Search code examples
google-cloud-platformsyslogrsysloggoogle-cloud-logginggoogle-cloud-stackdriver

Stackdriver Logging - Log severity levels not reported/received when sent via syslog

It appears that log severity is not being passed to Google Cloud Logging platform via fluentd agent, to reproduce you can try:

Bash:

logger -p user.crit "My log"

or PHP:

php -r "syslog(LOG_CRIT,'My log');"

or Python:

import syslog

syslog.syslog(syslog.LOG_ERR, 'My log')

things are getting passed to Google Logs Viewer as below:

enter image description here

but severity is not being sent across, any ideas why would that be?

Solution

  • OK, managed to find the solution, here you go:

    1. update your syslog output format under /etc/rsyslog.conf to the following:

      $template googlelogger,"%syslogseverity-text% %timegenerated% %HOSTNAME% %syslogtag% %msg%\n"
$ActionFileDefaultTemplate googlelogger

    2. then update /etc/google-fluentd/config.d/syslog.conf template format:

      format /^(?<severity>[a-zA-Z]*) (?<time>[^ ]*\s*[^ ]* [^ ]*) (?<host>[^ ]*) (?<service>[a-zA-Z0-9_\/\.\-]*): *(?<message>.*)$/
time_format %b %d %H:%M:%S

    make sure to restart both rsyslog and google-fluentd after that severity will be sent to Google Cloud Logging