search

open-telemetry / opentelemetry-collector-contrib

Contrib repository for the OpenTelemetry Collector
https://opentelemetry.io
Apache License 2.0
2.96k stars 2.3k forks source link

syslog exporter does not format structured data with multiple fields properly #33300

Open peffis opened 4 months ago

peffis commented 4 months ago

Component(s)

exporter/syslog

What happened?

Description

In the case when you have several fields in the "attributes.structured_data" object, the resulting syslog entry will not be formatted properly according to RFC5424 (see examples here for instance: https://datatracker.ietf.org/doc/html/rfc5424#section-6.3.5)

Steps to Reproduce

Receive a log record with an attributes.structured_data with more than one field, such as for instance

{
    "body": "",
    "timeUnixNano": 1438811939693012000,
    "attributes": {
        "appname": "SecureAuth0",
        "hostname": "192.168.2.132",
        "message": "Found the user for retrieving user's profile",
        "msg_id": "ID52020",
        "priority": 86,
        "proc_id": "23108",
        "structured_data": {
            "a@193": {
                "a": "a"
            },
            "b@193": {
                "b": "b"
            }
        },
        "version": 1
    }
}

Expected Result

A syslog entry with one block per structured_data field, like so: 

<86>1 2015-08-05T21:58:59.693012Z 192.168.2.132 SecureAuth0 23108 ID52020 [a@193 a="a"][b@193 b="b"] Found the user for retrieving user's profile

Actual Result

Instead the exporter builds only one array (here: https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/main/exporter/syslogexporter/rfc5424_formatter.go#L72) which it does fmt.Sprint on, so end result looks like so instead:

<86>1 2015-08-05T21:58:59.693012Z 192.168.2.132 SecureAuth0 23108 ID52020 [a@193 a="a" b@193 b="b"] Found the user for retrieving user's profile

Collector version

816b1f91146558150b23c055306f6206f70cebb5

Environment information

Environment

OS: Any OS really Compiler(if manually compiled): go1.22.0

OpenTelemetry Collector configuration

receivers:
      otlp:
          protocols:
              grpc:
              http:
    processors:
    extensions:
      health_check: {}
    exporters:
      debug:
        verbosity: detailed
      syslog:
        tls:
            insecure: true
        network: tcp
        port: 5140
        endpoint: syslog
        protocol: rfc5424

    service:
      telemetry:
          logs:
            level: INFO
          metrics:
              address: ":8889"
      extensions: [health_check]
      pipelines:
        logs:
          receivers: [otlp]
          processors: []
          exporters: [debug,syslog]

Log output

No response

Additional context

No response

github-actions[bot] commented 4 months ago

Pinging code owners:

andrzej-stencel commented 2 months ago

Thank you for reporting this issue @peffis. Looking at the examples you linked, this issue looks valid to me. @kkujawa-sumo @rnishtala-sumo do you agree?

Looking at the tests, it seems they don't cover the case with more than one structured data element. This should be fixed, the examples from the RFC could be used for the test cases.

@peffis Would you be open to submitting a fix for this? No worries if not, just checking.

peffis commented 2 months ago

@peffis Would you be open to submitting a fix for this? No worries if not, just checking.

Sorry, but I cannot formally be a contributor to the project right now other than reporting issues.

github-actions[bot] commented 3 weeks ago

This issue has been inactive for 60 days. It will be closed in 60 days if there is no activity. To ping code owners by adding a component label, see Adding Labels via Comments, or if you are unsure of which component this issue relates to, please ping @open-telemetry/collector-contrib-triagers. If this issue is still relevant, please ping the code owners or leave a comment explaining why it is still relevant. Otherwise, please close it.

Pinging code owners:

See Adding Labels via Comments if you do not have permissions to add labels yourself.

rnishtala-sumo commented 3 weeks ago

@andrzej-stencel yes this does look like a bug. Open to any contributions or will work on it myself.