Details
-
Type:
Bug
-
Status: Closed
-
Priority:
Major
-
Resolution: Complete
-
Affects Version/s: 4.1.2
-
Component/s: Syslog Support
-
Labels:None
Description
Regular expression used in SyslogToMapTransformer to split text into Map fields is not splitting TAG and MESSAGE fields correctly.
According to RFC 3164, chapter "4.1.3 MSG Part of a syslog Packet":
the first character of the CONTENT field that signifies the
conclusion of the TAG field has been seen to be the left square
bracket character ("["), a colon character (":"), or a space
character. This is explained in more detail in Section 5.3.
Pattern should finish TAG field on any non-alphanumeric character but right now it only looks for colon.
