Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tagging log messages #6

Closed
dra27 opened this issue Aug 11, 2018 · 1 comment
Closed

Tagging log messages #6

dra27 opened this issue Aug 11, 2018 · 1 comment

Comments

@dra27
Copy link
Contributor

dra27 commented Aug 11, 2018

This is related to verbosemode/syslog-message#18. While working on #5, I got caught in some of the evil which is systemd's journal.

On my (FWIW CentOS 7) box, UDP/TCP reporting was giving entries like:

Aug 11 09:20:26 ocamldefang application Hello syslog world!

You can see here Logs's default source of "application". According to RFC 3164, the space after application is sufficient to delimit it, but this is what happened when I switched to Unix domain sockets writing to /dev/log:

Aug 11 11:59:03 ocamldefang journal: ocamldefang application Hello syslog world!

As far as I can understand, what's happening is that because the message doesn't look like a syslog message (for two reasons), journald determines that its destined for it instead and so you get the unwanted ocamldefang journal: prefix (i.e. neither the hostname nor the tag of the actual message have been interpreted). It's not clear whether rsyslogd rejected it or whether journald didn't forward it, but I think this is journald at fault, since it owns the socket. It was at this point that I discovered that when sending on local sockets, the hostname is supposed to be omitted (that is in rsyslogd's documentation, and I expect in other implementations of syslogd?). But this still didn't work:

Aug 11 13:06:31 ocamldefang journal: application Hello syslog world!

The issue seems to be the lack of the usual colon after application. If I change the log source to be application:, then I get the entry expected:

Aug 11 15:01:05 ocamldefang application: Hello syslog world!

Note, for completeness, that if the hostname is sent, but the colon is added then you still get the journal: addition:

Aug 11 13:12:16 ocamldefang journal: ocamldefang application: Hello syslog world!

Which leads finally to the feature request - would it seem reasonable to have this library append a : to the log source if it doesn't end with a non-alphanumeric character?
@hannesm
Copy link
Owner

hannesm commented Aug 13, 2018

would it seem reasonable to have this library append a : to the log source if it doesn't end with a non-alphanumeric character?

that sounds reasonable to me! happy to merge a PR

dra27 added a commit to dra27/logs-syslog that referenced this issue Aug 14, 2018
@dra27
Ensure source always ends with colon
367bb4d 
Fixes hannesm#6.
@dra27 dra27 mentioned this issue Aug 14, 2018
Merged
hannesm added a commit to hannesm/opam-repository that referenced this issue Oct 27, 2018
@hannesm
[new release] logs-syslog (0.2.0)
b537e45 
CHANGES:

- support for syslog-message.1.0.0
  it split the `message` field of Syslog_message.t into `tag` and `content`
  use the name of Logs.src as tag when sending messages
- move build system to dune (hannesm/logs-syslog#10 by @dra27)
- provide Logs_syslog.facility Logs.Tag.def to specify facility in log
  message, add ?facility as default facility to all reporters (reported in hannesm/logs-syslog#7,
  fixed in hannesm/logs-syslog#9 by @dra27)
- append ':' to source (reported in hannesm/logs-syslog#6, fixed in hannesm/logs-syslog#8 by @dra27)
- add missing dependency on unix for logs-syslog.unix (hannesm/logs-syslog#4 by @dra27)
@hannesm hannesm mentioned this issue Oct 27, 2018
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hannesm @dra27