[syslog_parser.py] parsing fails
{"kernel":"4.14.123","hostname":"to","system":"ARMv7 Processor rev 1 (v7l)","model":"Turris Omnia","board_name":"armada-385-turris-omnia","release":{"distribution":"TurrisOS","version":"4.0-beta2","revision":"a6dba1a","target":"mvebu/cortexa9","description":"TurrisOS 4.0-beta2 a6dba1a"}}
Gave it a sping with this syslog conf
log {
filter {
facility(kern) and match("DROP" value("MESSAGE")) and match("wan" value("MESSAGE"));
};
destination {
file("/var/log/iptables" template("${ISODATE} ${MESSAGE}\n"));
};
};
But somehow the parsing fails
2019-06-08T18:45:03+01:00 to nikola: recognized WAN interfaces: lo, pppoe-wan
2019-06-08T18:45:55+01:00 to nikola: Establishing connection took 0.000013 seconds
2019-06-08T18:45:55+01:00 to nikola: Logrotate took 0.005142 seconds
2019-06-08T18:45:55+01:00 to nikola: Failed to parse line: '2019-06-08T18:30:47+01:00 [ 4314.422350] DROP wan in: IN=pppoe-wan OUT= MAC= SRC=106.38.108.28 DST=xxx.59.131.251 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=41606 PROTO=TCP SPT=3068 DPT=23 WINDOW=16390 RES=0x00 SYN URGP=0
2019-06-08T18:45:55+01:00 to nikola: Syslog parsing took 0.076434 seconds
2019-06-08T18:45:55+01:00 to nikola: Records parsed: 0
2019-06-08T18:45:55+01:00 to nikola: Records after filtering: 0
2019-06-08T18:45:55+01:00 to nikola: Records filtering took 0.000592 seconds
2019-06-08T18:45:55+01:00 to nikola: Sending records took 0.006398 seconds
2019-06-08T18:45:55+01:00 to nikola: turris firewall rules might not be active
Having looked at the source code https://gitlab.labs.nic.cz/turris/sentinel/nikola/blob/master/nikola/syslog_parser.py#L142 the date format should be a match. Not sure why the parser fails thus, perhaps this part [ 4314.422350]
?