Default syslogd filter is not syslog default format

Description

Hello,

The default forwarding-regexp is:

forwarding-regexp="^.*\s(19|20)\d\d([-/.])(0[1-9]|1[012])\2(0[1-9]|[12][0-9]|3[01])(\s+)(\S+)(\s)(\S.+)"

However, this only matches messages that contains the format YYYY-MM-DD. The default syslog format is
more something like this:

Jul 18 17:41:10 gwvlan-producao 56455: Jul 18 20:41:09.766: %SEC-6-IPACCESSLOGP: list gray-to-4 denied tcp 10.9.1.65(2496) (Vlan1000 0016.3e4c.d69d) -> 10.48.200.10(55807), 1 packet

Please, use a more broad expression as default filter like:

forwarding-regexp="^((.+?) (.*))\r?\n?$"

http://www.opennms.org/wiki/Syslogd

Acceptance / Success Criteria

None

Linked issues

depends on

NMS-8725

Write Syslog Parser to handle all message types (Cisco, syslog-ng, etc)

Lucidchart Diagrams

Activity

Show:

Seth Leger April 11, 2017 at 10:17 PM

This problem should be eliminated as soon as we switch over to using the RadixTreeSyslogParser as the default implementation.

Details
Assignee
Unassigned
Reporter
Luiz Angelo Daros de Luca
Labels
RB
Original estimate
1h
Time tracking
No time logged1h remaining
Components
Affects versions
1.10.2
Priority
Major

PagerDuty

Created July 18, 2012 at 4:58 PM

Updated September 21, 2021 at 6:21 PM

Default syslogd filter is not syslog default format

Description

Acceptance / Success Criteria

Linked issues

depends on

Lucidchart Diagrams

Activity

Seth Leger April 11, 2017 at 10:17 PM

DetailsAssigneeUnassignedUnassignedReporterLuiz Angelo Daros de LucaLuiz Angelo Daros de LucaLabelsRBOriginal estimate1hTime trackingNo time logged1h remainingComponentsAffects versions1.10.2PriorityMajor

Details

Assignee

Reporter

Labels

Original estimate

Time tracking

Components

Affects versions

Priority

PagerDutyPagerDuty Incident

PagerDuty

Details
Assignee
Unassigned
Reporter
Luiz Angelo Daros de Luca
Labels
RB
Original estimate
1h
Time tracking
No time logged1h remaining
Components
Affects versions
1.10.2
Priority
Major

PagerDuty