Syslog output plugin log format is not proper

ronakg · March 3, 2017, 4:41am

Hi,

I'm using the syslog output plugin to send events out to a remote syslog server. Below is my configuration:

output {
    syslog {
       host => "172.20.24.65"
       port => 514
       appname => "%{[kubernetes][container_name]}"
       procid => "%{[kubernetes][pod]}"
       rfc => "rfc5424"
    }
}

The logs that are received on the server look like following:

Mar  3 04:30:57 rogandhi-host eson[eson-3361257855-6yts2] TRACE CDB_NUM_INSTANCES /vks-group --> CONFD_OK

There are multiple problems with this:

The log message is in rfc3164 format instead of rfc5424 format
Priority, severity and version are not present as first section of the log message <13>1
The timestamp is not in proper format +YYYY-MM-dd'T'HH:mm:ss.SSSZZ

I'm using the syslog output version 3.0.1. I don't see any errors on the logstash logs.

ronakg · March 3, 2017, 7:45am

Never mind. I was interpreting the log message wrong.

system · March 31, 2017, 7:46am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Timestamp for logstash syslog output when specifying RFC5424 Logstash	2	730	May 4, 2018
Logstash output syslog plugin doesnt prefix output with <PRI> Logstash	6	1250	August 2, 2017
Logstash compliance with RFC5425 and RFC5426 Logstash	3	661	April 6, 2023
Syslog output plugin configuration Logstash	8	8726	July 6, 2017
Logstash syslog output format Logstash	6	2591	July 12, 2019

Syslog output plugin log format is not proper

Related topics