search

open-telemetry / opentelemetry-collector-contrib

Contrib repository for the OpenTelemetry Collector
https://opentelemetry.io
Apache License 2.0
3.07k stars 2.37k forks source link

receiver/otlp to exporter/syslog not delivering expected output #35317

Open bluestripe opened 1 month ago

bluestripe commented 1 month ago

Component(s)

exporter/syslog

What happened?

Description

When trying to export otlp log messages to syslog, the resulting message on the syslog end only contains the timestamp from the otlp message. The "message" and the "priority" do not get picked up.

Steps to reproduce

Run docker compose command:

docker compose --project-name syslog-issue up --detach && docker exec syslog-ng bash -c 'chown -R abc:abc /var/log'

with the following docker-compose.yml:

services:

  otel-collector:
    command: ["--config=/conf/config.yaml"]
    configs:
      - source: otel-config
        target: /conf/config.yaml
    container_name: otel-collector
    image: otel/opentelemetry-collector-contrib:0.109.0
    networks:
      log-net:
        ipv4_address: 172.19.0.2
    ports:
      - 4318:4318
    restart: unless-stopped

  syslog-server:
    container_name: syslog-ng
    image: lscr.io/linuxserver/syslog-ng:4.7.1
    networks:
      log-net:
        ipv4_address: 172.19.0.3
    ports:
      - 6601:6601/tcp
    restart: unless-stopped

networks:
  log-net:
    driver: bridge
    ipam:
      config:
        - subnet: 172.19.0.0/24
          gateway: 172.19.0.1

configs:
  otel-config:
    content: |
      receivers:
        otlp:
          protocols:
            http:
              endpoint: 172.19.0.2:4318

      exporters:
        debug:
          verbosity: detailed
        syslog:
          endpoint: 172.19.0.3
          network: tcp
          port: 6601
          protocol: rfc5424
          tls:
            insecure: true
          enable_octet_counting: true

      processors:
        batch:

      service:
        telemetry:
          logs:
            level: "debug"
        pipelines:
          logs:
            receivers: [otlp]
            processors: [batch]
            exporters: [debug,syslog]

Watch incoming message as it has been sent by the otel-collector from the syslog-ng container:

docker exec syslog-ng bash -c 'apk add tcpdump && tcpdump -A -nnn tcp and host 172.19.0.2'

Use curl to send an otlp message to the collector from the docker host:

curl -X POST -H "Content-Type: application/json" -d @logs.json -i localhost:4318/v1/logs

With below content for logs.json:

{"resourceLogs":[{"scopeLogs":[{"logRecords":[{"timeUnixNano":"1544712660300000000","observedTimeUnixNano":"1544712660300000000","severityNumber":9,"severityText":"info","body":{"stringValue":"Example log record"}}]}]}]}

Expected result

<9>1 2018-12-13T14:51:00.3Z - - - - - Example log record

Actual result

<165>1 2018-12-13T14:51:00.3Z - - - - -

The timestamp is picked up from the otel log entry. Two places where this result deviates from expectations:

Is this by design, or is this exporter/syslog not working as intended?

Workaround

By adding a transform to the otel-collector configuration, the expected result can be achived:

...
processors:
  batch:
  transform/syslog:
    log_statements:
      - context: log
        statements:
          - set(attributes["message"], body)
          - set(attributes["priority"], severity_number)

service:
  telemetry:
    logs:
      level: "debug"
  pipelines:
    logs:
      receivers: [otlp]
      processors: [transform/syslog,batch]
      exporters: [debug,syslog]

Which now renders the result as expected:

<9>1 2018-12-13T14:51:00.3Z - - - - - Example log record

Is this as expected, and should a transformation for all expected attributes always be added?

Collector version

0.109.0

Environment information

Environment

Docker desktop 4.33.0 (160616) on MacOS X 15.0

OpenTelemetry Collector configuration

receivers:
  otlp:
    protocols:
      http:
        endpoint: 172.19.0.2:4318

exporters:
  debug:
    verbosity: detailed
  syslog:
    endpoint: 172.19.0.3
    network: tcp
    port: 6601
    protocol: rfc5424
    tls:
      insecure: true
    enable_octet_counting: true

processors:
  batch:

service:
  telemetry:
    logs:
      level: "debug"
  pipelines:
    logs:
      receivers: [otlp]
      processors: [batch]
      exporters: [debug,syslog]

Log output

2024-09-20T10:51:47.230Z    info    service@v0.109.0/service.go:129 Setting up own telemetry...
2024-09-20T10:51:47.230Z    warn    service@v0.109.0/service.go:196 service::telemetry::metrics::address is being deprecated in favor of service::telemetry::metrics::readers
2024-09-20T10:51:47.230Z    info    service@v0.109.0/telemetry.go:98    Serving metrics {"address": ":8888", "metrics level": "Normal"}
2024-09-20T10:51:47.230Z    info    builders/builders.go:26 Development component. May change in the future.{"kind": "exporter", "data_type": "logs", "name": "debug"}
2024-09-20T10:51:47.230Z    debug   builders/builders.go:24 Alpha component. May change in the future.  {"kind": "exporter", "data_type": "logs", "name": "syslog"}
2024-09-20T10:51:47.230Z    info    syslogexporter@v0.109.0/exporter.go:45  Syslog Exporter configured  {"kind": "exporter", "data_type": "logs", "name": "syslog", "endpoint": "172.19.0.3", "protocol": "rfc5424", "network": "tcp", "port": 6601}
2024-09-20T10:51:47.230Z    debug   builders/builders.go:24 Beta component. May change in the future.   {"kind": "processor", "name": "batch", "pipeline": "logs"}
2024-09-20T10:51:47.230Z    debug   builders/builders.go:24 Beta component. May change in the future.   {"kind": "receiver", "name": "otlp", "data_type": "logs"}
2024-09-20T10:51:47.231Z    info    service@v0.109.0/service.go:213 Starting otelcol-contrib... {"Version": "0.109.0", "NumCPU": 10}
2024-09-20T10:51:47.231Z    info    extensions/extensions.go:39 Starting extensions...
2024-09-20T10:51:47.231Z    info    otlpreceiver@v0.109.0/otlp.go:153   Starting HTTP server    {"kind": "receiver", "name": "otlp", "data_type": "logs", "endpoint": "172.19.0.2:4318"}
2024-09-20T10:51:47.231Z    info    service@v0.109.0/service.go:239 Everything is ready. Begin running and processing data.
2024-09-20T10:51:47.231Z    info    localhostgate/featuregate.go:63 The default endpoints for all servers in components have changed to use localhost instead of 0.0.0.0. Disable the feature gate to temporarily revert to the previous default.   {"feature gate ID": "component.UseLocalHostAsDefaultHost"}
2024/09/20 10:52:00 http: superfluous response.WriteHeader call from go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/request.(*RespWriterWrapper).writeHeader (resp_writer_wrapper.go:78)
2024-09-20T10:52:01.056Z    info    LogsExporter    {"kind": "exporter", "data_type": "logs", "name": "debug", "resource logs": 1, "log records": 1}
2024-09-20T10:52:01.057Z    info    ResourceLog #0
Resource SchemaURL:
ScopeLogs #0
ScopeLogs SchemaURL:
InstrumentationScope
LogRecord #0
ObservedTimestamp: 2018-12-13 14:51:00.3 +0000 UTC
Timestamp: 2018-12-13 14:51:00.3 +0000 UTC
SeverityText: info
SeverityNumber: Info(9)
Body: Str(Example log record)
Trace ID:
Span ID:
Flags: 0
    {"kind": "exporter", "data_type": "logs", "name": "debug"}

Additional context

No response

github-actions[bot] commented 1 month ago

Pinging code owners: