[rsyslog] Syslogtags with whitespaces misparsed?

[Rainer Gerhards]

Just a quick note: there is no such thing as a whitespace inside a syslog tag (read rfc3164, 5424).  The message is severely malformed and i do not see any way how rsyslog could guess the intention of the sender correctly. Have a look at the doc set, there is a full doc page with elaborate info on such cases. (i dont have it at hand right now)

rainer

----- Ursprüngliche Nachricht -----
Von: "Luis Fernando Muñoz Mejías" <Luis.Fernando.Munoz.Mejias at cern.ch>
An: "rsyslog at lists.adiscon.com" <rsyslog at lists.adiscon.com>
Gesendet: 16.07.09 14:41
Betreff: [rsyslog] Syslogtags with whitespaces misparsed?

Hello, world

Some programs intruduce spaces as part of their syslog tags. For
instance, a message from gconfd includes the tag "gconfd", and then
the user and a PID, like this:

2009-07-16T00:58:45+02:00 gconfd (foo-26702): Resolved address
"xml:readonly:/etc/gconf/gconf.xml.mandatory" to a read-only
configuration source at position 0

The bad news is that the "gconfd" is interpreted as the host name. I'd
expect that line to be:

2009-07-16T00:58:45+02:00 HOSTNAME gconfd (foo-26702): Resolved
address "xml:readonly:/etc/gconf/gconf.xml.mandatory" to a read-only
configuration source at position 0

And thus, I'm losing the precious information of who produced the
message.

We have a funny mix of syslogd (most nodes) and rsyslog (3.X and 4.Y for
central log services, mainly) here. I wonder if it's a configuration
problem, an rsyslog bug (the first word of the syslogtag is displacing
the host name) or an unavoidable problem of communicating rsyslog and
syslog.

Anyone knows what is going on?

Thanks.
-- 
Luis Fernando Muñoz Mejías
Luis.Fernando.Munoz.Mejias at cern.ch

_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com