Ticket #1913 (closed defect: fixed)

Opened 15 months ago

Last modified 6 weeks ago

ZenEvent.SyslogProcessing.notHostSearch regex fails on valid hostname characters

Reported by: zenoss Owned by: cluther
Priority: 3 - Medium Milestone: zenoss-2.2
Component: ZenEvents Version: 2.1.0
Keywords: zenoss-2.1.1-patched Cc:
Reviewed: yes Community Patch Attached:
Deployed @ Customer: Installer:
Microrelease Target: Specific ZenPack:
Microrelease Status: Documentation Note?: Not required
Regression:

Description

Symptom: zensyslog --parsehost fails to parse hostnames with embedded '-' characters, which is a legal DNS hostname character. When forwarding syslog messages from an existing central collector (e.g. syslog-ng), this causes syslog events to be associated with the wrong devices.

Cause: ZenEvent.SyslogProcessing.notHostSearch matches on "[-[:]", but '-' is a valid hostname character.

What's the reason for not simply using msglist[0]?

(Apologies if I chose the wrong priority/severity but I couldn't find any explanation of how you're using them.)

--
David Carmean
dlc@…

Change History

Changed 13 months ago by zenoss

Here's a patch:

*** SyslogProcessing.py.orig 2007-09-21 05:35:26.000000000 -0700
--- SyslogProcessing.py 2007-10-26 14:02:44.000000000 -0700
***************
*** 128,134 ****

timeParse =

re.compile("(S{3} [d ]{2} [d ]{2}:[d ]{2}:[d ]{2}) (.*)").search

! notHostSearch = re.compile("[-[:]").search

def parseHEADER(self, evt, msg):

"""Parse RFC-3164 HEADER part of syslog message. TIMESTAMP format is:
MMM HH:MM:SS and host is next token without the characters '[' or ':'.

--- 128,134 ----

timeParse =

re.compile("(S{3} [d ]{2} [d ]{2}:[d ]{2}:[d ]{2}) (.*)").search

! notHostSearch = re.compile("[[:]").search

def parseHEADER(self, evt, msg):

"""Parse RFC-3164 HEADER part of syslog message. TIMESTAMP format is:
MMM HH:MM:SS and host is next token without the characters '[' or ':'.

Changed 13 months ago by zenoss

Let's try that again:

*** SyslogProcessing.py.dist    2007-09-21 05:35:26.000000000 -0700
--- SyslogProcessing.py 2007-10-26 14:02:44.000000000 -0700
***************
*** 128,134 ****
  
      timeParse = 
          re.compile("^(S{3} [d ]{2} [d ]{2}:[d ]{2}:[d ]{2}) (.*)").search
!     notHostSearch = re.compile("[-[:]").search
      def parseHEADER(self, evt, msg):
          """Parse RFC-3164 HEADER part of syslog message.  TIMESTAMP format is:
          MMM HH:MM:SS and host is next token without the characters '[' or ':'.
--- 128,134 ----
  
      timeParse = 
          re.compile("^(S{3} [d ]{2} [d ]{2}:[d ]{2}:[d ]{2}) (.*)").search
!     notHostSearch = re.compile("[[:]").search
      def parseHEADER(self, evt, msg):
          """Parse RFC-3164 HEADER part of syslog message.  TIMESTAMP format is:
          MMM HH:MM:SS and host is next token without the characters '[' or ':'.

Changed 13 months ago by cluther

  • keywords zenoss-2.1.1 zensyslog parsehost added
  • owner changed from ecn to cluther
  • version changed from 2.0.4 to 2.1.0
  • milestone set to zenoss-2.2

Changed 13 months ago by cluther

(In [7323]) * Refs #1913.

Changed 13 months ago by cluther

  • keywords zenoss-2.1.1-accepted added; zenoss-2.1.1 zensyslog parsehost removed
  • status changed from new to closed
  • resolution set to fixed

Changed 13 months ago by marc

(In [7433]) Patching r7323 to 2.1.x branch

Changed 13 months ago by marc

  • keywords zenoss-2.1.1-patched added; zenoss-2.1.1-accepted removed

Changed 6 weeks ago by bbibeault

  • documentation set to Not required
  • reviewed set
Note: See TracTickets for help on using tickets.