github-mirrors/logstash
1
0
Fork 0
mirror of https://github.com/elastic/logstash.git synced 2025-04-25 07:07:54 -04:00
Code Issues Projects Releases Packages Wiki Activity

Make the timestamp optional to support some really old syslog daemons.

Browse source
This commit is contained in:
Peter Irish 2011-08-18 12:06:06 -04:00
parent 35d0c0b3c6
commit 5bcdffa4f6
1 changed files with 7 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

6
lib/logstash/inputs/syslog.rb
View file

@ -34,10 +34,10 @@ class LogStash::Inputs::Syslog < LogStash::Inputs::Base
public public
def register def register
# This comes from RFC3164, mostly. # This comes from RFC3164, mostly.
# Optional fields (priority, host) are because some syslog implementations # Optional fields (priority, host, timestamp) are because some syslog implementations
# don't send these under some circumstances. # don't send these under some circumstances.
@@syslog_re ||= \ @@syslog_re ||= \
/(?:<([0-9]{1,3})>)?([A-z]{3} ?[0-9]{1,2} [0-9]{2}:[0-9]{2}:[0-9]{2}) (?:(\S*[^ :]) )?(.*)/ /(?:<([0-9]{1,3})>)?(?:([A-z]{3} ?[0-9]{1,2} [0-9]{2}:[0-9]{2}:[0-9]{2}) )?(?:(\S*[^ :]) )?(.*)/
# <priority> timestamp Mmm dd hh:mm:ss host msg # <priority> timestamp Mmm dd hh:mm:ss host msg
@tcp_clients = [] @tcp_clients = []
@ -161,8 +161,10 @@ class LogStash::Inputs::Syslog < LogStash::Inputs::Base
host = match[3] host = match[3]
# TODO(sissel): Use the date filter, somehow. # TODO(sissel): Use the date filter, somehow.
if !match[2].nil?
event.timestamp = LogStash::Time.to_iso8601( event.timestamp = LogStash::Time.to_iso8601(
DateTime.strptime(match[2], "%b %d %H:%M:%S")) DateTime.strptime(match[2], "%b %d %H:%M:%S"))
end
# Hostname is optional, use if present in message, otherwise use source # Hostname is optional, use if present in message, otherwise use source
# address of message. # address of message.