Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Syslog server can't parse my file #58

Open
MatheusMorozetti opened this issue Mar 18, 2024 · 1 comment
Open

Syslog server can't parse my file #58

MatheusMorozetti opened this issue Mar 18, 2024 · 1 comment

Comments

@MatheusMorozetti
Copy link

MatheusMorozetti commented Mar 18, 2024
edited by dasfmi
Loading

Hi there!

I followed this instruction for install axiom syslog server: https://axiom.co/docs/send-data/syslog-proxy and I tested with echo -n "tcp message" | nc -w1 localhost 601 and everything is gone fine!

I setup in my /etc/syslog.conf I configured send logs into my syslog server

#maas config
module(load="imfile")
module(load="imtcp")
input(type="imtcp" port="601")
$InputFileName /var/snap/maas/common/log/rsyslog.log
$InputFileTag maas-logs
$InputFileStateFile maas-logs-state
$InputFileSeverity info
$InputFileFacility local7
$InputRunFileMonitor

local7.* @localhost:601

But seens Axiom server can't parse my file:

docker logs f551b472a6f5

{"level":"info","ts":1710446128.4934351,"logger":"axiom-syslog-proxy","caller":"cmd/cmd.go:71","msg":"starting","release":"0.7.0","revision":"40b6431","build_date":"2023-08-16T11:44:20Z","build_user":"goreleaser","go_version":"go1.21.0"}
{"level":"info","ts":1710446128.4936218,"logger":"axiom-syslog-proxy","caller":"cmd/cmd.go:106","msg":"started"}
[19:55:28.49] info  axiom-syslog-proxy@logs/input udp.go:18 Started UDP server on udp:[::]:514
[19:55:28.49] info  axiom-syslog-proxy@logs/input tcp.go:23 Started TCP server on tcp:[::]:601
2024/03/14 20:07:34 Unable to parse log line: tcp message
2024/03/14 20:07:39 ingested 1 event(s)
2024/03/14 20:07:40 Unable to parse log line: udp message
2024/03/14 20:07:43 ingested 1 event(s)
2024/03/18 13:25:55 Unable to parse log line: tcp message
2024/03/18 13:25:58 ingested 1 event(s)

How can I handled with that?
@lukasmalkmus
Copy link
Contributor

Hi @MatheusMorozetti!

Have you double checked the dataset? Is there no data inside?

ingested 1 event(s): From what I'm seeing here, the server has actually received the request and processed it.

Unable to parse log line: tcp message: So this is actually an error reported from the command you ran: echo -n "tcp message" | nc -w1 localhost 601. There is a fallback inside the syslog server: If a message reaches it, that is not syslog (like the simple string tcp message or udp message), create a new syslog-like event with the incoming message as the content.

Can you double check if data arrives? Can you share more logs from the syslog proxy?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lukasmalkmus @MatheusMorozetti