Skip to content

v1.0.1 — real /var/log/syslog parses

Choose a tag to compare

View all tags
@copyleftdev copyleftdev released this 01 Jun 22:35
· 7 commits to main since this release
v1.0.1
77e37bb
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Two dogfood-found fixes from running 1.0.0 on a real /var/log/syslog.

Fixed

  • Syslog: the PRI-less file format now parses. rsyslog/syslog-ng write the file without the <PRI> wire header (ISO-8601 or BSD timestamp, then host + tag). The sniff required <PRI>, so a real /var/log/syslog was misdetected as ini and collapsed to one garbage row. Now recognized (timestamp + host + app); facility/severity appear only when a <PRI> is present. 50k real lines: ini/1 row → syslog/50k rows.
  • procid is recognized as an identifier. The syslog process-id column was classed a measurement, so PIDs were flagged as point outliers (~18.5k noise on the 50k syslog). It now joins the identifier name set → skipped → 1 finding.

Contract

Unchanged — tq1 / PROTOCOL / envelope shape stable (1.0.1 patch).

Gate

proptest + cargo-mutants 0 missed on both touched files.

Install: cargo install anomalyx

Full changelog: v1.0.0...v1.0.1

Assets 2
Loading