Fixed a bug parsing the Syslog date from a RFC 3164 Date String.

Dates from the 1. to the 9. of a month were not correctly parsed.
2025-09-26 03:09:21 +02:00 · 2008-08-06 18:05:12 +02:00 · 2008-08-06 18:05:12 +02:00 · fce57ba48a
commit fce57ba48a
parent 12e08741ac
2 changed files with 21 additions and 16 deletions
--- a/src/classes/logstreamlineparsersyslog.class.php
+++ b/src/classes/logstreamlineparsersyslog.class.php
@ -64,31 +64,31 @@ class LogStreamLineParsersyslog extends LogStreamLineParser {
 		$arrArguments[SYSLOG_MESSAGETYPE] = IUT_Syslog;

 		// Sample (Syslog): Mar 10 14:45:44 debandre anacron[3226]: Job `cron.daily' terminated (mailing output)
-		if ( preg_match("/(... [0-9]{1,2} [0-9]{1,2}:[0-9]{1,2}:[0-9]{1,2}) (.*?) (.*?)\[(.*?)\]:(.*?)$/", $szLine, $out ) )
+		if ( preg_match("/(...)(?:.|..)([0-9]{1,2} [0-9]{1,2}:[0-9]{1,2}:[0-9]{1,2}) (.*?) (.*?)\[(.*?)\]:(.*?)$/", $szLine, $out ) )
 		{
 			// Copy parsed properties!
-			$arrArguments[SYSLOG_DATE] = GetEventTime($out[1]);
-			$arrArguments[SYSLOG_HOST] = $out[2];
-			$arrArguments[SYSLOG_SYSLOGTAG] = $out[3];
-			$arrArguments[SYSLOG_PROCESSID] = $out[4];
-			$arrArguments[SYSLOG_MESSAGE] = $out[5];
+			$arrArguments[SYSLOG_DATE] = GetEventTime($out[1] . " " . $out[2]);
+			$arrArguments[SYSLOG_HOST] = $out[3];
+			$arrArguments[SYSLOG_SYSLOGTAG] = $out[4];
+			$arrArguments[SYSLOG_PROCESSID] = $out[5];
+			$arrArguments[SYSLOG_MESSAGE] = $out[6];
 		}
 		// Sample (Syslog): Mar 10 14:45:39 debandre syslogd 1.4.1#18: restart.
-		else if ( preg_match("/(... [0-9]{1,2} [0-9]{1,2}:[0-9]{1,2}:[0-9]{1,2}) (.*?) (.*?):(.*?)$/", $szLine, $out ) )
+		else if ( preg_match("/(...)(?:.|..)([0-9]{1,2} [0-9]{1,2}:[0-9]{1,2}:[0-9]{1,2}) (.*?) (.*?):(.*?)$/", $szLine, $out ) )
 		{
 			// Copy parsed properties!
-			$arrArguments[SYSLOG_DATE] = GetEventTime($out[1]);
-			$arrArguments[SYSLOG_HOST] = $out[2];
-			$arrArguments[SYSLOG_SYSLOGTAG] = $out[3];
-			$arrArguments[SYSLOG_MESSAGE] = $out[4];
+			$arrArguments[SYSLOG_DATE] = GetEventTime($out[1] . " " . $out[2]);
+			$arrArguments[SYSLOG_HOST] = $out[3];
+			$arrArguments[SYSLOG_SYSLOGTAG] = $out[4];
+			$arrArguments[SYSLOG_MESSAGE] = $out[5];
 		}
 		// Sample (Syslog): Mar 7 17:18:35 debandre exiting on signal 15
-		else if ( preg_match("/(... [0-9]{1,2} [0-9]{1,2}:[0-9]{1,2}:[0-9]{1,2}) (.*?) (.*?)$/", $szLine, $out ) )
+		else if ( preg_match("/(...)(?:.|..)([0-9]{1,2} [0-9]{1,2}:[0-9]{1,2}:[0-9]{1,2}) (.*?) (.*?)$/", $szLine, $out ) )
 		{
 			// Copy parsed properties!
-			$arrArguments[SYSLOG_DATE] = GetEventTime($out[1]);
-			$arrArguments[SYSLOG_HOST] = $out[2];
-			$arrArguments[SYSLOG_MESSAGE] = $out[3];
+			$arrArguments[SYSLOG_DATE] = GetEventTime($out[1] . " " . $out[2]);
+			$arrArguments[SYSLOG_HOST] = $out[3];
+			$arrArguments[SYSLOG_MESSAGE] = $out[4];
 		}
 		// Sample (RSyslog): 2008-03-28T11:07:40+01:00 localhost rger: test 1
 		else if ( preg_match("/([0-9]{4,4}-[0-9]{1,2}-[0-9]{1,2}T[0-9]{1,2}:[0-9]{1,2}:[0-9]{1,2}.[0-9]{1,2}:[0-9]{1,2}) (.*?) (.*?):(.*?)$/", $szLine, $out ) )
--- a/src/include/functions_common.php
+++ b/src/include/functions_common.php
@ -802,7 +802,12 @@ function GetEventTime($szTimStr)
 	}
 	else
 	{
-		die ("wtf GetEventTime unparsable time - " . $szTimStr );
+		$eventtime[EVTIME_TIMESTAMP] = 0;
+		$eventtime[EVTIME_TIMEZONE] = date_default_timezone_get(); // WTF TODO!
+		$eventtime[EVTIME_MICROSECONDS] = 0;
+		
+		// Print Error!
+		OutputDebugMessage("GetEventTime got an unparsable time '" . $szTimStr . "', returning 0");
 	}

 	// return result!