Check CONTRIBUTING guideline first and here is the list to help us investigate the problem.
Describe the bug
Sending empty logs to a syslog source results in a warning from Fluentd failed to parse message data.
To Reproduce
Log an echo with no parameters to Syslog. I am using the following docker-compose file to test:
version: '3'
services:
fluentd:
command: ["fluentd", "-c", "/etc/fluentd.conf"]
image: fluent/fluentd:v1.10.4-1.0
volumes:
- ./fluentd.conf:/etc/fluentd.conf
ports:
- 5140:5140/udp
test:
image: alpine
logging:
driver: syslog
options:
syslog-address: "udp://127.0.0.1:5140"
tag: test
syslog-format: rfc5424
depends_on:
- fluentddocker-compose up fluentd
docker-compose run test echo ""
docker-compose run test echo "hello fluentd"
Expected behavior
Parse the logs like so:
2020-05-18 19:14:05.000000000 +0000 syslog.docker.containers.daemon.info: {"host":"default","ident":"test","pid":"2139","msgid":"test","extradata":"-","message":""}
Your Environment
- Fluentd 1.10.4-1
- Operating system: MacOS 10.4, and Ubuntu 18.04:
NAME="Ubuntu"
VERSION="18.04.4 LTS (Bionic Beaver)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 18.04.4 LTS"
VERSION_ID="18.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=bionic
UBUNTU_CODENAME=bionic
- Kernel version:
4.15.0-1065-aws
Your Configuration
<source>
@type syslog
tag syslog.docker.containers
port 5140
protocol_type udp
<parse>
message_format rfc5424
</parse>
@log_level info
</source>
<match syslog.docker.containers.**>
@type stdout
</match>
Your Error Log
fluentd_1 | fluentd -c /etc/fluentd.conf
fluentd_1 | 2020-05-18 19:18:43 +0000 [info]: parsing config file is succeeded path="/etc/fluentd.conf"
fluentd_1 | 2020-05-18 19:18:43 +0000 [info]: gem 'fluentd' version '1.10.4'
fluentd_1 | 2020-05-18 19:18:44 +0000 [warn]: 'protocol_type' parameter is deprecated: use transport directive
fluentd_1 | 2020-05-18 19:18:44 +0000 [info]: using configuration file: <ROOT>
fluentd_1 | <source>
fluentd_1 | @type syslog
fluentd_1 | tag "syslog.docker.containers"
fluentd_1 | port 5140
fluentd_1 | protocol_type udp
fluentd_1 | emit_unmatched_lines false
fluentd_1 | @log_level "info"
fluentd_1 | <parse>
fluentd_1 | message_format rfc5424
fluentd_1 | </parse>
fluentd_1 | </source>
fluentd_1 | <match syslog.docker.containers.**>
fluentd_1 | @type stdout
fluentd_1 | </match>
fluentd_1 | </ROOT>
fluentd_1 | 2020-05-18 19:18:44 +0000 [info]: starting fluentd-1.10.4 pid=6 ruby="2.5.8"
fluentd_1 | 2020-05-18 19:18:44 +0000 [info]: spawn command to main: cmdline=["/usr/bin/ruby", "-Eascii-8bit:ascii-8bit", "/usr/bin/fluentd", "-c", "/etc/fluentd.conf", "-p", "/fluentd/plugins", "--under-supervisor"]
fluentd_1 | 2020-05-18 19:18:44 +0000 [info]: adding match pattern="syslog.docker.containers.**" type="stdout"
fluentd_1 | 2020-05-18 19:18:44 +0000 [info]: adding source type="syslog"
fluentd_1 | 2020-05-18 19:18:44 +0000 [warn]: #0 'protocol_type' parameter is deprecated: use transport directive
fluentd_1 | 2020-05-18 19:18:44 +0000 [info]: #0 starting fluentd worker pid=20 ppid=6 worker=0
fluentd_1 | 2020-05-18 19:18:44 +0000 [info]: #0 listening syslog socket on 0.0.0.0:5140 with udp
fluentd_1 | 2020-05-18 19:18:44 +0000 [info]: #0 fluentd worker is now running worker=0
fluentd_1 | 2020-05-18 19:18:52 +0000 [warn]: #0 failed to parse message data="<30>1 2020-05-18T19:18:52Z default test 2139 test - "
Additional context
Check CONTRIBUTING guideline first and here is the list to help us investigate the problem.
Describe the bug
Sending empty logs to a syslog source results in a warning from Fluentd
failed to parse message data.To Reproduce
Log an
echowith no parameters to Syslog. I am using the followingdocker-composefile to test:Expected behavior
Parse the logs like so:
Your Environment
4.15.0-1065-awsYour Configuration
Your Error Log
Additional context