -Original Message-
> From: rsyslog-boun...@lists.adiscon.com [mailto:rsyslog-
> boun...@lists.adiscon.com] On Behalf Of Rainer Gerhards
> Sent: Thursday, December 13, 2012 7:06 PM
> To: rsyslog-users
> Subject: Re: [rsyslog] Patch: RFC-3339 timezone parsing fixes
>
> > -Original Me
> -Original Message-
> From: rsyslog-boun...@lists.adiscon.com [mailto:rsyslog-
> boun...@lists.adiscon.com] On Behalf Of Scott Severtson
> Sent: Monday, December 10, 2012 5:28 PM
> To: rsyslog-users
> Subject: [rsyslog] Patch: RFC-3339 timezone parsing fixes
>
> Per RFC-3339, these timezo
I have finally merged this patch, sorry for the delay. As it seems to be rather
important, I have merged back to v5-stable. New versions currently available
via git, will be included in next releases.
Thanks again!
Rainer
> -Original Message-
> From: rsyslog-boun...@lists.adiscon.com [m
> -Original Message-
> From: rsyslog-boun...@lists.adiscon.com [mailto:rsyslog-
> boun...@lists.adiscon.com] On Behalf Of Luke Marrott
> Sent: Thursday, December 13, 2012 5:35 PM
> To: rsyslog-users
> Subject: Re: [rsyslog] Selective Forwarding
>
> I'm currently running rsyslog version 5.8
I'm currently running rsyslog version 5.8.10.
:Luke Marrott
On Thu, Dec 13, 2012 at 9:31 AM, Rainer Gerhards
wrote:
> Which version do you use? The answer depends on that.
>
> > -Original Message-
> > From: rsyslog-boun...@lists.adiscon.com [mailto:rsyslog-
> > boun...@lists.adiscon.co
Which version do you use? The answer depends on that.
> -Original Message-
> From: rsyslog-boun...@lists.adiscon.com [mailto:rsyslog-
> boun...@lists.adiscon.com] On Behalf Of Luke Marrott
> Sent: Thursday, December 13, 2012 5:05 PM
> To: rsyslog-users
> Subject: Re: [rsyslog] Selective Fo
Thanks!
I was actually somewhat copying a format I found on the page for those
filtering conditions. But then I found another example with them all on the
same line.
My next question is what would be the best way to do this for like three
different conditions? Would the performance take a hit if
Thanks for the Patch :) !
I added it to our repository, and build some new packages.
So far the build went fine, and I saw the patch was applied successfully.
Packages have been updated in the repository.
Best regards,
Andre
> -Original Message-
> From: rsyslog-boun...@lists.adiscon.c
Can you post a (sufficiently large or complete) debug log that exposes the
problem? The list will probably reject it, so it is best to put it on something
like pastbin.
Rainer
> -Original Message-
> From: rsyslog-boun...@lists.adiscon.com [mailto:rsyslog-
> boun...@lists.adiscon.com] On
> -Original Message-
> From: rsyslog-boun...@lists.adiscon.com [mailto:rsyslog-
> boun...@lists.adiscon.com] On Behalf Of Michael Biebl
> Sent: Monday, December 10, 2012 3:48 PM
> To: rsyslog-users
> Subject: Re: [rsyslog] Ubuntu 12 (Precise) v7-devel packages
>
> 2012/12/10 Michael Bieb
> > On Tue, 11 Dec 2012, Rick Brown wrote:
> >
> > > I use imfile to gather application logs such as apache, tomcat,
> > > php, etc. and send those on to my syslog server along with the
> > > client machines normal syslog traffic. My syslog server then
> > > dutifully writes all the messages loc
> -Original Message-
> From: rsyslog-boun...@lists.adiscon.com [mailto:rsyslog-
> boun...@lists.adiscon.com] On Behalf Of Michael Biebl
> Sent: Monday, December 10, 2012 6:48 PM
> To: rsyslog-users
> Subject: Re: [rsyslog] Ubuntu 12 (Precise) v7-devel packages
>
> 2012/12/10 Rainer Gerhard
Hi Luke,
Not sure if it helps, but I'm trying to explain why the first one didn't
work and now it works:
In the first config you had a condition, but no action next to it. So it
did nothing. Now you have an action (@10.5.69.56). And in the first config,
you were sending all logs (*.*) to the remo
19 matches
Mail list logo