External Syslog Server does not recieve logs when REMOTE_SYSLOG_USE_RECORD is "true"
Environment
- OpenShift Container Platform
- Fluentd
Issue
- When configuring a logging-fluentd DaemonSet, or a fluent-plugin-remote-syslog, we need to set environment variables (rules) in order for the syslog server to receive those logs properly, and ensure the proper logs are sent.
- The server does not receive any logs when REMOTE_SYSLOG_USE_RECORD is set to "true" while the REMOTE_SYSLOG_PAYLOAD_KEY is set to "message."
Resolution
- Set the REMOTE_SYSLOG_USE_RECORD to "false," or customize the REMOTE_SYSLOG_SEVERITY and REMOTE_SYSLOG_FACILITY.
Root Cause
- The REMOTE_SYSLOG_USE_RECORD, when set to "true," will use the SEVERITY and FACILITY fields to set on the syslog message:
- name: REMOTE_SYSLOG_SEVERITY
value: debug
- name: REMOTE_SYSLOG_FACILITY
value: local0
- The server is not recieving logs because there are no longs with severity "debug" or facility "local0."
- For more details on these environment variables and what they mean, see the official OpenShift documentation.
Diagnostic Steps
- Configure External Syslog Server forwarding in Fluentd.
- Set the REMOTE_SYSLOG_USE_RECORD to "true," and leave the rest of the environment variables as default.
- Observe the logs that populate the External Syslog Server.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments