Details
-
Bug
-
Resolution: Fixed
-
Major
-
None
-
None
-
debian 7, syslog-ng
Description
syslog.php is discarding portions of the msg field when certain characters are present in the msg. I have already confirmed that syslog-ng is not damaging the msg field and that the data is making it to syslog.php intact by turning on debugging in syslog-ng an duplicating it's output into a file.
Here is the original log message
Wed Mar 26 12:54:17 2014 : Auth: Login incorrect (mschap: External script says Logon failure (0xc000006d)): [username] (from client 10.100.1.3 port 0 cli a4c3612a4077 via TLS tunnel)
|
Here is the syslog-ng prepped version that is being sent to syslog.php
radius||local0||notice||notice||85||2014-03-26 12:54:17||Wed Mar 26 12:54:17 2014 : Auth: Login incorrect (mschap: External script says Logon failure (0xc000006d)): [username] (from client 10.100.1.3 port 0 cli a4c3612a4077 via TLS tunnel)||Auth
|
Observium matches everything inside the delimiters except the MSG field, what it puts in the DB for MSG is:
[username] (from client 10.100.1.3 port 0 cli a4c3612a4077 via TLS tunnel)
|
That includes the preceding space that was after the )): . It does get the program after MSG correct as well. My initial thought is that it is some sort of after processing that is butchering the MSG field.