Closed sinkingpoint closed 3 months ago
Pinging code owners:
receiver/syslog: @djaglowski @andrzej-stencel
See Adding Labels via Comments if you do not have permissions to add labels yourself.
As far as I understand that part, the parser has no option the pass the maxSize
information to to any parser?
Looking at this construction part non of those takes a maxsize into account.
The used version of github.com/influxdata/go-syslog/v3/rfc5424
doesnt even offer an option that can be set.
max_log_size
is a feature of the TCP input component, but it doesn't apply to syslog.
The used version of github.com/influxdata/go-syslog/v3/rfc5424 doesnt even offer an option that can be set.
I looked into this further and found that go-syslog justifies the hard limit based on RFC 5425 Section 4.3.1. My reading of that section is that it is the minimum which the library should support but it is not prescriptive about it being a maximum.
@djaglowski considering that that repo has been archived, would it make sense to fork it here?
Actually I'm happy to see that the original author has recently created a fork and is making updates again! We should definitely switch in my opinion. https://github.com/leodido/go-syslog.
If I'm reading this correctly, the v4 release from leodido/go-syslog allows us to fix this issue, as it contains the WithMaxMessageLength
function introduced in https://github.com/influxdata/go-syslog/pull/39 that we can call when instatiating the parser. Is my thinking correct?
PR switching the dependency to the fork: https://github.com/open-telemetry/opentelemetry-collector-contrib/pull/33205.
Hi! I would like to pick this issue up if still available
@djaglowski I went ahead and created a draft PR making use of the new option the updated library. I do have some open questions which I have added to the PR description - appreciate any feedback there
This issue has been inactive for 60 days. It will be closed in 60 days if there is no activity. To ping code owners by adding a component label, see Adding Labels via Comments, or if you are unsure of which component this issue relates to, please ping @open-telemetry/collector-contrib-triagers
. If this issue is still relevant, please ping the code owners or leave a comment explaining why it is still relevant. Otherwise, please close it.
Pinging code owners:
See Adding Labels via Comments if you do not have permissions to add labels yourself.
Resolved by #33777.
Component(s)
receiver/syslog
What happened?
Description
When using the syslog receiver, we can only parse messages up to the default maximum length (8192 octets), even with a
max_log_size
set much higher.Steps to Reproduce
max_log_size
of 100MiB)message too long to parse. was size 40366, max length 8192
Expected Result
The message should parse properly
Actual Result
The message fails to parse
Collector version
v0.100.0
Environment information
Environment
OS: Debian Bookworm
OpenTelemetry Collector configuration
Log output
Additional context
This seems to be because we aren't parsing a value into here: https://github.com/influxdata/go-syslog/blob/66067a10754ae90b9540d5312989ae685413c4fe/octetcounting/parser.go#L46 so we get stuck with the default limit