NX Logs Parsing | WARNING
42 views
Skip to first unread message
Mazhar Hasan
Jun 12, 2018, 5:47:30 PM6/12/18
to Fluentd Google Group
I have the following configuration done for ingesting data from UDP port 516
######
<source>
@type syslog
port 516
bind 0.0.0.0
tag fluent
<parse>
message_format rfc5424
</parse>
</source>
######
And I am writing to a file on the disk,
######
<match fluent.**>
@type file
path C:\syslogout\fluentd
</match>
######
I observe lots of WARNINGS in my output file,
----------------
2018-06-12T09:42:08+00:00 fluent.warn {"data":"<142>2018-06-12 02:42:08 Local1.Info B37-4247-RI13-A7508-DIST2 2018-06-12T02:42:08.417766-07:00 B37-4247-RI13-A7508-DIST2 Acl: %ACL-6-IPACCESS: egress list NoInternetTo Ethernet5/36/1 denied tcp 0.0..0.1 (61515) -> 131.253.61.70(443)","message":"failed to parse message data=\"<142>2018-06-12 02:42:08 Local1.Info B37-4247-RI13-A7508-DIST2 2018-06-12T02:42:08.417766-07:00 B37-4247-RI13-A7508-DIST2 Acl: %ACL-6-IPACCESS: egress list NoInternetTo Ethernet5/36/1 denied tcp 0.0.0.1(61515) -> 131.253.61.70(443)\""}
----------------
I know I am missing something, can I please get an help.
`Mazhar
Mr. Fiber
Jun 12, 2018, 5:51:20 PM6/12/18
to Fluentd Google Group
Your syslog message is not rfc5424 spec: https://docs.fluentd.org/v1.0/articles/parser_syslog#example
Masahiro
--
You received this message because you are subscribed to the Google Groups "Fluentd Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fluentd+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Mazhar Hasan
Jun 13, 2018, 12:38:06 AM6/13/18
to Fluentd Google Group
I tried to change the parse parameter
<parse>
message_format rfc3164
</parse>
I am observing TimeParser Errors now in the output log file
----
error_class=Fluent::TimeParser::TimeParseError error=\"invalid time format: value
---
Need your assistance
To unsubscribe from this group and stop receiving emails from it, send an email to fluentd+u...@googlegroups.com.
Mazhar Hasan
Jun 13, 2018, 3:29:48 AM6/13/18
to Fluentd Google Group
I have fixed the error and this was done by defining another parameter for time format and it looks like,
---
<parse>
message_format rfc3164
time_format %Y-%m-%d %H:%M:%S
</parse>
---
//Mazhar
//Mazhar
Reply all
Reply to author
Forward
0 new messages