Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

muting timestamp ? #39

Open
amiracam opened this issue Mar 6, 2020 · 4 comments
Open

muting timestamp ? #39

amiracam opened this issue Mar 6, 2020 · 4 comments

Comments

@amiracam
Copy link

amiracam commented Mar 6, 2020

Hi, first of all , thanks for this utility

Syslog viewers like kiwi already timestamp their record display and therefore currently at least the way I'm constructing the message a timestamp displays in the message column for Kiwi i.e. appended to my msg text. Is there a way of turning this off ? I tried passing null i.e. withTimestamp but that did not work.

thanks
@cyrille-leclerc
Copy link
Contributor

@amiracam thank you for using the syslog-java-client.
My understanding of the RFC3164 is that the timestamp is a required header (see RFC 3164 > 4.1.2 HEADER Part of a syslog Packet below) and thus we cannot omit it.

Can you share with us docs indicating how to do what you need in a standard manner?

Can you please verify that you are not facing the bug "RFC 3164 dates with single digit day should pad with " " instead of "0" #37 "?

My understanding of [Kiwi Syslog] is that it is consuming the standard Syslog headers including the standard timestamp header.
https://www.solarwinds.com/kiwi-syslog-server
image

RFC 3164 > 4.1.2 HEADER Part of a syslog Packet

The HEADER part contains a timestamp and an indication of the
   hostname or IP address of the device.  The HEADER part of the syslog
   packet MUST contain visible (printing) characters.  The code set used
   MUST also be seven-bit ASCII in an eight-bit field like that used in
   the PRI part.  In this code set, the only allowable characters are
   the ABNF VCHAR values (%d33-126) and spaces (SP value %d32).

   The HEADER contains two fields called the TIMESTAMP and the HOSTNAME.
   The TIMESTAMP will immediately follow the trailing ">" from the PRI
   part and single space characters MUST follow each of the TIMESTAMP
   and HOSTNAME fields.  HOSTNAME will contain the hostname, as it knows
   itself.  If it does not have a hostname, then it will contain its own
   IP address.  If a device has multiple IP addresses, it has usually
   been seen to use the IP address from which the message is
   transmitted.  An alternative to this behavior has also been seen.  In
   that case, a device may be configured to send all messages using a
   single source IP address regardless of the interface from which the
   message is sent.  This will provide a single consistent HOSTNAME for
   all messages sent from a device.

...

@amiracam
Copy link
Author

amiracam commented Mar 6, 2020
edited
Loading

@cyrille-leclerc , so I'm constructing the message as such:

return new SyslogMessage ()
.withTimestamp (null)
.withSeverity (severity)
.withAppName (appPrefix)
.withHostname (messageHostName ())
.withFacility (Facility.USER)
.withMsg (message),

image

@amiracam
Copy link
Author

amiracam commented Mar 6, 2020

Sorry , don't know how to add a carriage return within the GitHub ticket form. The result of the above is that then in Kiwi I get the following outcome:
image

@amiracam
Copy link
Author

amiracam commented Mar 6, 2020

I have confirmed that I'm not adding the timestamp by error, the actual msg above is : "Sending Tradeblazer Smtp Service ...." , the "TB:SSS:TEST SMTP" is the messageHostName , passed into via "withHostName(), thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cyrille-leclerc @amiracam