Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

in_syslog with haproxy and nginx #292

Closed
git001 opened this issue Jun 11, 2017 · 4 comments
Closed

in_syslog with haproxy and nginx #292

git001 opened this issue Jun 11, 2017 · 4 comments
Assignees
@edsiper
Labels
enhancement Implemented

Comments

@git001
Copy link
Contributor

git001 commented Jun 11, 2017

I have tried the following command.

bin/fluent-bit -R ../conf/parsers.conf -i syslog -p path=/tmp/syslog -p parser=syslog -o stdout --verbose               Fluent-Bit v0.12.0
Copyright (C) Treasure Data

[2017/06/11 00:05:00] [ info] [engine] started
[2017/06/11 00:05:00] [debug] [router] default match rule syslog.0:stdout.0

Now I have started and stopped haproxy and afterwords started and stopped nginx.

Both servers have complained about syslog protocol.

[ALERT] 161/000719 (9457) : sendto logger #1 failed: Protocol wrong type for socket (errno=91)
[ALERT] 161/000719 (9457) : sendto logger #1 failed: Protocol wrong type for socket (errno=91)
[ALERT] 161/000719 (9457) : sendto logger #1 failed: Protocol wrong type for socket (errno=91)

Jun 11 00:05:36 centos-512mb-fra1-01 nginx[9442]: nginx: [alert] connect() failed (91: Protocol wrong type for socket)
Jun 11 00:05:36 centos-512mb-fra1-01 nginx[9442]: nginx: [alert] connect() failed (91: Protocol wrong type for socket)
Jun 11 00:05:36 centos-512mb-fra1-01 nginx[9442]: nginx: [alert] connect() failed (91: Protocol wrong type for socket)
Jun 11 00:05:36 centos-512mb-fra1-01 nginx[9442]: nginx: [alert] connect() failed (91: Protocol wrong type for socket)
Jun 11 00:05:36 centos-512mb-fra1-01 nginx[9442]: nginx: [alert] connect() failed (91: Protocol wrong type for socket)

I have looked into the source of rsyslog and they inizialize the socket differnt

rsyslog

https://github.com/rsyslog/rsyslog/blob/master/plugins/imuxsock/imuxsock.c#L486
https://github.com/rsyslog/rsyslog/blob/master/plugins/imuxsock/imuxsock.c#L502

fluent-bit

https://github.com/fluent/fluent-bit/blob/master/plugins/in_syslog/syslog_unix.c#L41
https://github.com/fluent/fluent-bit/blob/master/src/flb_network.c#L178

Due to this fact I assume that in fluent-bit the socket need to be opened in a different way as it is for today
@edsiper
Copy link
Member

edsiper commented Jun 12, 2017

research: Fluent Bit is using SOCK_STREAM sockets while Nginx and HAProxy SOCK_DGRAM.

@edsiper
Copy link
Member

edsiper commented Jun 15, 2017

In GIT master there are recent changes to address this problem on in_syslog

  • now it defaults to UDP mode over unix socket mode
  • new option mode to set desired protocol: unix_udp or unix_tcp

In the next days normal TCP mode will be implemented.

@edsiper edsiper self-assigned this Jun 15, 2017
git001 referenced this issue Jun 15, 2017
@edsiper
network: new function to create UDP socket
c0e8225 
Signed-off-by: Eduardo Silva <eduardo@treasure-data.com>
git001 referenced this issue Jun 15, 2017
@edsiper
in_syslog: new Unix socket UDP mode and 'mode' option
325f140 
This patch implements the following changes:

- New 'mode' option, can take the following values:
  - unix_udp (default)
  - unix_tcp
- Unix socket can listen on UDP or TCP modes

Signed-off-by: Eduardo Silva <eduardo@treasure-data.com>
@edsiper
Copy link
Member

edsiper commented Jun 17, 2017

After latest patches the following modes are available in in_syslog:

  • tcp
  • unix_udp
  • unix_tcp

About parsers:

  • tcp defaults to syslog-rfc5424
  • unix_udp and unix_tcp defaults to syslog-3164-local

additional parser syslog-3164 exists which also does hostname capture

@edsiper
Copy link
Member

edsiper commented Jun 17, 2017

Fixed.

@edsiper edsiper closed this as completed Jun 17, 2017
@zoulja zoulja mentioned this issue Oct 27, 2020
Closed
rawahars pushed a commit to rawahars/fluent-bit that referenced this issue Oct 24, 2022
@AkshayDubey29
monitoring: fix typo on dump-internals-signal.md (fluent#292)
dca3d1d 
Co-authored-by: Akshay Dubey - a0d00qf <Akshay.Dubey@walmartlabs.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@edsiper edsiper

Labels
enhancement Implemented
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@edsiper @git001