syslog-rfc5424 parser incorrectly always expects time fractions #2967
Comments
|
I wanted to propose to simply add the other time format as well, so fluent-bit can pick a matching one. I tried to have both variations configured as and fluent-bit didn't complain at start, but sending the syslog message with second fractions result in parser errors. |
|
I had the same issue and it turns out it is actually already possible relax the parser so that a missing subsecond portion is treated as 0, see #2758 (comment) tldr, |
|
Oh wow @jraby that sounds great indeed! I'll use it, thank you! But won't close the issue yet since it either needs to be this flexible by default (again, current behavior is against the standard) or that option should be prominently documented. |
|
This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days. |
|
This issue was closed because it has been stalled for 5 days with no activity. |
Bug Report
Currently, the syslog-rfc5424 parser only supports time formats with fractions of a second:
Time_Format %Y-%m-%dT%H:%M:%S.%L%zThis is not according to the standard however, because RFC 5424 - Section 6.2.3 describes that
As seen in the Syslog Message Format in section 6, the fraction is in brackets and therefore optional.
Examples:
2021-01-25T13:07:42+00:00currently doesn't work, but should.2021-01-25T13:07:42.123+00:00currently works as it should.I have seen log messages like the first one in a dockerized setup of a PHP Symfony application using the default
syslogudplog handler of monolog. This one can't be set to force the extended variation with fractions of a second as seen hereThe text was updated successfully, but these errors were encountered: