Syslogd does not properly handle:
1) the ADDDATE flag which is set with -T invocation and when messages
come from the kernel. Other cases where it is set it is ignored
as timestamping is always done (e.g. logmsg_async())
2) the variable found_ts in check_timestamp(). It would determine
whether or not the message had a (possibly valid) timestamp, set
found_ts to true, then ignore that in most cases. If we can't find
a timestamp return.
3) messages without a parsable timestamp should get one when outputting
the BSD syslog format so that a syslog-protocol timestamp isn't
injected (chopped off with BSD syslog length) giving something like:
"2008-11-27T15:0 cisco -: 1790:"
^ time might have been 2008-11-27T15:02:35.296497+11:00
4) syslog protocol version checking only checked for a leading numeral
one (1) then skipped two places (presuming a space). Messages sent
from some sources (e.g. my cisco) may be
"1795: Nov 27 04:12:52: %LINEPROTO-5-..."
which would be chopped to
"95: Nov 27 04:12:52: %LINEPROTO-5-..."
b3ed889133