You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have Fluent Bit (aws-for-fluent-bit:2.28.4) deployed as DaemonSet in AWS EKS, with the following pipeline:
[SERVICE]
Parsers_File /fluent-bit/parsers/parsers.conf
[INPUT]
Name syslog
Tag prod_syslog
Parser syslog-rfc3164
Listen 0.0.0.0
Port 5140
Mode tcp
[OUTPUT]
Name cloudwatch_logs
Match prod_syslog
region eu-west-1
log_group_name prod-eks-syslog
log_stream_name syslog-messages
log_retention_days 30
auto_create_group true
The pipeline above is configuring Fluent Bit to listen to syslog messages from ANY IP address in port TCP:5140, to be parsed with RFC 3164 syslog protocol.
And to save the received syslog messages, in an AWS CloudWatch Log Group named: "prod-eks-syslog".
I can confirm that Fluent Bit is acknowledging syslog messages,
But for some reason, no syslog messages is being written to the AWS CloudWatch Log Group.
While troubleshooting the problem, I've noticed the following errors in the Fluent Bit pod logs:
[2024/10/28 10:25:55] [ warn] [input:syslog:syslog.0] error parsing log message with parser 'syslog-rfc3164
[2024/10/28 10:25:55] [ warn] [parser:syslog-rfc3164] invalid time format %b %d %H:%M:%S for ' Oct 28'
[2024/10/28 10:25:56] [ info] [output:cloudwatch_logs:cloudwatch_logs.0] Creating log stream syslog-messages in log group prod-eks-syslog
I understand from the errors above, that the parser expects a valid time format, but I don't understand why.
As the application that sends the actual syslog messages, it also works with the RFC 3164 syslog protocol.
How can i continue troubleshooting this problem?
Are there any Kubectl or Fluent-Bit/Logger commands, to inspect the incoming syslog-messages before they are being ingested to the Pipeline?
The text was updated successfully, but these errors were encountered:
I have Fluent Bit (aws-for-fluent-bit:2.28.4) deployed as DaemonSet in AWS EKS, with the following pipeline:
The pipeline above is configuring Fluent Bit to listen to syslog messages from ANY IP address in port TCP:5140, to be parsed with RFC 3164 syslog protocol.
And to save the received syslog messages, in an AWS CloudWatch Log Group named: "prod-eks-syslog".
I can confirm that Fluent Bit is acknowledging syslog messages,
But for some reason, no syslog messages is being written to the AWS CloudWatch Log Group.
While troubleshooting the problem, I've noticed the following errors in the Fluent Bit pod logs:
I understand from the errors above, that the parser expects a valid time format, but I don't understand why.
As the application that sends the actual syslog messages, it also works with the RFC 3164 syslog protocol.
How can i continue troubleshooting this problem?
Are there any Kubectl or Fluent-Bit/Logger commands, to inspect the incoming syslog-messages before they are being ingested to the Pipeline?
The text was updated successfully, but these errors were encountered: