Fluentd problems with logs from Juniper equipment
219 views
Skip to first unread message
Log muncher
Aug 13, 2014, 5:19:17 AM8/13/14
to flu...@googlegroups.com
Hi,
To save me a few hours of debugging, has anyone came across this sort of problem before where a piece of equipment sends syslog messages in a non-standard format that cause problems when fluentd tries to parse them ?
Thanks !
To save me a few hours of debugging, has anyone came across this sort of problem before where a piece of equipment sends syslog messages in a non-standard format that cause problems when fluentd tries to parse them ?
Thanks !
2014-08-13 10:13:03 +0100 [error]: "<190>K: NetScreen device_id=K [Root]system-information-00536: Rejected an IKE packet on ethernet0/8 from X:500 to Y:500 with cookies A and B because There were no acceptable Phase 1 proposals. (2014-08-13 09:13:02)\x00" error="invalid strptime format - `%b %d %H:%M:%S'"
2014-08-13 10:13:03 +0100 [error]: /usr/lib/ruby/1.9.1/time.rb:283:in `strptime'
2014-08-13 10:13:03 +0100 [error]: /var/lib/gems/1.9.1/gems/fluentd-0.10.52/lib/fluent/parser.rb:30:in `block in initialize'
2014-08-13 10:13:03 +0100 [error]: /var/lib/gems/1.9.1/gems/fluentd-0.10.52/lib/fluent/parser.rb:46:in `call'
2014-08-13 10:13:03 +0100 [error]: /var/lib/gems/1.9.1/gems/fluentd-0.10.52/lib/fluent/parser.rb:46:in `parse'
2014-08-13 10:13:03 +0100 [error]: /var/lib/gems/1.9.1/gems/fluentd-0.10.52/lib/fluent/parser.rb:520:in `block (2 levels) in call'
2014-08-13 10:13:03 +0100 [error]: <internal:prelude>:10:in `synchronize'
2014-08-13 10:13:03 +0100 [error]: /var/lib/gems/1.9.1/gems/fluentd-0.10.52/lib/fluent/parser.rb:520:in `block in call'
2014-08-13 10:13:03 +0100 [error]: /var/lib/gems/1.9.1/gems/fluentd-0.10.52/lib/fluent/parser.rb:514:in `each'
2014-08-13 10:13:03 +0100 [error]: /var/lib/gems/1.9.1/gems/fluentd-0.10.52/lib/fluent/parser.rb:514:in `call'
2014-08-13 10:13:03 +0100 [error]: /var/lib/gems/1.9.1/gems/fluentd-0.10.52/lib/fluent/plugin/in_syslog.rb:148:in `receive_data'
2014-08-13 10:13:03 +0100 [error]: /var/lib/gems/1.9.1/gems/fluentd-0.10.52/lib/fluent/plugin/socket_util.rb:28:in `call'
2014-08-13 10:13:03 +0100 [error]: /var/lib/gems/1.9.1/gems/fluentd-0.10.52/lib/fluent/plugin/socket_util.rb:28:in `on_readable'
2014-08-13 10:13:03 +0100 [error]: /var/lib/gems/1.9.1/gems/cool.io-1.2.4/lib/cool.io/io.rb:191:in `on_readable'
2014-08-13 10:13:03 +0100 [error]: /var/lib/gems/1.9.1/gems/cool.io-1.2.4/lib/cool.io/loop.rb:88:in `run_once'
2014-08-13 10:13:03 +0100 [error]: /var/lib/gems/1.9.1/gems/cool.io-1.2.4/lib/cool.io/loop.rb:88:in `run'
2014-08-13 10:13:03 +0100 [error]: /var/lib/gems/1.9.1/gems/fluentd-0.10.52/lib/fluent/plugin/in_syslog.rb:118:in `run'
Masahiro Nakagawa
Aug 13, 2014, 3:27:45 PM8/13/14
to flu...@googlegroups.com
Hi,
I don't know the detail of Juniper equipment but you can use format option to parse non-standard format.
See document: http://docs.fluentd.org/articles/in_syslog
And can test on fluentular: http://fluentular.herokuapp.com/
--
You received this message because you are subscribed to the Google Groups "Fluentd Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fluentd+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages