Closed LYHuang closed 6 years ago
We use RFC5424.
But according to the https://tools.ietf.org/html/rfc5424#section-6, the format should be like:
HEADER = PRI VERSION SP TIMESTAMP SP HOSTNAME SP APP-NAME SP PROCID SP MSGID
The log missing the VERSION. Any solution with this?
Hello, I track the source code and found that only log message get serialized at format and then publish, didn't find where it append RFC5424 header.
Would you point me where you attach the RFC5424 header before sending the log message to the syslog endpoint?
We don’t attach the header. And we never had.
Format is there https://github.com/RackSec/srslog/blob/master/formatter.go#L51
Thanks
Envoyé de mon iPhone
Le 22 févr. 2018 à 15:51, LY Huang notifications@github.com a écrit :
Hello, I track the source code and found that only log message get serialized at format and then publish, didn't find where it append RFC5424 header.
Would you point me where you attach the RFC5424 header before sending the log message to the syslog endpoint?
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.
The syslog I receive from the firehose-to-syslog have an unexpect syslog formate. According to https://tools.ietf.org/html/rfc3164#section-4.1.1, there should not have a space between the PRI value and the timestamp.
However, all the logs from firehose-to-syslog is format like
<6> 2018-02-13T23:44:34Z 714085b2-70b8-4d45-5b90-a39a doppler[19]
. Is there any solution get remove this space?This is the setting with the firehose-to-syslog: