expecting a version value in the range 1-999 [col 5] #4687
Comments
|
Can you capture a syslog message? It might be a bit different with docker container but it should be something along the lines of: |
|
There is a good change this is the same issue as #4593, but we will be able tell from the packet capture. |
|
Hi, |
|
Here is the packet capture. As I was expecting, there is no version between the priority field and the date. |
|
I have the same issue with Telegraf v1.7.3 Sample packet below. |
|
Both captures are in RFC3164 format, you can quickly because the log time is not in RFC3339 format. I will add some additional documentation around this issue but please watch #4593 for the latest updates on adding support. You might also be able to use the workaround in that issue, using rsyslog to perform the conversion. |
|
Haha that's a good point! I will forward the info the the manufacturer so he modifies it's datasheet or code! I will follow your yread for sure! Thanks for the help. |
|
A parser for RFC3164 is in the making but not top priority right now. A branch living here https://github.com/influxdata/go-syslog/tree/feature/rfc3164 exists. @danielnelson should this be closed for now? |
russorat
added
the
docs
|
I added a little blurb about RFC 3164 support. We will keep #4593 open as a feature request until we have support. https://github.com/influxdata/telegraf/tree/master/plugins/inputs/syslog#rfc3164 |
Could you give me a hint for adopting rfc3164 syslog message? I don't understand "You can use rsyslog to translate RFC3164 syslog messages into RFC5424 format." |
|
RSYSLOG is a popular syslog daemon which comes preinstalled on all major Linux distributions, it will accept syslog messages in RFC3164 format and can relay them to Telegraf in RFC5424 format. Check the readme for this plugin for some info about configuring rsyslog -> Telegraf communication. |
|
By chance I just posted a blog post about the setup of the telegraf syslog input plugin with rsyslog. It presents the whole setup (with companion code) but if you are only interested in rsyslog and its scripting/configuration probably you can jump to the appendix of the blog post. |
thank you so much, but i try translation forwarding but some log seems not convert to new format. So. I decided make my own version to accept old syslog format! |
I also don't understand "You can use rsyslog to translate RFC3164 syslog messages into RFC5424 format.". The blog post linked by leodido doesn't seem to adress this issue, and in the readme of the plugin it states how to configure forwarding, but not translation. A resource where the translation is examplified would be very useful. I imagine creating a rsyslog TCP input, ... but then? |
|
@phromo The translation between formats should happen as part of the rsyslog forwarding. Could you open a new issue requesting documentation for this setup? |
Relevant telegraf.conf:
[[inputs.syslog]]
server = "udp://:6514"
System info:
CentOS 7 with official Docker container 1.7.4
Syslog messages sent from a network switch.
Actual behavior:
Receive the following error message everytime telegraf receives a syslog message:
E! Error in plugin [inputs.syslog]: expecting a version value in the range 1-999 [col 5]
The text was updated successfully, but these errors were encountered: