Syslog output plugin log format is not proper

ronakg · March 3, 2017, 4:41am

Hi,

I'm using the syslog output plugin to send events out to a remote syslog server. Below is my configuration:

output {
    syslog {
       host => "172.20.24.65"
       port => 514
       appname => "%{[kubernetes][container_name]}"
       procid => "%{[kubernetes][pod]}"
       rfc => "rfc5424"
    }
}

The logs that are received on the server look like following:

Mar  3 04:30:57 rogandhi-host eson[eson-3361257855-6yts2] TRACE CDB_NUM_INSTANCES /vks-group --> CONFD_OK

There are multiple problems with this:

The log message is in rfc3164 format instead of rfc5424 format
Priority, severity and version are not present as first section of the log message <13>1
The timestamp is not in proper format +YYYY-MM-dd'T'HH:mm:ss.SSSZZ

I'm using the syslog output version 3.0.1. I don't see any errors on the logstash logs.

ronakg · March 3, 2017, 7:45am

Never mind. I was interpreting the log message wrong.

system · March 31, 2017, 7:46am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Timestamp for logstash syslog output when specifying RFC5424 Logstash	2	704	May 4, 2018
Logstash compliance with RFC5425 and RFC5426 Logstash	3	514	April 6, 2023
Logstash-output-syslog plugin fix message and structured data Logstash docker	1	697	October 22, 2021
Parsing syslog RFC 5424 format Logstash	3	1055	February 10, 2021
[Logstash 7.2] Syslog Output message Logstash	2	1015	August 30, 2019

Syslog output plugin log format is not proper

Related topics