Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix RFC5424 syslog parser to return Z as a timestamp offset #35360

Merged
merged 3 commits into from May 15, 2023
Merged

Fix RFC5424 syslog parser to return Z as a timestamp offset #35360

merged 3 commits into from May 15, 2023

Conversation

thewebface
Copy link
Contributor

What does this PR do?

Fixes an operator precedence issue in Filebeat's RFC5424 syslog parser. Timestamps with an offset of 'Z' were being accepted but the 'Z' was being ignored so the default timezone was used, rather than UTC.

Why is it important?

If an RFC5424 syslog entry is received with a time offset of 'Z' and the default timezone is not UTC, the timestamp will be incorrect.

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Note: no new tests have been added, but the existing tests have been fixed. They were using a timestamp with a 'Z' offset but not requiring the timezone to be UTC.

@thewebface thewebface requested a review from a team as a code owner May 5, 2023 21:17
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label May 5, 2023
@mergify
Copy link
Contributor

mergify bot commented May 5, 2023

This pull request does not have a backport label.
If this is a bug or security fix, could you label this PR @thewebface? 🙏.
For such, you'll need to label your PR with:

  • The upcoming major version of the Elastic Stack
  • The upcoming minor version of the Elastic Stack (if you're not pushing a breaking change)

To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

  • backport-v8./d.0 is the label to automatically backport to the 8./d branch. /d is the digit

@elasticmachine
Copy link
Collaborator

elasticmachine commented May 5, 2023
edited by jenkins-beats-ci bot

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2023-05-15T06:31:23.296+0000

  • Duration: 65 min 49 sec

Test stats 🧪

Test Results
Failed 0
Passed 7806
Skipped 749
Total 8555

💚 Flaky test report

Tests succeeded.

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

  • /package : Generate the packages and run the E2E tests.

  • /beats-tester : Run the installation tests with beats-tester.

  • run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

efd6
efd6 reviewed May 7, 2023
View reviewed changes
Copy link
Contributor

@efd6 efd6 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks. LGTM after minor nit.

CHANGELOG.next.asciidoc Outdated Show resolved Hide resolved
@efd6
Copy link
Contributor

efd6 commented May 7, 2023

/test

@thewebface @efd6
Update CHANGELOG.next.asciidoc
f4e5e2f 
Co-authored-by: Dan Kortschak <90160302+efd6@users.noreply.github.com>
@mergify
Copy link
Contributor

mergify bot commented May 15, 2023

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b bugfix/syslog-utc-offset upstream/bugfix/syslog-utc-offset
git merge upstream/main
git push upstream bugfix/syslog-utc-offset

@efd6
Copy link
Contributor

efd6 commented May 15, 2023

/test

@elasticmachine
Copy link
Collaborator

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label May 15, 2023
@efd6 efd6 added 8.9-candidate backport-v8.8.0 Automated backport with mergify labels May 15, 2023
@efd6
Copy link
Contributor

efd6 commented May 15, 2023

/test

efd6
efd6 approved these changes May 15, 2023
View reviewed changes
Copy link
Contributor

@efd6 efd6 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks

@efd6 efd6 merged commit ef1e666 into elastic:main May 15, 2023
25 checks passed
mergify bot pushed a commit that referenced this pull request May 15, 2023
@thewebface @mergify
Fix RFC5424 syslog parser to return Z as a timestamp offset (#35360)
1f91834 
(cherry picked from commit ef1e666)
@mergify mergify bot mentioned this pull request May 15, 2023
Closed
@thewebface thewebface deleted the bugfix/syslog-utc-offset branch May 16, 2023 10:55
chrisberkhout pushed a commit that referenced this pull request Jun 1, 2023
@thewebface @chrisberkhout
Fix RFC5424 syslog parser to return Z as a timestamp offset (#35360)
4013e51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@efd6 efd6 efd6 approved these changes

Assignees

@thewebface thewebface

Labels
8.9-candidate backport-v8.8.0 Automated backport with mergify bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@thewebface @elasticmachine @efd6