Issue while decoding syslog #195
Comments
|
Where is that output being captured from? If it is from an output plugin, it looks like it is using a Heka protobuf encoder you can switch to heka_debug for human readable output. You can also examine the internal queue using |
|
Thanks for your direction Trink.The output is being captured from input plugin.I got your message on switching the encoder.I will try this and revert back of I have any issues. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I had installed hindsight to parse the syslogs using lua modules(lpeg.sub_decoder_util and decoders.syslog).It reads the log and writes the decoded log in the output.Decoded log contains some junk characters as shown below.
Configuration:
filename = "file.lua"
input_filename = "syslog.log"
send_decode_failures = true
decoder_module = "decoders.syslog"
decoders_syslog = {
template = "%TIMESTAMP% %HOSTNAME% %syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%",
}
Input(syslog.log):
Feb 13 14:25:19 ubuntu sshd[7192]: Accepted publickey for foobar from 216.160.83.56 port 4242 ssh2
Output:
▒d▒e5J▒▒\H▒▒Mi▒▒▒▒▒Ѽ▒"
input.file2?Accepted publickey for foobar from 216.160.83.56 port 4242 ssh2@▒8JubuntuR
Please, help to fix.
The text was updated successfully, but these errors were encountered: