[syslog-ng] Some logs written, some are not
Jason Brown
jbrown at boxconsulting.net
Fri Jun 12 07:58:40 UTC 2020
It looks like the cause of the “Error processing log message: <-1>” was indeed the logback configuration. Changing the priority to something valid cleans up that error.
Unfortunately, it looks like that wasn’t the source of the problem. Digging in a little deeper, I’m seeing this message:
Jun 12 07:37:03 s_local at syslog syslog-ng[28873]: Syslog connection accepted; fd='19', client='AF_INET(10.13.97.36:49346)', local='AF_INET(0.0.0.0:514)'
Jun 12 07:37:03 s_local at syslog syslog-ng[28873]: internal() messages are looping back, preventing loop by suppressing all internal messages until the current message is processed; trigger-msg='Syslog connection accepted; fd=\'19\', client=\'AF_INET(10.13.97.36:49346)\', local=\'AF_INET(0.0.0.0:514)\'', first-suppressed-msg='>>>>>> filter rule evaluation begin; rule=\'f_auth\', location=\'/etc/syslog-ng/syslog-ng.conf:136:32\', msg=\'0x11c1bc0\’’
So I’m assuming it’s likely a flow control issue.
Jason
> On 9. Jun 2020, at 16:20, Jason Brown <jbrown at boxconsulting.net> wrote:
>
> Hi,
> The fact that it’s kubernetes is neither here nor there (I -think-). It’s effectively the same as n applications starting on n servers. What’s really weird is that logs are created some of the time.
>
> I’ll go dig through the logback config to see if I can find something. I’ll report any findings.
>
> Thanks again for the help,
>
> Jason
>
>> On 9. Jun 2020, at 16:14, Peter Czanik (pczanik) <Peter.Czanik at oneidentity.com <mailto:Peter.Czanik at oneidentity.com>> wrote:
>>
>> Hi,
>>
>> I have never used Kubernetes yet, so I don't know that part of the answer. Just that the error message included:
>>
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Setting value; name='MESSAGE', value='Error processing log message: <-1>Jun 9 11:23:47 testlogger-service-54956569bb-2c5wl testlogger: 2020-06-09 11:23:47,341 (main) INFO [c.b.s.r.s.TestLoggerServer] [trkId=] Server starting in Staging environment \x0a\x0a<-1>Jun 9 11:23:47 testlogger-service-54956569bb-2c5wl testlogger: 2020-06-09 11:23:47,346 (main) INFO [c.b.s.r.s.TestLoggerServer] [trkId=] Test log message \x0a\x0a>@<', msg='0x7f2af8003800'
>>
>> is resolved if you use a positive number of priority.
>>
>> Just another suspicion, as I don't code in Java or use logback: priority is composed from two different numbers, facility (like "mail") and level (like "info"). <-1> might be sent as an error value because you specify only one of those.
>>
>> Bye,
>>
>> Peter Czanik (CzP) <peter.czanik at oneidentity.com <mailto:peter.czanik at oneidentity.com>>
>> Balabit (a OneIdentity company) / syslog-ng upstream
>> https://syslog-ng.com/community/ <https://syslog-ng.com/community/>
>> https://twitter.com/PCzanik <https://twitter.com/PCzanik>
>> From: syslog-ng <syslog-ng-bounces at lists.balabit.hu <mailto:syslog-ng-bounces at lists.balabit.hu>> on behalf of Jason Brown <jbrown at boxconsulting.net <mailto:jbrown at boxconsulting.net>>
>> Sent: Tuesday, June 9, 2020 16:00
>> To: Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu <mailto:syslog-ng at lists.balabit.hu>>
>> Subject: Re: [syslog-ng] Some logs written, some are not
>>
>> CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.
>>
>> Thanks for the response, Peter. That reddit post was me :)
>>
>> I should have specified that the logger is a Java application using logback. Not sure how relevant this is. We are not sending a “-1’. Logback has the priority field set to “info”. This is the first line sent:
>>
>> 2020-06-09 12:09:36,134 (main) INFO [c.b.s.r.sTestLoggerServer] [trkId=] Server starting in Staging environment
>>
>> If priority is the issue, why would some pods create logs, while others do not?
>>
>> Thanks,
>> Jason
>>> On 9. Jun 2020, at 15:47, Peter Czanik (pczanik) <Peter.Czanik at oneidentity.com <mailto:Peter.Czanik at oneidentity.com>> wrote:
>>>
>>> Hi,
>>>
>>> A similar problem was just posted on Reddit (https://www.reddit.com/r/sysadmin/comments/gzl1f4/syslogng_dropping_some_tcpsourced_logs/ <https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.reddit.com%2Fr%2Fsysadmin%2Fcomments%2Fgzl1f4%2Fsyslogng_dropping_some_tcpsourced_logs%2F&data=02%7C01%7CPeter.Czanik%40oneidentity.com%7C589282067259439325f708d80c7d86c3%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637273080556671615&sdata=CcFkzQnHBFUg5MF44RVd%2BNsWEdmZyABQOl%2BmL3DB81s%3D&reserved=0>). So I did a quick test. I sent the log with <-1> and it was dropped with an error message by syslog-ng. Then I simply removed the minus sign: <1>..., and it worked perfectly. Make sure that the sending site does not try to use a negative number as priority (the number between <>).
>>>
>>> Bye,
>>>
>>> Peter Czanik (CzP) <peter.czanik at oneidentity.com <mailto:peter.czanik at oneidentity.com>>
>>> Balabit (a OneIdentity company) / syslog-ng upstream
>>> https://syslog-ng.com/community/ <https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsyslog-ng.com%2Fcommunity%2F&data=02%7C01%7CPeter.Czanik%40oneidentity.com%7C589282067259439325f708d80c7d86c3%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637273080556671615&sdata=m9RRlT%2FqHnyFjgdMLYvfvR7z%2By2kgPsV5Ahs%2FN1YhIM%3D&reserved=0>
>>> https://twitter.com/PCzanik <https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2FPCzanik&data=02%7C01%7CPeter.Czanik%40oneidentity.com%7C589282067259439325f708d80c7d86c3%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637273080556681572&sdata=8rqnRnxIyu%2Be7TYnwIrZtDBOryT7PNK5egMXsv%2Bii6M%3D&reserved=0>
>>> From: syslog-ng <syslog-ng-bounces at lists.balabit.hu <mailto:syslog-ng-bounces at lists.balabit.hu>> on behalf of Jason Brown <jbrown at boxconsulting.net <mailto:jbrown at boxconsulting.net>>
>>> Sent: Tuesday, June 9, 2020 15:40
>>> To: syslog-ng at lists.balabit.hu <mailto:syslog-ng at lists.balabit.hu> <syslog-ng at lists.balabit.hu <mailto:syslog-ng at lists.balabit.hu>>
>>> Subject: [syslog-ng] Some logs written, some are not
>>>
>>> CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.
>>>
>>>
>>> I’m hoping someone can help here, because I’m at my wits end.
>>>
>>> System info:
>>> syslog-ng OSE 3.27
>>> OS: CentOS 7.8 (though, I get similar results on Ubuntu 18.04)
>>>
>>> I have some kubernetes pods sending logs to a remote syslog-ng server. I have an issue where some logs are not being created. These are specifically received via TCP. I can see the message inbound by doing a packet capture, but nothing is written. One of the messages that stands out is:
>>> "Error processing message <-1>"
>>>
>>> Here is my scenario:
>>>
>>> Start a deployment with 3 pods:
>>> Pod1: log created on syslog-ng server: /data/2020/06/09/pod1/logs/app.log
>>> Pod2: nothing
>>> Pod3: nothing
>>>
>>> Delete and deploy again:
>>> Pod1: log created on syslog-ng server: /data/2020/06/09/pod1/logs/app.log
>>> Pod2: log created on syslog-ng server: /data/2020/06/09/pod2/logs/app.log
>>> Pod3: nothing
>>>
>>> Delete and deploy again:
>>> Pod1: nothing
>>> Pod2: nothing
>>> Pod3: nothing
>>>
>>> There seems to be no pattern. The pods that log, do so successfully. All pods should be logging the same exact date except for timestamps and the pod name.
>>> A packet capture shows healthy traffic inbound, with no errors, even from the pods that are not logging.
>>> The only indication of an issue is the trace log. Here’s an example from one of the non-writing pods, with a message id “0x7f2af8003800” :
>>>
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Initial message parsing follows;
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Setting value; name='PROGRAM', value='testlogger', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Setting value; name='LEGACY_MSGHDR', value='testlogger: ', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Setting value; name='HOST', value='testlogger-service-54956569bb-kqsjs', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Setting value; name='MESSAGE', value='2020-06-09 11:23:47,295 (main) INFO [c.b.s.r.s.TestLoggerServer] [trkId=] Server starting in Staging environment ', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Setting value; name='HOST_FROM', value='10.13.143.181', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Setting value; name='SOURCE', value='s_tcp_net_514', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Requesting flow control; location='/etc/syslog-ng/syslog-ng.conf:147:32'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_local7', location='/etc/syslog-ng/syslog-ng.conf:147:32', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: facility() evaluation started; fac='20', valid_fac='00800000', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_local7', location='/etc/syslog-ng/syslog-ng.conf:147:32', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Requesting flow control; location='/etc/syslog-ng/syslog-ng.conf:146:32'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_local6', location='/etc/syslog-ng/syslog-ng.conf:146:32', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: facility() evaluation started; fac='20', valid_fac='00400000', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_local6', location='/etc/syslog-ng/syslog-ng.conf:146:32', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Requesting flow control; location='/etc/syslog-ng/syslog-ng.conf:145:32'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_local5', location='/etc/syslog-ng/syslog-ng.conf:145:32', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: facility() evaluation started; fac='20', valid_fac='00200000', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_local5', location='/etc/syslog-ng/syslog-ng.conf:145:32', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Requesting flow control; location='/etc/syslog-ng/syslog-ng.conf:142:32'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_local2', location='/etc/syslog-ng/syslog-ng.conf:142:32', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: facility() evaluation started; fac='20', valid_fac='00040000', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_local2', location='/etc/syslog-ng/syslog-ng.conf:142:32', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Requesting flow control; location='/etc/syslog-ng/syslog-ng.conf:141:32'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_local1', location='/etc/syslog-ng/syslog-ng.conf:141:32', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: facility() evaluation started; fac='20', valid_fac='00020000', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_local1', location='/etc/syslog-ng/syslog-ng.conf:141:32', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Requesting flow control; location='/etc/syslog-ng/syslog-ng.conf:144:32'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_local4', location='/etc/syslog-ng/syslog-ng.conf:144:32', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: facility() evaluation started; fac='20', valid_fac='00100000', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: severity() evaluation started; pri='6', valid_pri='000000ff', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> rewrite rule evaluation begin; rule='r_newlines', location='/etc/syslog-ng/syslog-ng.conf:186:5', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Message was cloned; original_msg='0x7f2af8003800', new_msg='0x7f2af8004830'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Performing subst() rewrite failed, pattern did not match; rule='r_newlines', value='MESSAGE', input='2020-06-09 11:23:47,295 (main) INFO [c.b.s.r.s.TestLoggerServer] [trkId=] Server starting in Staging environment ', type='(null)', pattern='u2028', replacement='\x0a', location='/etc/syslog-ng/syslog-ng.conf:186:5’
>>>
>>>
>>> Further down in the log, I see:
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Initial message parsing follows;
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Setting value; name='HOST', value='', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Setting value; name='MESSAGE', value='Error processing log message: <-1>Jun 9 11:23:47 testlogger-service-54956569bb-2c5wl testlogger: 2020-06-09 11:23:47,341 (main) INFO [c.b.s.r.s.TestLoggerServer] [trkId=] Server starting in Staging environment \x0a\x0a<-1>Jun 9 11:23:47 testlogger-service-54956569bb-2c5wl testlogger: 2020-06-09 11:23:47,346 (main) INFO [c.b.s.r.s.TestLoggerServer] [trkId=] Test log message \x0a\x0a>@<', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Setting value; name='PROGRAM', value='syslog-ng', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Setting value; name='PID', value='28873', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Setting value; name='HOST_FROM', value='10.13.98.167', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Setting value; name='HOST', value='10.13.98.167/10.13.98.167', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Setting value; name='SOURCE', value='s_tcp_net_514', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Requesting flow control; location='/etc/syslog-ng/syslog-ng.conf:147:32'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_local7', location='/etc/syslog-ng/syslog-ng.conf:147:32', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: facility() evaluation started; fac='5', valid_fac='00800000', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_local7', location='/etc/syslog-ng/syslog-ng.conf:147:32', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Requesting flow control; location='/etc/syslog-ng/syslog-ng.conf:146:32'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_local6', location='/etc/syslog-ng/syslog-ng.conf:146:32', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: facility() evaluation started; fac='5', valid_fac='00400000', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_local6', location='/etc/syslog-ng/syslog-ng.conf:146:32', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Requesting flow control; location='/etc/syslog-ng/syslog-ng.conf:145:32'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_local5', location='/etc/syslog-ng/syslog-ng.conf:145:32', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: facility() evaluation started; fac='5', valid_fac='00200000', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_local5', location='/etc/syslog-ng/syslog-ng.conf:145:32', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Requesting flow control; location='/etc/syslog-ng/syslog-ng.conf:142:32'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_local2', location='/etc/syslog-ng/syslog-ng.conf:142:32', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: facility() evaluation started; fac='5', valid_fac='00040000', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_local2', location='/etc/syslog-ng/syslog-ng.conf:142:32', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Requesting flow control; location='/etc/syslog-ng/syslog-ng.conf:141:32'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_local1', location='/etc/syslog-ng/syslog-ng.conf:141:32', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: facility() evaluation started; fac='5', valid_fac='00020000', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_local1', location='/etc/syslog-ng/syslog-ng.conf:141:32', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Requesting flow control; location='/etc/syslog-ng/syslog-ng.conf:144:32'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_local4', location='/etc/syslog-ng/syslog-ng.conf:144:32', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: facility() evaluation started; fac='5', valid_fac='00100000', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_local4', location='/etc/syslog-ng/syslog-ng.conf:144:32', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Requesting flow control; location='/etc/syslog-ng/syslog-ng.conf:143:32'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_local3', location='/etc/syslog-ng/syslog-ng.conf:143:32', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: facility() evaluation started; fac='5', valid_fac='00080000', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_local3', location='/etc/syslog-ng/syslog-ng.conf:143:32', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_loggen', location='/etc/syslog-ng/syslog-ng.conf:97:22', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: match() evaluation started; input='syslog-ng', pattern='.*[.]000', value='PROGRAM', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_loggen', location='/etc/syslog-ng/syslog-ng.conf:97:22', msg='0x7f2af8003800'
>>>
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Initial message parsing follows;
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Setting value; name='HOST', value='', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Setting value; name='MESSAGE', value='Error processing log message: <-1>Jun 9 11:23:47 testlogger-service-54956569bb-2c5wl testlogger: 2020-06-09 11:23:47,346 (main) INFO [c.b.s.r.s.TestLoggerServer] [trkId=] Test log message \x0a\x0a>@<\x0a<-1>Jun 9 11:23:47 testlogger-service-54956569bb-2c5wl testlogger: 2020-06-09 11:23:47,346 (main) INFO [c.b.s.r.s.TestLoggerServer] [trkId=] Test log message ', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Setting value; name='PROGRAM', value='syslog-ng', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Setting value; name='PID', value='28873', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Setting value; name='HOST_FROM', value='10.13.98.167', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Setting value; name='HOST', value='10.13.98.167/10.13.98.167', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Setting value; name='SOURCE', value='s_tcp_net_514', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Requesting flow control; location='/etc/syslog-ng/syslog-ng.conf:147:32'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_local7', location='/etc/syslog-ng/syslog-ng.conf:147:32', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: facility() evaluation started; fac='5', valid_fac='00800000', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_local7', location='/etc/syslog-ng/syslog-ng.conf:147:32', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Requesting flow control; location='/etc/syslog-ng/syslog-ng.conf:146:32'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_local6', location='/etc/syslog-ng/syslog-ng.conf:146:32', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: facility() evaluation started; fac='5', valid_fac='00400000', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_local6', location='/etc/syslog-ng/syslog-ng.conf:146:32', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Requesting flow control; location='/etc/syslog-ng/syslog-ng.conf:145:32'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_local5', location='/etc/syslog-ng/syslog-ng.conf:145:32', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: facility() evaluation started; fac='5', valid_fac='00200000', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_local5', location='/etc/syslog-ng/syslog-ng.conf:145:32', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Requesting flow control; location='/etc/syslog-ng/syslog-ng.conf:142:32'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_local2', location='/etc/syslog-ng/syslog-ng.conf:142:32', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: facility() evaluation started; fac='5', valid_fac='00040000', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_local2', location='/etc/syslog-ng/syslog-ng.conf:142:32', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Requesting flow control; location='/etc/syslog-ng/syslog-ng.conf:141:32'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_local1', location='/etc/syslog-ng/syslog-ng.conf:141:32', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: facility() evaluation started; fac='5', valid_fac='00020000', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_local1', location='/etc/syslog-ng/syslog-ng.conf:141:32', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Requesting flow control; location='/etc/syslog-ng/syslog-ng.conf:144:32'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_local4', location='/etc/syslog-ng/syslog-ng.conf:144:32', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: facility() evaluation started; fac='5', valid_fac='00100000', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_local4', location='/etc/syslog-ng/syslog-ng.conf:144:32', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Requesting flow control; location='/etc/syslog-ng/syslog-ng.conf:143:32'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_local3', location='/etc/syslog-ng/syslog-ng.conf:143:32', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: facility() evaluation started; fac='5', valid_fac='00080000', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_local3', location='/etc/syslog-ng/syslog-ng.conf:143:32', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_loggen', location='/etc/syslog-ng/syslog-ng.conf:97:22', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: match() evaluation started; input='syslog-ng', pattern='.*[.]000', value='PROGRAM', msg='0x7f2af8003800'
>>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_loggen', location='/etc/syslog-ng/syslog-ng.conf:97:22', msg='0x7f2af8003800'
>>>
>>>
>>> Any help would be greatly appreciated.
>>>
>>> Thank you,
>>> Jason
>>>
>>> ______________________________________________________________________________
>>> Member info: https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=02%7C01%7CPeter.Czanik%40oneidentity.com%7Cb44aaefd475f46061ff208d80c7abb2f%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637273068575163388&sdata=7yJs4GRtKjFR0SNFxhXEa6jlCF8zEqUj8%2B6IU2U5uJE%3D&reserved=0 <https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=02%7C01%7CPeter.Czanik%40oneidentity.com%7C589282067259439325f708d80c7d86c3%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637273080556681572&sdata=2j6perQkx4E3lPEk6kqrrStrbukd2NHGbtT2k%2B%2FKuM4%3D&reserved=0>
>>> Documentation: https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=02%7C01%7CPeter.Czanik%40oneidentity.com%7Cb44aaefd475f46061ff208d80c7abb2f%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637273068575163388&sdata=fusHd74hogFKcYraC2j1sx90mmj7UAD%2FAy3y6cZ%2BR%2Fs%3D&reserved=0 <https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=02%7C01%7CPeter.Czanik%40oneidentity.com%7C589282067259439325f708d80c7d86c3%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637273080556691527&sdata=vqJXbY04zvy%2BLY4fg9neALm68HgY1YfRq8xkvLm8Rok%3D&reserved=0>
>>> FAQ: https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=02%7C01%7CPeter.Czanik%40oneidentity.com%7Cb44aaefd475f46061ff208d80c7abb2f%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637273068575163388&sdata=9HT%2BQYiSTckuBAU2Q%2F6whDB%2BwYNnfq3xtCG0gSMVU%2B0%3D&reserved=0 <https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=02%7C01%7CPeter.Czanik%40oneidentity.com%7C589282067259439325f708d80c7d86c3%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637273080556691527&sdata=%2BTy4a6pl5jEKRQY5PXz%2BFTKQX3Hv8uJgA%2F0Eh4ZrFVs%3D&reserved=0>
>>>
>>> ______________________________________________________________________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng <https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=02%7C01%7CPeter.Czanik%40oneidentity.com%7C589282067259439325f708d80c7d86c3%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637273080556701484&sdata=Tl68X3wApyRZGPfnxgARSulj6x6j0QACN%2Fzvt8rEgic%3D&reserved=0>
>>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng <https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=02%7C01%7CPeter.Czanik%40oneidentity.com%7C589282067259439325f708d80c7d86c3%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637273080556701484&sdata=kdsCQ0%2F0R4F4k%2B32bJghFzAyJm8B1VUeP8sFBD4KKQI%3D&reserved=0>
>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq <https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=02%7C01%7CPeter.Czanik%40oneidentity.com%7C589282067259439325f708d80c7d86c3%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637273080556711442&sdata=EsRLqlrq1bHDYnmgoQTgPX4XLf8WCxQc9wkHpjwdPkY%3D&reserved=0>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng <https://lists.balabit.hu/mailman/listinfo/syslog-ng>
>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng <http://www.balabit.com/support/documentation/?product=syslog-ng>
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq <http://www.balabit.com/wiki/syslog-ng-faq>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20200612/0bd1bf51/attachment-0001.html>
More information about the syslog-ng
mailing list