Vector overwrites the log_type when writing a message to syslog that includes its own log_type field in RHOL

Solution Verified - Updated -

Issue

  • A log message produced by an application that contains log_type: openshift_audit is labelled by the collector as audit log type instead of application
  • Log messages forwarded to syslog by Vector are incorrectly forwarded as audit_log messages when original log line includes a log_type field
  • When a log produced contains the log_type field in the message, the log_type from the original log overwrites the expected log_type value that the Vector collector sets

Environment

  • Red Hat OpenShift Container Platform (RHOCP) 4
  • Red Hat OpenShift Logging (RHOL)
    • 5.8.19 and higher
    • 5.9.12 and higher
    • 6.0
    • 6.1
    • 6.2
    • 6.3
  • Vector configured to forward logs to syslog

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content