enhancement(syslog source): Improve best effort support for Syslog formats (5424, 3164, nginx style, etc) #1757
Conversation
Signed-off-by: Stephen Wakely <fungus.humungus@gmail.com>
|
Nice! Thank you for this. I'll update our docs to clarify the changes here. |
|
Ah, yes, apologies, I neglected to go through the docs. I'm happy to go through this if you would prefer. Let me know.. |
There was a problem hiding this comment.
Thanks for this! :)
Code looks fine. Let's let @binarylogic do the docs and then I think it's good to merge!
binarylogic
changed the title
Signed-off-by: binarylogic <bjohnson@binarylogic.com>
|
You're right. I'll fix. |
Signed-off-by: binarylogic <bjohnson@binarylogic.com>
|
Awesome, thanks for merging! That was a lot of fun. If you do come across any messages that aren't parsed correctly, please feel free to raise an issue here https://github.com/FungusHumungus/syslog-loose and i'll see what I can do. |
|
Absolutely! We'll do that. And if you find a burning desire to contribute more to Vector please feel free. We have a lot of interesting issues, we'd be happy to discuss any of them. |
|
Cool, yeah I'd be happy to grab another issue. Is gitter the best place to discuss? |
|
Yep! I wish Gitter was actually nice to use, but it's the easiest community platform we've seen so far. We can also invite you to our Slack channel if you want to collaborate more on things. |
This uses the syslog_loose library for parsing syslog messages. The library aims to parse both RFC 5424 and RFC 3164 messages to extract as much useful information as possible rather than sticking strictly to the standard. No message is invalid, at worse the whole message becomes the message text, and the current time and default_host are taken.
Closes #741
Closes #1454
Signed-off-by: Stephen Wakely fungus.humungus@gmail.com