EasyPost
Unable to parse syslog messages which have version = 0
<142>0 2020-08-07T05:35:04+05:30 localhost root[6045]: root 6045 - Sample Message
Here is a sample syslog message. When Version = 0, parsing fails
SyslogMessage.parse(r'<142>0 2020-08-07T05:35:04+05:30 localhost root[6045]: root 6045 - Sample Message')
Traceback (most recent call last):
File "C:\python373\lib\site-packages\syslog_rfc5424_parser\message.py", line 78, in parse
groups = parser.parse(message_string)
File "C:\python373\lib\site-packages\syslog_rfc5424_parser\parser.py", line 126, in parse
tree = _parser.parse(s)
File "C:\python373\lib\site-packages\lark\lark.py", line 228, in parse
return self.parser.parse(text)
File "C:\python373\lib\site-packages\lark\parser_frontends.py", line 38, in parse
return self.parser.parse(token_stream, *[sps] if sps is not NotImplemented else [])
File "C:\python373\lib\site-packages\lark\parsers\lalr_parser.py", line 68, in parse
for token in stream:
File "C:\python373\lib\site-packages\lark\lexer.py", line 335, in lex
for x in l.lex(stream, self.root_lexer.newline_types, self.root_lexer.ignore_types):
File "C:\python373\lib\site-packages\lark\lexer.py", line 169, in lex
raise UnexpectedCharacters(stream, line_ctr.char_pos, line_ctr.line, line_ctr.column, state=self.state)
lark.exceptions.UnexpectedCharacters: No terminal defined for '0' at line 1 col 6
<142>0 2020-08-07T05:35:04+05:30 localhost ro
^
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "", line 1, in
Some of the other sample messages Version=10 is fine SyslogMessage.parse(r'<142>10 2020-08-07T05:35:04+05:30 localhost root[6045]: root 6045 - Sample Message') SyslogMessage(severity=<SyslogSeverity.info: 6>,facility=<SyslogFacility.local1: 17>,version=10,timestamp='2020-08-07T05:35:04+05:30',hostname='localhost',appname='root[6045]:',procid='root',msgid='6045',sd={},msg=' Sample Message')
Version=100 is fine SyslogMessage.parse(r'<142>100 2020-08-07T05:35:04+05:30 localhost root[6045]: root 6045 - Sample Message') SyslogMessage(severity=<SyslogSeverity.info: 6>,facility=<SyslogFacility.local1: 17>,version=100,timestamp='2020-08-07T05:35:04+05:30',hostname='localhost',appname='root[6045]:',procid='root',msgid='6045',sd={},msg=' Sample Message')
Version=1001 fails SyslogMessage.parse(r'<142>1001 2020-08-07T05:35:04+05:30 localhost root[6045]: root 6045 - Sample Message') Traceback (most recent call last): File "C:\python373\lib\site-packages\syslog_rfc5424_parser\message.py", line 78, in parse groups = parser.parse(message_string) File "C:\python373\lib\site-packages\syslog_rfc5424_parser\parser.py", line 126, in parse tree = _parser.parse(s)
Technically any version other than 1 is illegal under RFC 5424 (versions have to be allocated by IANA under the RFC 5226 process; that list can be found at https://www.iana.org/assignments/syslog-parameters/syslog-parameters.xhtml#syslog-parameters-3). Do you have something that actually generates a non-version-1 message?
I have legacy RFC-3164 messages coming into the server When rsyslog.conf is configured to receive RFC-5424 messages, I see that it converts the incoming RFC-3164 message format to RFC-5424 message The version field is set to '0' in this case
Well, technically the RFC says that version 0 is forbidden, but I guess it wouldn't really hurt to accept it here.
Due to the age of the issue and the current lack of a releasing flow for Rust OSS, I'm going to close this. For those that may need this in the short term, feel free to fork the repo and build from source. We may revisit this in the future; however, because this goes against the RFC, I'm not initially inclined to make this change at the source.
