Logstash-output-syslog plugin sends incorrect facility

jsteenkamp · November 17, 2020, 4:26pm

Linux Debian 10.6
Logstash 7.10.0
OpenJDK 11.0.8+10
rsyslogd 8.1901.0
plugin logstash-output-syslog

example.conf:

input {
  stdin {}
}

output {
  stdout {}
  syslog {
    id => "syslog_output"
    appname => "logstash_test"
    facility => "local7"
    host => "x.x.x.x"
    port => 514
    protocol => "tcp"
  }
}

$echo 'Nov 17 17:14:49 testmessage' | sudo /usr/share/logstash/bin/logstash -f example.conf --path.data /var/tmp

{
  "host" => "server01",
  "message" => "Nov 17 17:14:49 testmessage",
  "@version" => "1",
  "@timestamp" => 2020-11-17T16:25:05.943Z
}

This indeed also sends the syslog message, but the facility does not match with the config (local5).

$tail -0f /data/log/example.log
local5.notice  2020-11-17T16:15:41.252Z server01 Nov 17 17:14:49 testmessage

jsteenkamp · November 18, 2020, 1:18pm

confirmed bug: https://github.com/logstash-plugins/logstash-output-syslog/issues/39

system · December 16, 2020, 1:19pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash syslog output plugin not setting facility Logstash	6	1115	June 22, 2017
Syslog output plugin log format is not proper Logstash	2	564	March 31, 2017
Logstash cmd displaying wrong output Logstash	1	212	March 11, 2022
Logstash-output-syslog plugin fix message and structured data Logstash docker	1	705	October 22, 2021
Configuring Logstash Sylog (v2.1.4) Output plugin for to use ssl-tcp Logstash	3	921	July 6, 2017

Logstash-output-syslog plugin sends incorrect facility

Related topics