Werk #301: Handling messages of special syslog format correctly
| Component | Event Console |
| Title | Handling messages of special syslog format correctly |
| Date | Dec 6, 2013 |
| Checkmk Edition | Checkmk Raw (CRE) |
| Checkmk Version | 1.2.5i1 |
| Level | Trivial Change |
| Class | New Feature |
| Compatibility | Compatible - no manual interaction needed |
The syslog RFCs allow different formats of syslog messages. The message parsing code in the Event Console does support several formats and should be able to deal with all formats allowed by the specifications. However, one format was not supported in past versions. Those messages were simply dropped and only seen in the logs of the Event Console, when rule execution debugging is enabled.
These log entries look as follows:
<5>SYSTEM_INFO: [WLAN-1] Performing Background Scan : channel 12, active, 28 TU
The specific part here is the missing date/time and missing hostname information, which is sent by most syslog clients. The parser has been changed to be able to parse this format. The Event Console adds the current date/time to the event and the IP address of the sending client as host information.
