SyslogWriter incorrect syslog entries on Linux

Question

SyslogWriter incorrect syslog entries on Linux

Closed this issue 2 years ago · 4 comments

I've created a Syslog Writer instance like this:

flexi_logger::Logger::try_with_env_or_str("debug")
    .unwrap()
    .log_to_writer(
        flexi_logger::writers::SyslogWriter::try_new(
            flexi_logger::writers::SyslogFacility::LocalUse0,
            None,
            flexi_logger::LevelFilter::Debug,
            "mymsgid".to_string(),
            flexi_logger::writers::Syslog::try_datagram("/dev/log").unwrap(),
        )
        .unwrap(),
    )
    .start()
    .unwrap();
log::info!("mylogmsg");

The resulting Syslog output looks like that:

Apr  1 09:54:08 myhostname 1 2022-04-01T09:54:08.509791468+02:00 myhostname target/debug/mybinary 101741 mymsgid- mylogmsg
...
Apr  1 09:54:33 myhostname ntpd[1026]: Soliciting pool server x.x.x.x

As you can see, the sylog message produced by flexi_logger does not correspond to the other messages (eg. ntp as shown) on the system. I am not aware of other implementations, but on Linux (Ubuntu 20.04) the log messages are automatically prefixed with timestamp and hostname, when they don't have a timestamp and hostname (the format is probably not recognized here). see: https://datatracker.ietf.org/doc/html/rfc3164#section-4.2

I've just became aware of at least two syslog rfc:

BSD: https://datatracker.ietf.org/doc/html/rfc3164
IETF: https://datatracker.ietf.org/doc/html/rfc5424
Seems like SyslogWriter adheres to rfc5424. Any possibility to also support rfc3164? Seems like almost everything would already be there actually.

How would I use SyslogWriter with a custom log format as a workaround. Since I'm new to rust this is not obvious to me, sorry.

Answer 1 · 2022-04-22T11:23:36.000Z

Hi, could you please try out the version in branch syslog_rfc_3164 ?
The SysLogWriter there has an additional factory method, try_new_bsd, which should do what you need.

Answer 2 · 2022-05-03T08:58:45.000Z

Hi "emabee", thank you so much for your work, and sorry for not coming back to this earlier. I have now tested your change and it is almost there. To take the same example as above I now get this:

May  3 10:46:15 myhostname myhostname target/debug/mybinary mylogmsg
...
May  3 10:46:17 myhostname ntpd[989]: Soliciting pool server x.x.x.x

I've again included the ntp log line for comparison.

So:

the hostname still appears twiche, it should not be written by flexi_logger, the system already inserts it
It would be nice if the "[pid]:" could be appended to the binary

Thats all an thanks again.
Grüsse aus der Schweiz, Marc

Answer 3 · 2022-05-03T09:32:00.000Z

I have forked your repo and changed my requests above myself: mbodmer@f10f73c

I'm not sure however, how I could contribute this using gh. Should I open a PR, even when it's actually your branch?

Answer 4 · 2022-06-03T17:54:46.000Z

Fixed with 0.22.4