in_syslog cannot handle custom-formatted syslogs that do not start with <pri>

[kiyoto]

in_syslog has two parsing logics:

1. If a format parameter is provided, then it parses the leading and uses the provided format for the rest of the message.
2. If no format parameter is provided, it uses the default syslog message format, which also starts with <pri>.

This means that in_syslog barfs if the incoming message does not start with <pri>. This may happen if the user has custom syslog format that does not start with <pri>.

Should in_syslog support this? Or should it be in_forward?

[repeatedly]

I don't want to add new functionality to in_foward because it cause the inconsistency with out_forward.

I have two ideas:

• Support without_priority like option in in_syslog
• Add new in_udp / in_tcp or in_transport like plugin to support arbitrary udp / tcp event

In general, in_udp / in_tcp plugin useful for other logging mechanizm.
For example, Netflow sends own format with udp / tcp protocol.

[kiyoto]

I agree with you on in_/out_forward. They should be primarily for Fluentd-to-Fluentd.
I like your second idea better.

[repeatedly]

I'm considering which is better separating protocol or setting protocol via options.

<source>
  type udp
  format /.../
</source>

or

<source>
  type event # or better name
  protocol_type udp # or tcp or unix?
</source>

I think former case is good for users. it is clear plugin name.

[kiyoto]

If no one is using in_tcp anymore, I personally think the first one is better: I think "type <protocol_type>" is always more clear than "type ".

[repeatedly]

Merged #368. So I closed this issue.

[kiyoto]

👍