From afd425232f3198e7bb6f3dbcf0aa3cb4c24d5f7e Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Tue, 18 Nov 2008 13:46:38 +0100 Subject: enhanced legacy syslog parser to detect year if part of the timestamp The format is based on what Cisco devices seem to emit. --- ChangeLog | 5 +++++ runtime/datetime.c | 19 +++++++++++++++++++ 2 files changed, 24 insertions(+) diff --git a/ChangeLog b/ChangeLog index f758b7ce..70ad7e1f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,8 @@ version before switching to this one. - added configuration directive "HUPisRestart" which enables to configure HUP to be either a full restart or "just" a leightweight way to close open files. +- enhanced legacy syslog parser to detect year if part of the timestamp + the format is based on what Cisco devices seem to emit. - added a setting "$OptimizeForUniprocessor" to enable users to turn off pthread_yield calls which are counter-productive on multiprocessor machines (but have been shown to be useful on uniprocessors) @@ -29,6 +31,8 @@ version before switching to this one. - doc bugfix: queue doc had wrong parameter name for setting controlling worker thread shutdown period - restructured rsyslog.conf documentation +- bugfix: memory leak in ompgsql + Thanks to Ken for providing the patch --------------------------------------------------------------------------- Version 3.21.7 [BETA] (rgerhards), 2008-11-11 - this is the new beta branch, based on the former 3.21.6 devel @@ -45,6 +49,7 @@ Version 3.21.6 [DEVEL] (rgerhards), 2008-10-22 - added capability to support multiple module search pathes. Thank to Marius Tomaschewski for providing the patch. - bugfix: im3195 did no longer compile +- improved "make distcheck" by ensuring everything relevant is recompiled --------------------------------------------------------------------------- Version 3.21.5 [DEVEL] (rgerhards), 2008-09-30 - performance optimization: unnecessary time() calls during message diff --git a/runtime/datetime.c b/runtime/datetime.c index aa1956d7..676f76d5 100644 --- a/runtime/datetime.c +++ b/runtime/datetime.c @@ -312,6 +312,7 @@ ParseTIMESTAMP3164(struct syslogTime *pTime, char** ppszTS) /* variables to temporarily hold time information while we parse */ int month; int day; + int year = 0; /* 0 means no year provided */ int hour; /* 24 hour clock */ int minute; int second; @@ -472,7 +473,23 @@ ParseTIMESTAMP3164(struct syslogTime *pTime, char** ppszTS) if(*pszTS++ != ' ') ABORT_FINALIZE(RS_RET_INVLD_TIME); + + /* time part */ hour = srSLMGParseInt32(&pszTS); + if(hour > 1970 && hour < 2100) { + /* if so, we assume this actually is a year. This is a format found + * e.g. in Cisco devices. + * (if you read this 2100+ trying to fix a bug, congratulate myself + * to how long the code survived - me no longer ;)) -- rgerhards, 2008-11-18 + */ + year = hour; + + /* re-query the hour, this time it must be valid */ + if(*pszTS++ != ' ') + ABORT_FINALIZE(RS_RET_INVLD_TIME); + hour = srSLMGParseInt32(&pszTS); + } + if(hour < 0 || hour > 23) ABORT_FINALIZE(RS_RET_INVLD_TIME); @@ -502,6 +519,8 @@ ParseTIMESTAMP3164(struct syslogTime *pTime, char** ppszTS) *ppszTS = pszTS; /* provide updated parse position back to caller */ pTime->timeType = 1; pTime->month = month; + if(year > 0) + pTime->year = year; /* persist year if detected */ pTime->day = day; pTime->hour = hour; pTime->minute = minute; -- cgit