New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add write_syslog output plugin #3019
Conversation
is there anything specific to rsyslog in your plugin? if not, |
a127ef2
to
03f7463
Compare
perhaps just "write_json" for a name? |
|
Taking back my comment about naming, it is pretty rsyslog specific as far as I understand. @faxm0dem general question - I see that across all plugins, every invocation with pthread_mutex_lock is ignoring the error that may return. Why is that? |
4bcf823
to
a1aa19d
Compare
Hi, @octo, @tokkee, @pyr I would really appreciate your review for this patch. |
First of all sorry for not answering your requests earlier. |
@faxm0dem Thank you for your review. The plugin send the metrics in CEE-enhanced Syslog message format. The syslog message part includes the metrics data in a json format. Rsyslog expects syslog messages. Having a simple Json or key-value format does is not handled well in Rsyslog. I used the following for structuring the data before the "msg": This is an example of a similar way we are using the messages that we get from Collectd: I believe this should work for syslog and syslog-ng as well. But I did not test. |
I can confirm syslog-ng can parse JSON and filter using the I therefore still think the plugin in its current form shouldn't be called
So IMHO in its current form it should be renamed to remove the rsyslog specifics, and for the rest I'm kindly asking for a second opinion :-) |
@faxm0dem First I really appreciate your review. Thank you. I need to emphasis that Only the msg part of the syslog message is Json. The first example here https://asylum.madhouse-project.org/blog/2013/07/29/json-howto/ for processing plain json records is not available in rsyslog. But having syslog message with the json as the "message" part of the syslog message will work for both rsyslog and syslog-ng. It needs a HEADER, PRI(combination of Facility and Severity), HOSTNAME, APP-NAME(collectd), PROCID(empty for now), MSGID, STRUCTURED-DATA(no need for now so left empty), MSG. These are the minimal values required for rsyslog to treat the message coming from Collectd as a syslog message.
Simple json will not work for the above. Rsyslog/syslog-ng/syslog expect a syslog message format.
If we have a generic tcp output with different messages to different outputs it can potentially work, but the code will be very complicated. The way that we build the message for rsyslog is not like for tsdb or graphite. Why do each of them have a different plugin? They both ship with tcp.
|
Thanks for clarifying. I agree on your analysis with respect to factorizing code. Now, that it's clear this plugin targets the syslog format, why bother using JSON as the mockup
In this case the plugin's name should be |
Json allows nesting and other abilities that structured data does not and for us it really simplified sending the data to elasticsearch. But, I can definitely add a variable that user can choose between json and structured data formats. What do you think @faxm0dem ? Thanks again for your comments and review. |
I guess three options would make it flexible:
FWIW when using syslog-ng for sending data to ES, in my example above |
Can you please explain what is he difference between the MessageFormat = "human" and EnableStructuredData= true ? Thanks!
I don't believe it is possible in Rsyslog... |
1d2a65b
to
9f12b91
Compare
@faxm0dem Please review my patch.
Not sure why we need the flag: |
I run contrib/format.sh src/write_syslog.c but there are no changes... |
my idea is that the user could choose to disable RFC5425 SDATA |
I'll be happy to implement but I don't understand hat do you mean by disabling RFC5425 SDATA? How will the message look like? |
On Sun, 20 Jan 2019 at 23:36, Shirly Radco ***@***.***> wrote:
I'll be happy to implement but I don't understand hat do you mean by
disabling RFC5425 SDATA? How will the message look like?
Can you please share an example? @faxm0dem <https://github.com/faxm0dem>
—
Why do we want to implement and support that? this is clearly out of our
scope, and we don't have enough time to cover this case.
Shirly implemented the syslog format, this is our MVP. Unless you say this
is a no-go, can we please continue with that?
You are receiving this because you were mentioned.
… Reply to this email directly, view it on GitHub
<#3019 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AEwcHOFsyspOsiuqud3cQtRKa7fUhzjzks5vFOFQgaJpZM4ZK1_f>
.
|
@faxm0dem Hi Fabien, Can we agree that this can later be added for other use cases if needed and approve this PR for now? |
src/collectd.conf.pod
Outdated
It implements the basic syslog protocol, extends it with | ||
content-based filtering, rich filtering capabilities, | ||
flexible configuration options and adds features such as using TCP for transport. | ||
The plugin can connect to a I<Syslog> daemon that will ingest metrics, transform and |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Perhaps give an example of such a daemon. Which daemons support this input? rsyslog, syslog-ng?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I can provide a simple syslog-ng config
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please...
I did another pass, and saw that you missed a few of my earlier comments. I'd rather you spend an hour refactoring this plugin before it hits the tree, there should never be a rush to get things in. |
ed517b2
to
1cd7e38
Compare
This patch adds an output plugin to send metrics as CEE-enhanced Syslog log messages by TCP . The syslog message includes the metrics data in human readable structured data format and in json format. It allows adding additional metedata. This plugin is based on the write_tsdb plugin. Signed-off-by: Shirly Radco <sradco@redhat.com>
sure thing I'll do that on Monday |
Sorry for the delay. Here's an example source config for syslog-ng. collectd config
syslog-ng config
|
To add this to the src/collectd.conf.pod ? @faxm0dem |
@rubenk what do you think? |
1 similar comment
Ruben, I believe, Shirly did the changes you requested? Is there anything else missing? |
LGTM
So again, LGTM as-is and can be merged for now as far as I'm humbly concerned :) |
This patch adds an output plugin to send metrics in CEE-enhanced Syslog message format by TCP .
The syslog message includes the metrics data in human readable, structured data or json format.
The plugin is based on the write_tsdb and the write_graphite plugins.
It allows adding additional metadata.
I plan to add to it the option to send the data also as unix socket.
An example of the record after it was received by Rsyslog:
Where
"ovirt": {"engine":"test","vm":"test2"}
is metadata.Configuration for this output plugin:
ChangeLog: Write Syslog plugin: "write_syslog" plugin writes values lists as syslog messages.
Signed-off-by: Shirly Radco sradco@redhat.com