Win a copy of The Way of the Web Tester: A Beginner's Guide to Automating Tests this week in the Testing forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Syslog collection

Karthik Veeramani
Ranch Hand
Posts: 132
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am writing a syslog collector that listens to UDP port, based on rfc 3164. I should also b able to forward the syslog received to other collectors (that includes another instance of my program too). I have an issue in parsing the message received -
As per the rfc, any message like
<13>Jan 10 10:00:00 hostname message
is valid. If the timestamp and hostname tokens r not valid, i should b inserting them myself, so that when the message is forwarded to another program, that neednt make changes, and can read the hostname from the message content itself.

I am currently looking for a proper timestamp like above (in the message), and if not found i insert timestamp followed by hostname followed by whatever came as message.
This is fine as long as the message is not like this -
<13>Jan 10 10:00:00 message
<13>Jan 10 10:00:00 IST hostname message
What should i do in such a case, where the token occuring after timestamp is not the hostname but something else. how do i find it out? i dont think i can safely assume that if the timestamp is ok, the hostname will surely follow as the next token.
Please give me some idea.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic