Missing log part

General discussions here

Moderator: rgerhards

Google Ads


Missing log part

Postby denisp » Wed Oct 18, 2017 9:30 am

Hi Guys!
We shipping logs from docker (17.03) via syslog driver to Rsyslog via UDP.
The log message looks like this:
2017-10-17T17:51:28.018686+02:00 dev-ecs-3 docker/dev/someapplicationname/some_containerID 2738 docker/dev/someapplicationname/someID [INFO,someapplicationname,5331158,AsyncHttpClient-2-3] Can't handle 401 as there's no realm\0x0a
The problem is , when the message is being writing to the log file (disk) , part of the message is missing:
2017-10-16T15:10:05.264249+02:00 dev-ecs-1 docker/dev/someapplicationname/some_containerID[2738] Can't handle 401 as there's no realm

We are not implementing any mutation rules , the whole config is - receive the logs with "imudp" and write them with "omfile" on the disk .
The log messages are definitely arriving to the Rsyslog server with correct format (checked with tcpdump) but Rsyslog itself changing it before committing to the disk.
Checked with Rsyslog v7.4.4-1ubuntu2.7 & rsyslog 8.29.0-0adiscon3trusty1

Guys your help needed.

Thnx all in advance
denisp
New
 
Posts: 1
Joined: Wed Oct 18, 2017 9:08 am

Urgent Question?

  • Pulling out your Hair?
  • Wasting Time and Money?
  • Deadline Approaching?

Re: Missing log part

Postby dlang » Wed Oct 18, 2017 5:14 pm

please write logs with the template RSYSLOG_DebugFormat so we can see exactly what rsyslog is seeing and how it's being parsed.

the log you are quoting is not in a valid over-the-wire format, but I expect that there is probably some stuff not shown in your quote.
dlang
Frequent Poster
 
Posts: 1001
Joined: Mon Sep 15, 2008 7:44 am

Google Ads



Return to General

Who is online

Users browsing this forum: No registered users and 1 guest

cron