From 5bcdffa4f6409c131e8ecf0731d57d4810fe08ba Mon Sep 17 00:00:00 2001
From: Peter Irish <coagentpai@gmail.com>
Date: Thu, 18 Aug 2011 12:06:06 -0400
Subject: [PATCH] Make the timestamp optional to support some really old syslog
 daemons.

---
 lib/logstash/inputs/syslog.rb | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/lib/logstash/inputs/syslog.rb b/lib/logstash/inputs/syslog.rb
index 6ecc3688a..934cc545f 100644
--- a/lib/logstash/inputs/syslog.rb
+++ b/lib/logstash/inputs/syslog.rb
@@ -34,11 +34,11 @@ class LogStash::Inputs::Syslog < LogStash::Inputs::Base
   public
   def register
     # This comes from RFC3164, mostly.
-    # Optional fields (priority, host) are because some syslog implementations
+    # Optional fields (priority, host, timestamp) are because some syslog implementations
     # don't send these under some circumstances.
     @@syslog_re ||= \
-      /(?:<([0-9]{1,3})>)?([A-z]{3}  ?[0-9]{1,2} [0-9]{2}:[0-9]{2}:[0-9]{2}) (?:(\S*[^ :]) )?(.*)/
-      #   <priority>      timestamp    Mmm dd hh:mm:ss                           host        msg
+      /(?:<([0-9]{1,3})>)?(?:([A-z]{3}  ?[0-9]{1,2} [0-9]{2}:[0-9]{2}:[0-9]{2}) )?(?:(\S*[^ :]) )?(.*)/
+      #   <priority>      timestamp     Mmm dd hh:mm:ss                           host        msg
     
     @tcp_clients = []
   end # def register
@@ -161,8 +161,10 @@ class LogStash::Inputs::Syslog < LogStash::Inputs::Base
       host = match[3]
 
       # TODO(sissel): Use the date filter, somehow.
-      event.timestamp = LogStash::Time.to_iso8601(
-        DateTime.strptime(match[2], "%b %d %H:%M:%S"))
+      if !match[2].nil?
+        event.timestamp = LogStash::Time.to_iso8601(
+          DateTime.strptime(match[2], "%b %d %H:%M:%S"))
+      end
 
       # Hostname is optional, use if present in message, otherwise use source
       # address of message.