Description
I tried to send logs to fluentd by syslog. Fleuntd shows me error:
2024-10-03 15:38:32 +0000 [error]: #0 invalid input data="<14>gunicorn.site.wsgi.application.access: [30] 10.0.0.2 - USER [03/Oct/2024:18:38:32 +0300] \"POST /api/blank/ HTTP/1.0\" 201 292 \"-\" \"Mozilla/5.0\"\x00" error_class=Fluent::TimeParser::TimeParseError error="invalid time format: value = gunicorn.site.wsgi.application.access: [30] 10.0.0.2, error_class = ArgumentError, error = string doesn't match"
I checked format of message and i have found mistake:
- this is exmaple from rfc3164
<165>Aug 24 05:34:00 CST 1987 mymachine myproc[10]: %% It's time to make the do-nuts. %% Ingredients: Mix=OK, Jelly=OK # Devices: Mixer=OK, Jelly_Injector=OK, Frier=OK # Transport: Conveyer1=OK, Conveyer2=OK # %% - this is example from fluend RFC-3164 Pattern
<6>Feb 28 12:00:00 192.168.0.1 fluentd[11111]: [error] Hello! - and this is gunicorn message
<14>gunicorn.site.wsgi.application.access: [30] 10.0.0.2 - USER [03/Oct/2024:18:38:32 +0300] "POST /api/blank/ HTTP/1.0" 201 292 "-" "Mozilla/5.0"
There isn't time and should be gunicorn.site.wsgi.application.access[30]: i think.
There is solution for this problem? I suggest to add timestamp to syslog message and fix tag.
Result:
<14>Oct 03 18:38:32 gunicorn.site.wsgi.application.access[30]: 10.0.0.2 - USER [03/Oct/2024:18:38:32 +0300] "POST /api/blank/ HTTP/1.0" 201 292 "-" "Mozilla/5.0"