Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add sdata-parser() & accept unquoted RFC5424 SD-PARAM-VALUE #4281

Merged
merged 15 commits into from Feb 24, 2023

Conversation

bazsi
Copy link
Collaborator

@bazsi bazsi commented Jan 15, 2023

This allows someone to incrementally parse a malformed RFC5424 message, where the SDATA portion is not at the right spot. The SDATA format is relatively complex, so extracting it as a separate component makes it easier to process this kind of data.

This is WIP, because:

  • no specific tests
  • I want to make "prefix" customizable and I am not finished with that yet
  • NEWS file

@github-actions
Copy link
Contributor

No news file has been detected. Please write one, if applicable.

@kira-syslogng
Copy link
Contributor

Build FAILURE

@kira-syslogng
Copy link
Contributor

Build FAILURE

@kira-syslogng
Copy link
Contributor

Build FAILURE

@bazsi bazsi force-pushed the sdata-parser branch 2 times, most recently from 3a77548 to 53a0bad Compare January 20, 2023 15:05
@kira-syslogng
Copy link
Contributor

Build FAILURE

@bazsi bazsi changed the title WIP: add sdata-parser() add sdata-parser() Jan 20, 2023
@bazsi bazsi changed the title add sdata-parser() add sdata-parser() & accept unquoted RFC5424 SD-PARAM-VALUE Jan 20, 2023
@bazsi bazsi force-pushed the sdata-parser branch 2 times, most recently from 4c50515 to 3b7f767 Compare January 26, 2023 11:56
MrAnno
MrAnno previously approved these changes Feb 20, 2023
modules/syslogformat/syslog-format.c Show resolved Hide resolved
@kira-syslogng
Copy link
Contributor

Build FAILURE

Signed-off-by: Balazs Scheidler <bazsi77@gmail.com>
Signed-off-by: Balazs Scheidler <bazsi77@gmail.com>
Signed-off-by: Balazs Scheidler <bazsi77@gmail.com>
Signed-off-by: Balazs Scheidler <bazsi77@gmail.com>
Signed-off-by: Balazs Scheidler <bazsi77@gmail.com>
Signed-off-by: Balazs Scheidler <bazsi77@gmail.com>
Signed-off-by: Balazs Scheidler <bazsi77@gmail.com>
Signed-off-by: Balazs Scheidler <bazsi77@gmail.com>
…_parse

These functions were once part of the LogMessage object, long extracted, but
the naming and argument lists still indicate their original location. This patch
gets rid of the naming.

Signed-off-by: Balazs Scheidler <bazsi77@gmail.com>
Signed-off-by: Balazs Scheidler <bazsi77@gmail.com>
…og_format_parse_sd()

Now with that function exposed to sdata-parser() do a stricter input
validation, but relax the same as we are parsing SDATA as a part of
RFC5424, as this was our historic behaviour.

Signed-off-by: Balazs Scheidler <bazsi77@gmail.com>
As more and more vendors produce RFC5424, the number of them getting it
wrong increases. Here's a vmware sample that we can't parse:

  <166>1 2023-01-09T22:12:56.677Z redacted.fqdn.invalid Hostd 2099364 - - [Originator@6876 sub=Vimsvc.ha-eventmgr opID=esxui-13c6-6b16 sid=5214bde6 user=root] Event 502

Signed-off-by: Balazs Scheidler <bazsi77@gmail.com>
Signed-off-by: Balazs Scheidler <bazsi77@gmail.com>
Signed-off-by: Balazs Scheidler <bazsi77@gmail.com>
Signed-off-by: Balazs Scheidler <bazsi77@gmail.com>
@MrAnno MrAnno merged commit 2d7067a into syslog-ng:master Feb 24, 2023
16 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants