Bug 229236 - syslogd failed to parse TIMESTAMP
Summary: syslogd failed to parse TIMESTAMP
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: 11.2-STABLE
Hardware: Any Any
: --- Affects Many People
Assignee: Ed Schouten
URL:
Keywords: regression
Depends on:
Blocks:
 
Reported: 2018-06-22 18:32 UTC by Marek Zarychta
Modified: 2019-01-03 09:21 UTC (History)
1 user (show)

See Also:
koobs: mfc-stable11+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marek Zarychta 2018-06-22 18:32:03 UTC
Commit r335059 brought syslogd(8) in sync with the copy in HEAD. Unfortunately, it broke capability to log messages which have incorrect timestamps. Such syslog messages are still common when you log from older network equipment or non-RFC compliant third-party apps. 

Running syslogd in debug mode:

Failed to parse TIMESTAMP from x.x.x.x: 12403: Jun 22 17:31:38 CEST:
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/17,
changed state to down

The same message in debug is seen when syslogd is run with -T switch.
Comment 1 Ed Schouten freebsd_committer 2018-06-22 19:19:22 UTC
Discussion on stable@ with proposed patch:

https://lists.freebsd.org/pipermail/freebsd-stable/2018-June/089194.html
Comment 2 commit-hook freebsd_committer 2018-06-22 20:54:41 UTC
A commit references this bug:

Author: ed
Date: Fri Jun 22 20:53:39 UTC 2018
New revision: 335565
URL: https://svnweb.freebsd.org/changeset/base/335565

Log:
  Still parse messages that don't contain an RFC 3164 timestamp.

  The changes made in r326573 required that messages always start with an
  RFC 3164 timestamp. It looks like certain devices, but also certain
  logging libraries (Python 3's "logging" package) simply don't generate
  RFC 3164 formatted messages containing a timestamp.

  Make timestamps optional again. When the timestamp is missing, also
  assume that the message contains no hostname. The first word of the
  message likely already belongs to the message payload.

  PR:		229236
  Reported by:	Michael Grimm & Marek Zarychta
  Reviewed by:	glebius (cursory)
  MFC after:	1 week

Changes:
  head/usr.sbin/syslogd/syslogd.c
Comment 3 commit-hook freebsd_committer 2018-06-28 12:55:32 UTC
A commit references this bug:

Author: ed
Date: Thu Jun 28 12:55:06 UTC 2018
New revision: 335761
URL: https://svnweb.freebsd.org/changeset/base/335761

Log:
  MFC r335565:

    Still parse messages that don't contain an RFC 3164 timestamp.

    The changes made in r326573 required that messages always start with an
    RFC 3164 timestamp. It looks like certain devices, but also certain
    logging libraries (Python 3's "logging" package) simply don't generate
    RFC 3164 formatted messages containing a timestamp.

    Make timestamps optional again. When the timestamp is missing, also
    assume that the message contains no hostname. The first word of the
    message likely already belongs to the message payload.

  PR:		229236

Changes:
_U  stable/11/
  stable/11/usr.sbin/syslogd/syslogd.c