-
Notifications
You must be signed in to change notification settings - Fork 3.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
promtail/targets/syslog: Enable best effort parsing for Syslog messages #5409
Conversation
I really need this merged. The current syslog parser is extremely picky. Thanks for this @ldb |
@stephenafamo just to be clear, this PR does not change the parser to accept malformed messages. It just makes it so that a malformed Syslog message does not close the underlying transport anymore. Malformed messages will still not be passed to Loki in this way. |
I would try to test this by myself, but my issue was that the syslog messages generated by the
I am not sure I have an easy way to test your changes, but I'd like to see if the best-effort parsing is more usable -- at least with |
There is no mention about |
Sadly I couldn't find a maintained alternative. Any suggestions would be welcome. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This LGTM and seems low risk, thanks for the contribution!
@slim-bean I did not add this to the CHANGELOG.md yet. Is this something I should update this branch for and make a new PR or what would be the best way? |
Update: Tried with these changes, still rejects the logs from the standard library's |
What this PR does / why we need it:
This change enables best effort parsing for Syslog messages in the Syslog target within Promtail.
Right now, a malformed message will stop the syslog parser. However, the criteria for a message to be considered "valid" is very low.
By using the best effort option, a malformed or partially parsed message will not stop the parsing loop anymore, which otherwise would eventually close the TCP connection.
Parsing errors will still be logged and tracked in metrics.
Malformed messages will not be passed back to Promtail.
Which issue(s) this PR fixes:
Fixes #5395
Fixes #4270
Also presumably:
Fixes #4871
Fixes #4808
Special notes for your reviewer:
Just checked this in our setup and was able to verify that this change indeed fixes TCP connection problems in Rsyslog (with error -2027).
Checklist
CHANGELOG.md
about the changes.