Skip Menu |

This queue is for tickets about the Parse-Syslog-Line CPAN distribution.

Report information
The Basics
Id: 95469
Status: resolved
Priority: 0/
Queue: Parse-Syslog-Line
People
Owner: brad [...] divisionbyzero.net
Requestors: abraxxa [...] cpan.org
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: 2.6
Fixed in: 2.7

History Show all quoted text
  Thu May 08 13:19:01 2014 abraxxa [...] cpan.org - Ticket created
Subject: Cisco IOS date format
once again ;( We have some Cisco IOS routers that log the second timestamp with the year after the day, not before the name of the month: <189>May 8 19:12:19 router.company.tld 11815005: May 8 2014 19:12:18.454 CET: %CRYPTO-5-IPSEC_SETUP_FAILURE: IPSEC SETUP FAILED for local:1.2.3.4 local_id:1.2.3.4 remote:4.5.6.7 remote_id:4.5.6.7 IKE profile:foo fvrf:None fail_reason:IPSec Proposal failure fail_class_cnt:14 I've added a second year part to the date_long regex to fix the parsing: date_long => qr/^ (?:[0-9]{4}\s+)? # Year: Because, Cisco ([.*])? # Cisco adds a * for no ntp, and a . for configured but out of sync [a-zA-Z]{3}\s+[0-9]+ # Date: Jan 1 (?:\s+[0-9]{4})? # Year: Because, Cisco \s+ # Date Separator: spaces [0-9]{1,2}(?:\:[0-9]{2}){1,2} # Time: HH:MM or HH:MM:SS (?:\.[0-9]{3})? # Time: .DDD ms resolution (?:\s+[A-Z]{3,4})? # Timezone, ZZZ or ZZZZ (?:\:?) # Cisco adds a : after the second timestamp /x,
  Sun May 11 06:39:33 2014 brad [...] divisionbyzero.net - Taken
  Sun May 11 07:02:18 2014 brad [...] divisionbyzero.net - Correspondence added
Thanks for the information.. added this in to 2.7, but PAUSE isn't accepting my uploads currently. :( On Thu May 08 13:19:01 2014, ABRAXXA wrote: Show quoted text
> once again ;( > > We have some Cisco IOS routers that log the second timestamp with the > year after the day, not before the name of the month: > <189>May 8 19:12:19 router.company.tld 11815005: May 8 2014 > 19:12:18.454 CET: %CRYPTO-5-IPSEC_SETUP_FAILURE: IPSEC SETUP FAILED > for local:1.2.3.4 local_id:1.2.3.4 remote:4.5.6.7 remote_id:4.5.6.7 > IKE profile:foo fvrf:None fail_reason:IPSec Proposal failure > fail_class_cnt:14 > > I've added a second year part to the date_long regex to fix the > parsing: > > date_long => qr/^ > (?:[0-9]{4}\s+)? # Year: Because, Cisco > ([.*])? # Cisco adds a * for > no ntp, and a . for configured but out of sync > [a-zA-Z]{3}\s+[0-9]+ # Date: Jan 1 > (?:\s+[0-9]{4})? # Year: Because, Cisco > \s+ # Date Separator: > spaces > [0-9]{1,2}(?:\:[0-9]{2}){1,2} # Time: HH:MM or > HH:MM:SS > (?:\.[0-9]{3})? # Time: .DDD ms > resolution > (?:\s+[A-Z]{3,4})? # Timezone, ZZZ or > ZZZZ > (?:\:?) # Cisco adds a : after > the second timestamp > /x,
  Sun May 11 07:02:20 2014 The RT System itself - Status changed from 'new' to 'open'
  Sun May 11 10:43:40 2014 alex.hartmaier [...] gmail.com - Correspondence added
Subject: Re: [rt.cpan.org #95469] Cisco IOS date format
Date: Sun, 11 May 2014 16:43:24 +0200
To: "bug-Parse-Syslog-Line [...] rt.cpan.org" <bug-Parse-Syslog-Line [...] rt.cpan.org>
From: Alexander Hartmaier <alex.hartmaier [...] gmail.com>
Thanks Brad! What's the PAUSE issue? BR Alex Show quoted text
> Am 11.05.2014 um 13:02 schrieb "Brad Lhotsky via RT" <bug-Parse-Syslog-Line@rt.cpan.org>: > > <URL: https://rt.cpan.org/Ticket/Display.html?id=95469 > > > Thanks for the information.. added this in to 2.7, but PAUSE isn't accepting my uploads currently. :( >
>> On Thu May 08 13:19:01 2014, ABRAXXA wrote: >> once again ;( >> >> We have some Cisco IOS routers that log the second timestamp with the >> year after the day, not before the name of the month: >> <189>May 8 19:12:19 router.company.tld 11815005: May 8 2014 >> 19:12:18.454 CET: %CRYPTO-5-IPSEC_SETUP_FAILURE: IPSEC SETUP FAILED >> for local:1.2.3.4 local_id:1.2.3.4 remote:4.5.6.7 remote_id:4.5.6.7 >> IKE profile:foo fvrf:None fail_reason:IPSec Proposal failure >> fail_class_cnt:14 >> >> I've added a second year part to the date_long regex to fix the >> parsing: >> >> date_long => qr/^ >> (?:[0-9]{4}\s+)? # Year: Because, Cisco >> ([.*])? # Cisco adds a * for >> no ntp, and a . for configured but out of sync >> [a-zA-Z]{3}\s+[0-9]+ # Date: Jan 1 >> (?:\s+[0-9]{4})? # Year: Because, Cisco >> \s+ # Date Separator: >> spaces >> [0-9]{1,2}(?:\:[0-9]{2}){1,2} # Time: HH:MM or >> HH:MM:SS >> (?:\.[0-9]{3})? # Time: .DDD ms >> resolution >> (?:\s+[A-Z]{3,4})? # Timezone, ZZZ or >> ZZZZ >> (?:\:?) # Cisco adds a : after >> the second timestamp >> /x,
> > >
  Wed Aug 13 17:15:34 2014 brad [...] divisionbyzero.net - Correspondence added
RT-Send-CC: alex.hartmaier [...] gmail.com
Turns out the upload worked and this has been fixed for a while but I never closed the ticket. Works in 2.7.
  Wed Aug 13 17:15:35 2014 brad [...] divisionbyzero.net - Status changed from 'open' to 'resolved'
  Wed Aug 13 17:15:35 2014 brad [...] divisionbyzero.net - Fixed in 2.7 added