syslog receiver Error expecting a Stamp timestamp [col 5]

[massimilianocorsi]

Describe the bug When using the syslog receiver, an error occurs while processing log entries. The error message is "expecting a Stamp timestamp [col 5]".

Steps to reproduce Configure the syslog receiver in the configuration file. Send logs via syslog. Check the logs for the error.

What did you expect to see? I expected the logs to be processed without errors.

What did you see instead? I saw the following error:

{"level":"error","ts":1716980076.4129574,"caller":"helper/transformer.go:98","msg":"Failed to process entry","kind":"receiver","name":"syslog","data_type":"logs","operator_id":"syslog_input_internal_parser","operator_type":"syslog_parser","error":"expecting a Stamp timestamp [col 5]","action":"send","stacktrace":"github.com/open-telemetry/opentelemetry-collector-contrib/pkg/stanza/operator/helper.(*TransformerOperator).HandleEntryError\n\tgithub.com/open-telemetry/opentelemetry-collector-contrib/pkg/stanza@v0.97.0/operator/helper/transformer.go:98\ngithub.com/open-telemetry/opentelemetry-collector-contrib/pkg/stanza/operator/helper.(*ParserOperator).ParseWith\n\tgithub.com/open-telemetry/opentelemetry-collector-contrib/pkg/stanza@v0.97.0/operator/helper/parser.go:140\ngithub.com/open-telemetry/opentelemetry-collector-contrib/pkg/stanza/operator/helper.(*ParserOperator).ProcessWithCallback\n\tgithub.com/open-telemetry/opentelemetry-collector-contrib/pkg/stanza@v0.97.0/operator/helper/parser.go:112\ngithub.com/open-telemetry/opentelemetry-collector-contrib/pkg/stanza/operator/parser/syslog.(*Parser).Process\n\tgithub.com/open-telemetry/opentelemetry-collector-contrib/pkg/stanza@v0.97.0/operator/parser/syslog/syslog.go:184\ngithub.com/open-telemetry/opentelemetry-collector-contrib/pkg/stanza/operator/helper.(*WriterOperator).Write\n\tgithub.com/open-telemetry/opentelemetry-collector-contrib/pkg/stanza@v0.97.0/operator/helper/writer.go:53\ngithub.com/open-telemetry/opentelemetry-collector-contrib/pkg/stanza/operator/input/tcp.(*Input).handleMessage\n\tgithub.com/open-telemetry/opentelemetry-collector-contrib/pkg/stanza@v0.97.0/operator/input/tcp/tcp.go:321\ngithub.com/open-telemetry/opentelemetry-collector-contrib/pkg/stanza/operator/input/tcp.(*Input).goHandleMessages.func1\n\tgithub.com/open-telemetry/opentelemetry-collector-contrib/pkg/stanza@v0.97.0/operator/input/tcp/tcp.go:282"}
{"level":"error","ts":1716980076.4130704,"caller":"helper/transformer.go:98","msg":"Failed to process entry","kind":"receiver","name":"syslog","data_type":"logs","operator_id":"syslog_input_internal_parser","operator_type":"syslog_parser","error":"expecting a Stamp timestamp [col 5]","action":"send","stacktrace":"github.com/open-telemetry/opentelemetry-collector-contrib/pkg/stanza/operator/helper.(*TransformerOperator).HandleEntryError\n\tgithub.com/open-telemetry/opentelemetry-collector-contrib/pkg/stanza@v0.97.0/operator/helper/transformer.go:98\ngithub.com/open-telemetry/opentelemetry-collector-contrib/pkg/stanza/operator/helper.(*ParserOperator).ParseWith\n\tgithub.com/open-telemetry/opentelemetry-collector-contrib/pkg/stanza@v0.97.0/operator/helper/parser.go:140\ngithub.com/open-telemetry/opentelemetry-collector-contrib/pkg/stanza/operator/helper.(*ParserOperator).ProcessWithCallback\n\tgithub.com/open-telemetry/opentelemetry-collector-contrib/pkg/stanza@v0.97.0/operator/helper/parser.go:112\ngithub.com/open-telemetry/opentelemetry-collector-contrib/pkg/stanza/operator/parser/syslog.(*Parser).Process\n\tgithub.com/open-telemetry/opentelemetry-collector-contrib/pkg/stanza@v0.97.0/operator/parser/syslog/syslog.go:184\ngithub.com/open-telemetry/opentelemetry-collector-contrib/pkg/stanza/operator/helper.(*WriterOperator).Write\n\tgithub.com/open-telemetry/opentelemetry-collector-contrib/pkg/stanza@v0.97.0/operator/helper/writer.go:53\ngithub.com/open-telemetry/opentelemetry-collector-contrib/pkg/stanza/operator/input/tcp.(*Input).handleMessage\n\tgithub.com/open-telemetry/opentelemetry-collector-contrib/pkg/stanza@v0.97.0/operator/input/tcp/tcp.go:321\ngithub.com/open-telemetry/opentelemetry-collector-contrib/pkg/stanza/operator/input/tcp.(*Input).goHandleMessages.func1\n\tgithub.com/open-telemetry/opentelemetry-collector-contrib/pkg/stanza@v0.97.0/operator/input/tcp/tcp.go:282"}

What version did you use?

  version: 0.82.0

What config did you use?

receivers:
  syslog:
    tcp:
      listen_address: '0.0.0.0:54527'
    protocol: RFC5424
    location: UTC 

Environment Openshift

(host)$ helm list
NAME                    NAMESPACE       REVISION        UPDATED                                 STATUS          CHART                   APP VERSION
otel-integration-ac95e  otel-monitoring 1               2024-05-29 09:33:10.348891722 +0000 UTC deployed        otel-integration-0.0.68

[github-actions[bot]]

Pinging code owners for receiver/syslog: @djaglowski @andrzej-stencel. See Adding Labels via Comments if you do not have permissions to add labels yourself.

[djaglowski]

Can you please share with us an example log which is failing to parse?

[massimilianocorsi]

Can you please share with us an example log which is failing to parse?

Hi, Unfortunately, I have not been able to identify which syslog is generating this error in the parser.