Fix automatic detection of rsyslogd logs. Thanks to David Day for the report.

author Darold Gilles <gilles@darold.net>

Tue, 26 Aug 2014 20:39:28 +0000 (22:39 +0200)

committer Darold Gilles <gilles@darold.net>

Tue, 26 Aug 2014 20:39:28 +0000 (22:39 +0200)
author Darold Gilles <gilles@darold.net>
Tue, 26 Aug 2014 20:39:28 +0000 (22:39 +0200)
committer Darold Gilles <gilles@darold.net>
Tue, 26 Aug 2014 20:39:28 +0000 (22:39 +0200)
diff --git a/pgbadger b/pgbadger

index dae34fc55ebb8d7722c6c6c7415ecf2410a5dfc1..3cb561789c8a9ffa0bb8f4e9dba6e09182aa9668 100755 (executable)
--- a/pgbadger
+++ b/pgbadger
@@ -465,8 +465,8 @@ $format ||= $frmt;
  
  if ($format eq 'syslog2') {
         $other_syslog_line =
-               qr/^(\d+-\d+)-(\d+)T(\d+):(\d+):(\d+)(?:.[^\s]+)?\s([^\s]+)\s(?:[^\s]+\s)?([^\s\[]+)\[(\d+)\]:(?:\s\[[^\]]+\])?\s\[(\d+)\-\d+\]\s*(.*)/;
-       $orphan_syslog_line = qr/^(\d+-\d+)-(\d+)T(\d+):(\d+):(\d+)(?:.[^\s]+)?\s([^\s]+)\s(?:[^\s]+\s)?([^\s\[]+)\[(\d+)\]:/;
+               qr/^(\d+-\d+)-(\d+)T(\d+):(\d+):(\d+)(?:.[^\s]+)?\s([^\s]+)\s(?:[^\s]+\s)?(?:[^\s]+\s)?([^\s\[]+)\[(\d+)\]:(?:\s\[[^\]]+\])?\s\[(\d+)\-\d+\]\s*(.*)/;
+       $orphan_syslog_line = qr/^(\d+-\d+)-(\d+)T(\d+):(\d+):(\d+)(?:.[^\s]+)?\s([^\s]+)\s(?:[^\s]+\s)?(?:[^\s]+\s)?([^\s\[]+)\[(\d+)\]:/;
  }
  
  # Set default top query
@@ -669,7 +669,7 @@ if ($log_line_prefix) {
         } elsif ($format eq 'syslog2') {
                 $format = 'syslog';
                 $log_line_prefix =
-                         '^(\d+)-(\d+)-(\d+)T(\d+):(\d+):(\d+)(?:.[^\s]+)?\s([^\s]+)\s(?:[^\s]+\s)?([^\s\[]+)\[(\d+)\]:(?:\s\[[^\]]+\])?\s\[(\d+)\-\d+\]\s*'
+                         '^(\d+)-(\d+)-(\d+)T(\d+):(\d+):(\d+)(?:.[^\s]+)?\s([^\s]+)\s(?:[^\s]+\s)?(?:[^\s]+\s)?([^\s\[]+)\[(\d+)\]:(?:\s\[[^\]]+\])?\s\[(\d+)\-\d+\]\s*'
                         . $log_line_prefix
                         . '\s*(LOG|WARNING|ERROR|FATAL|PANIC|DETAIL|STATEMENT|HINT|CONTEXT):\s+(?:[0-9A-Z]{5}:\s+)?(.*)';
                 $compiled_prefix = qr/$log_line_prefix/;
@@ -689,7 +689,7 @@ qr/^(...)\s+(\d+)\s(\d+):(\d+):(\d+)(?:\s[^\s]+)?\s([^\s]+)\s([^\s\[]+)\[(\d+)\]
  } elsif ($format eq 'syslog2') {
         $format = 'syslog';
         $compiled_prefix =
-qr/^(\d+)-(\d+)-(\d+)T(\d+):(\d+):(\d+)(?:.[^\s]+)?\s([^\s]+)\s(?:[^\s]+\s)?([^\s\[]+)\[(\d+)\]:(?:\s\[[^\]]+\])?\s\[(\d+)\-\d+\]\s*(.*?)\s*(LOG|WARNING|ERROR|FATAL|PANIC|DETAIL|STATEMENT|HINT|CONTEXT):\s+(?:[0-9A-Z]{5}:\s+)?(.*)/;
+qr/^(\d+)-(\d+)-(\d+)T(\d+):(\d+):(\d+)(?:.[^\s]+)?\s([^\s]+)\s(?:[^\s]+\s)?(?:[^\s]+\s)?([^\s\[]+)\[(\d+)\]:(?:\s\[[^\]]+\])?\s\[(\d+)\-\d+\]\s*(.*?)\s*(LOG|WARNING|ERROR|FATAL|PANIC|DETAIL|STATEMENT|HINT|CONTEXT):\s+(?:[0-9A-Z]{5}:\s+)?(.*)/;
         push(@prefix_params, 't_year', 't_month', 't_day', 't_hour', 't_min', 't_sec', 't_host', 't_ident', 't_pid', 't_session_line',
                 't_logprefix', 't_loglevel', 't_query');
  } elsif ($format eq 'stderr') {
@@ -9784,9 +9784,8 @@ sub autodetect_format
                                 $fmt = 'syslog';
                                 $nfound++;
                                 $ident_name{$1}++;
-
                         } elsif ($line =~
-       /^\d+-\d+-\d+T\d+:\d+:\d+(?:.[^\s]+)?\s[^\s]+\s(?:[^\s]+\s)?([^\s\[]+)\[\d+\]:(?:\s\[[^\]]+\])?\s\[\d+\-\d+\].*?(LOG|WARNING|ERROR|FATAL|PANIC|DETAIL|STATEMENT|HINT|CONTEXT):/
+       /^\d+-\d+-\d+T\d+:\d+:\d+(?:.[^\s]+)?\s[^\s]+\s(?:[^\s]+\s)?(?:[^\s]+\s)?([^\s\[]+)\[\d+\]:(?:\s\[[^\]]+\])?\s\[\d+\-\d+\].*?(LOG|WARNING|ERROR|FATAL|PANIC|DETAIL|STATEMENT|HINT|CONTEXT):/
                            )
                         {
                                 $fmt = 'syslog2';
author	Darold Gilles <gilles@darold.net>
	Tue, 26 Aug 2014 20:39:28 +0000 (22:39 +0200)
committer	Darold Gilles <gilles@darold.net>
	Tue, 26 Aug 2014 20:39:28 +0000 (22:39 +0200)