Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

cisco-parser: allow leading dot in timestamps #3843

Merged

Conversation

gaborznagy
Copy link
Collaborator

We've received an example log from the community, in which the timestamp had a leading dot.
I've slightly modified the hostname and the message parts
<180>782431: machine1: .Nov 18 21:03:22.631 GMT: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on TenGigabitEthernet.

I haven't found an official documentation about the leading dot yet, only cisco community posts, e.g.:
https://community.cisco.com/t5/other-network-architecture/logging-shows-an-asterisk-quot-jan-13-11-05-40-quot/td-p/564707
https://community.cisco.com/t5/other-security-subjects/log-entries-with-a-dot-before-timestamp/td-p/590136

The leading asterisk is better documented in multiple system guides:
https://www.cisco.com/c/en/us/td/docs/routers/crs/software/crs_r4-1/system_monitoring/command/reference/sysmon_cr41crs_chapter4.html#wp255058350

If the system clock has not been set, the date and time are preceded by an asterisk (*), which indicates that the date and time have not been set and should be verified.

Or here: https://www.cisco.com/c/en/us/td/docs/routers/access/wireless/software/guide/SysMsgLogging.html#wp1054710

Gabor Nagy added 2 commits November 19, 2021 18:00
We've received an example log from the community, in which the timestamp
had a leading dot.
I've slightly modified the hostname and the message parts
```
<180>782431: machine1: .Nov 18 21:03:22.631 GMT: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on TenGigabitEthernet.
```

I haven't found an official documentation about the leading dot yet, only cisco community posts, e.g.:
https://community.cisco.com/t5/other-network-architecture/logging-shows-an-asterisk-quot-jan-13-11-05-40-quot/td-p/564707
https://community.cisco.com/t5/other-security-subjects/log-entries-with-a-dot-before-timestamp/td-p/590136

The leading asterisk is better documented in multiple system guides:
https://www.cisco.com/c/en/us/td/docs/routers/crs/software/crs_r4-1/system_monitoring/command/reference/sysmon_cr41crs_chapter4.html#wp255058350
> If the system clock has not been set, the date and time are preceded by an asterisk (*), which indicates that the date and time have not been set and should be verified.
Or here: https://www.cisco.com/c/en/us/td/docs/routers/access/wireless/software/guide/SysMsgLogging.html#wp1054710

Signed-off-by: Gabor Nagy <gabor.nagy@oneidentity.com>
Signed-off-by: Gabor Nagy <gabor.nagy@oneidentity.com>
@kira-syslogng
Copy link
Contributor

Build SUCCESS

Copy link
Collaborator

@MrAnno MrAnno left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the thorough explanation :)

@bazsi bazsi merged commit 40cd07b into syslog-ng:master Nov 20, 2021
@gaborznagy gaborznagy deleted the cisco-parser-leading-dot-in-timestamp branch March 1, 2022 11:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants