Re: Strange behavior with syslog parser with fluentd 0.14

[Mr. Fiber]

Hmm... Could you show me the raw messages from your syslog?

I want to check what is the difference between OK and NG.

Masahiro

On Thu, Aug 31, 2017 at 11:36 PM, Samuel Mutel <samuel...@gmail.com> wrote:

Hello,

I have setup a syslog input in fluentd 0.14 in order to receive syslog events from a java application using log4j.
Everything is working fine except a strange behavior on parsing.

In the log file we can see this log entry, the parsing is OK in this one. We can see that the message field is starting just after the extra data of the syslog event. Extra data is between [ and ].
2017-08-30 12:41:26.337000000 +0200 graylog2.local1.info: {"host":"rcentweb02","ident":"tibco-jmsagent","pid":"-","msgid":"-","extradata":"[JMS_VERSION=\"1.4.7\" JMS_JOBID=\"root@XX:1504089684183\"]","message":"2017-08-30 12:41:26 |INFO    | Send downtime commands has been processed successfully!","escaped_message":"2017-08-30 12:41:26 |INFO    | Send downtime commands has been processed successfully!"}

The log entry below is NOT OK. We can see that the extra data is not correctly parsed. The message is starting after second(s).
2017-08-30 12:41:26.337000000 +0200 graylog2.local1.info: {"host":"rcentweb02","ident":"tibco-jmsagent","pid":"-","msgid":"-","extradata":"[JMS_VERSION=\"1.4.7\" JMS_JOBID=\"root@XX:1504089684183\"] 2017-08-30 12:41:26 |SUCCESS | centreon_host_adddowntime.sh completed successfully!TOTO ( [2]","message":"second(s) )","escaped_message":"second(s) )"}

Thanks.
Regards.

--
You received this message because you are subscribed to the Google Groups "Fluentd Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fluentd+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.