-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[libbeat] Fix parsing of RFC 3164 process IDs in syslog processor #38982
[libbeat] Fix parsing of RFC 3164 process IDs in syslog processor #38982
Conversation
- The pattern for parsing process IDs was too relaxed and would match everything between the first opening and the last closing square bracket in a message. If the message included multiple closing square brackets, the process ID would be set to not only the process ID, but also whatever leads up to the last closing square bracket. - The pattern has now been locked down to only digits. - Added test case.
Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this LGTM! I am far from a ragel expert but based on the issue the substitution of print+
with digit+
makes sense to me
I think |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
/test |
…8982) - The pattern for parsing process IDs was too relaxed and would match everything between the first opening and the last closing square bracket in a message. If the message included multiple closing square brackets, the process ID would be set to not only the process ID, but also whatever leads up to the last closing square bracket. - The pattern has now been locked down to only digits. - Added test case. (cherry picked from commit 8e9a276)
…8982) - The pattern for parsing process IDs was too relaxed and would match everything between the first opening and the last closing square bracket in a message. If the message included multiple closing square brackets, the process ID would be set to not only the process ID, but also whatever leads up to the last closing square bracket. - The pattern has now been locked down to only digits. - Added test case. (cherry picked from commit 8e9a276)
…8982) (#39123) - The pattern for parsing process IDs was too relaxed and would match everything between the first opening and the last closing square bracket in a message. If the message included multiple closing square brackets, the process ID would be set to not only the process ID, but also whatever leads up to the last closing square bracket. - The pattern has now been locked down to only digits. - Added test case. (cherry picked from commit 8e9a276) Co-authored-by: Taylor Swanson <[email protected]>
…8982) (#39124) - The pattern for parsing process IDs was too relaxed and would match everything between the first opening and the last closing square bracket in a message. If the message included multiple closing square brackets, the process ID would be set to not only the process ID, but also whatever leads up to the last closing square bracket. - The pattern has now been locked down to only digits. - Added test case. (cherry picked from commit 8e9a276) Co-authored-by: Taylor Swanson <[email protected]>
Proposed commit message
Checklist
[ ] I have commented my code, particularly in hard-to-understand areas[ ] I have made corresponding changes to the documentation[ ] I have made corresponding change to the default configuration filesCHANGELOG.next.asciidoc
orCHANGELOG-developer.next.asciidoc
.Related issues