I am writing a syslog collector that listens to UDP port, based on rfc 3164. I should also b able to forward the syslog received to other collectors (that includes another instance of my program too). I have an issue in parsing the message received - As per the rfc, any message like <13>Jan 10 10:00:00 hostname message is valid. If the timestamp and hostname tokens r not valid, i should b inserting them myself, so that when the message is forwarded to another program, that neednt make changes, and can read the hostname from the message content itself.
I am currently looking for a proper timestamp like above (in the message), and if not found i insert timestamp followed by hostname followed by whatever came as message. This is fine as long as the message is not like this - <13>Jan 10 10:00:00 message or <13>Jan 10 10:00:00 IST hostname message What should i do in such a case, where the token occuring after timestamp is not the hostname but something else. how do i find it out? i dont think i can safely assume that if the timestamp is ok, the hostname will surely follow as the next token. Please give me some idea.
Thanks<br />Karthik<br />SCJP 1.4, CCNA.<br /> <br />"Success is relative. More the success, more the relatives."