search

fluent-plugins-nursery / fluent-plugin-remote_syslog

Fluentd plugin for output to remote syslog serivce (e.g. Papertrail)
https://github.com/dlackty/fluent-plugin-remote_syslog
MIT License
68 stars 53 forks source link

TCP Remote Shipping not working #28

Closed waldman closed 1 year ago

waldman commented 6 years ago

Hi,

I'm trying to make the tcp remote syslog shipment work but it's just not shipping anything (nor logging anything to td-agent log file).

As an additional information I have the remote_syslog settings inside a copy @type and have a elasticsearch shipment configured side-by-side that is working flawlessly.

I'm attaching bellow my settings, could you please advise?

  <match **>
    @type copy
    <store>
      @type "remote_syslog"
      host "10.250.51.5"
      hostname "syslog-test"
      port 514
      severity "debug"
      protocol tcp
      program "td-agent"
      packet_size 10240
      timeout 0
      keep_alive true
      <buffer>
        flush_mode interval
        flush_interval 5s
      </buffer>
      <format>
        @type "single_value"
        message_key "msg"
      </format>
    </store>
  </match>

Then, from inside the container (just to show that the syslog server is reacheable): 

root@cluster-logger-nqdpm:/# telnet 10.250.51.5 514
Trying 10.250.51.5...
Connected to 10.250.51.5.
Escape character is '^]'.

Then on the docker host (just to show that there are no open connections to the syslog server:

root@ip-10-247-4-56:~# netstat -pan | grep 10.250.51.5
root@ip-10-247-4-56:~#

Is there any way to debug this?

Thanks a lot! =)

emcfarlane commented 6 years ago

Having the same issue, any solutions?

emcfarlane commented 6 years ago

@waldman just a formatting issue for me. Adjusting the <format>...</format> section solved my issues.

jd-daniels commented 6 years ago

@afking what did you adjust?

joker1007 commented 6 years ago

This plugin is based on https://github.com/reproio/remote_syslog_sender currently. And it is for https://papertrailapp.com/. (I tested on https://papertrailapp.com/)

If you still have this probrem, Would you test remote_syslog_sender directly? If remote_syslog_sender cannot send payload to a target host, Payload format is maybe different with papertrailapp.com.

Thanks!

scalp42 commented 5 years ago

@afking @waldman any chance you guys could share what fix you found?

See https://github.com/dlackty/fluent-plugin-remote_syslog/issues/35