Fix syslog year rollover issues caused by time zone differences. #52
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…llover issues due to timezone discrepancies.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I've noticed an issue: Graylog2/graylog2-server/issues/21472
RFC3164 syslog messages lack a year field. The syslog4j library attempts to add this, but its logic relies on the JVM's default timezone. This can lead to incorrect year appending during year rollovers if the JVM's timezone differs from the actual message's timezone.
For example, consider a message timestamped 2024-12-31T20:00:00-05:00 (EST), which is equivalent to 2025-01-01T01:00:00Z in UTC. The correct year to append is 2024, but due to the year rollover, syslog4j might incorrectly append 2025. This results in the message being misinterpreted as originating from the future, 1 year later.
The solution is to prioritize using the syslogServerTimeZone to determine the year. If syslogServerTimeZone is unavailable, fall back to the JVM's default timezone.